From 3a91d8a5e0141e800bcbbd3d628675a0219000f0 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 6 Aug 2013 12:17:39 +0200 Subject: [PATCH 2/4] sdap_add_incomplete_groups: use fully qualified name if needed For subdomains the group names must be expanded to fully qualified names to be able to find existing groups or properly add new ones. --- src/providers/ldap/sdap_async_initgroups.c | 18 ++++++++++++++---- 1 files changed, 14 insertions(+), 4 deletions(-) diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 02158a6..513de27 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -50,6 +50,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, time_t now; char *sid_str; bool use_id_mapping; + char *tmp_name; /* There are no groups in LDAP but we should add user to groups ?? */ if (ldap_groups_count == 0) return EOK; @@ -65,14 +66,23 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, mi = 0; for (i=0; groupnames[i]; i++) { + tmp_name = sss_get_domain_name(tmp_ctx, groupnames[i], domain); + if (tmp_name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + ("Failed to format original name [%s]\n", groupnames[i])); + ret = ENOMEM; + goto done; + } + ret = sysdb_search_group_by_name(tmp_ctx, sysdb, domain, - groupnames[i], NULL, &msg); + tmp_name, NULL, &msg); if (ret == EOK) { continue; } else if (ret == ENOENT) { - DEBUG(7, ("Group #%d [%s] is not cached, need to add a fake entry\n", - i, groupnames[i])); - missing[mi] = groupnames[i]; + missing[mi] = talloc_steal(missing, tmp_name); + DEBUG(7, ("Group #%d [%s][%s] is not cached, " \ + "need to add a fake entry\n", + i, groupnames[i], missing[mi])); mi++; continue; } else if (ret != ENOENT) { -- 1.7.7.6