Yes, you are missing the rest of the patch :-)
errno = 0; strtouint32(vals[0]->bv_val, &endptr, 10); if (errno || *endptr || (vals[0]->bv_val == endptr)) { - DEBUG(SSSDBG_OP_FAILURE, + DEBUG(SSSDBG_MINOR_FAILURE, "POSIX attribute is not a number: %s\n", vals[0]->bv_val); - goto done; }
We do not require attribute to be a positive number, we just warn about that. But not to make it too relaxed we added check on objectclass.
----- Original Message ----- From: "Pavel Březina" pbrezina@redhat.com To: sssd-devel@lists.fedorahosted.org Sent: Wednesday, September 23, 2015 9:26:53 PM Subject: Re: [SSSD] [PATCH] SDAP: Relax POSIX check
On 09/22/2015 03:03 PM, Pavel Reichl wrote:
Hello,
please see attached patch.
Thanks!
Hi,
- state->filter = talloc_asprintf(state, "(|(%s=*)(%s=*))",
- state->filter = talloc_asprintf(state,
"(|(&(%s=*)(objectclass=%s))(&(%s=*)(objectclass=%s)))", opts->user_map[SDAP_AT_USER_UID].name,
opts->group_map[SDAP_AT_GROUP_GID].name);
opts->user_map[SDAP_OC_USER].name,opts->group_map[SDAP_AT_GROUP_GID].name,opts->group_map[SDAP_OC_GROUP].name);
I don't understand, how it got relaxed? The original filter already tests only for presence of uid or gid. Or am I missing something?
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel