URL:
https://github.com/SSSD/sssd/pull/85
Title: #85: SYSDB: Removing of sysdb_try_to_find_expected_dn()
celestian commented:
"""
I pushed new version. Let me update the situation:
There are three commits:
```
[1] SYSDB: Removing of sysdb_try_to_find_expected_dn()
[2] TEST: create_multidom_test_ctx() extending
[3] TESTS: Tests for sdap_search_initgr_user_in_batch
```
The patch [1] is refactor which is requested by
https://fedorahosted.org/sssd/ticket/3230.
The patch [2] extends function create_multidom_test_ctx(). We need different search bases
so there is array of params instead of one set of params.
The patch [3] adds tests for [1]. The core of [1] is new function
sdap_search_initgr_user_in_batch() which calls sdap_object_in_domain() internally. We can
see three tests in [3]:
```
a) test_user_is_on_batch
b) test_user_is_from_subdomain
c) test_user_is_from_another_domain
```
The tests a), b) works how expected. The test c) doesn't work. I am afraid we have bug
on
https://github.com/SSSD/sssd/blob/master/src/providers/ldap/sdap.c#L1695
In my opinion, there should be:
```
sdmatch = sdap_domain_get_by_dn(opts, original_dn);
if (sdmatch == NULL) {
DEBUG(SSSDBG_FUNC_DATA,
"The group has no original DN, assuming our domain\n");
return false;
}
```
What do you think about it, @jhrozek? Or anybody else?
"""
See the full comment at
https://github.com/SSSD/sssd/pull/85#issuecomment-272900707