|
 |
ced1f5 |
From e67f94d854ef125626294771473a1204726eeba4 Mon Sep 17 00:00:00 2001
|
|
|
ced1f5 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
ced1f5 |
Date: Mon, 15 Jan 2018 22:11:24 +0100
|
|
|
ced1f5 |
Subject: [PATCH 93/96] AD: Inherit the MPG setting from the main domain
|
|
|
ced1f5 |
MIME-Version: 1.0
|
|
|
ced1f5 |
Content-Type: text/plain; charset=UTF-8
|
|
|
ced1f5 |
Content-Transfer-Encoding: 8bit
|
|
|
ced1f5 |
|
|
|
ced1f5 |
If the auto_private_groups option was set in the domain section for
|
|
|
ced1f5 |
direct integration, it only had an effect on the joined domain, not any
|
|
|
ced1f5 |
of the subdomains, so requesting a user from the child domain would look
|
|
|
ced1f5 |
like this:
|
|
|
ced1f5 |
$ id childuser@child.win.trust.test
|
|
|
ced1f5 |
uid=30000(childuser@child.win.trust.test) gid=40000(usergroup@child.win.trust.test) groups=40000(usergroup@child.win.trust.test)
|
|
|
ced1f5 |
The expected result, visible after this patch is:
|
|
|
ced1f5 |
$ id childuser@child.win.trust.test
|
|
|
ced1f5 |
uid=30000(childuser@child.win.trust.test) gid=30000(childuser@child.win.trust.test) groups=30000(childuser@child.win.trust.test),40000(usergroup@child.win.trust.test)
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Resolves:
|
|
|
ced1f5 |
https://pagure.io/SSSD/sssd/issue/3613
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
|
|
|
ced1f5 |
(cherry picked from commit 29ebf45f96b13590ae76a19c7c16c53f172e4ae4)
|
|
|
ced1f5 |
---
|
|
|
ced1f5 |
src/providers/ad/ad_subdomains.c | 7 +++++++
|
|
|
ced1f5 |
1 file changed, 7 insertions(+)
|
|
|
ced1f5 |
|
|
|
ced1f5 |
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
|
|
|
ced1f5 |
index 3fb9b950f171d85817cce35ac92ad7c4974ccb68..1b9483a5dce937d6acdd813486a1e8c18210d35f 100644
|
|
|
ced1f5 |
--- a/src/providers/ad/ad_subdomains.c
|
|
|
ced1f5 |
+++ b/src/providers/ad/ad_subdomains.c
|
|
|
ced1f5 |
@@ -391,6 +391,13 @@ ad_subdom_store(struct sdap_idmap_ctx *idmap_ctx,
|
|
|
ced1f5 |
}
|
|
|
ced1f5 |
|
|
|
ced1f5 |
mpg = sdap_idmap_domain_has_algorithmic_mapping(idmap_ctx, name, sid_str);
|
|
|
ced1f5 |
+ if (mpg == false) {
|
|
|
ced1f5 |
+ /* Domains that use the POSIX attributes set by the admin must
|
|
|
ced1f5 |
+ * inherit the MPG setting from the parent domain so that the
|
|
|
ced1f5 |
+ * auto_private_groups options works for trusted domains as well
|
|
|
ced1f5 |
+ */
|
|
|
ced1f5 |
+ mpg = domain->mpg;
|
|
|
ced1f5 |
+ }
|
|
|
ced1f5 |
|
|
|
ced1f5 |
ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, sid_str,
|
|
|
ced1f5 |
mpg, enumerate, domain->forest, 0, NULL);
|
|
|
ced1f5 |
--
|
|
|
ced1f5 |
2.14.3
|
|
|
ced1f5 |
|