|
 |
96eb28 |
From 8bbee851484f7fa51af542ed2757e2eea36bf535 Mon Sep 17 00:00:00 2001
|
|
|
96eb28 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
96eb28 |
Date: Tue, 29 May 2018 15:44:28 +0200
|
|
|
96eb28 |
Subject: [PATCH] ipa: allow mpg group objects in apply_subdomain_homedir()
|
|
|
96eb28 |
|
|
|
96eb28 |
Since with algorithmic id-mapping SSSD automatically creates user
|
|
|
96eb28 |
private groups for AD user with the help of magic private groups (mpg)
|
|
|
96eb28 |
apply_subdomain_homedir() should be aware the in mpg domains a group
|
|
|
96eb28 |
lookup might actually return a user object. Since the related sysdb
|
|
|
96eb28 |
calls are clever and replace the objectcategory so that it matches the
|
|
|
96eb28 |
original request type we have to check for the group category in the mpg
|
|
|
96eb28 |
case as well. apply_subdomain_homedir() checks the uidNumber later as
|
|
|
96eb28 |
well to make sure the object has the needed attributes for a user.
|
|
|
96eb28 |
|
|
|
96eb28 |
Related to https://pagure.io/SSSD/sssd/issue/3748
|
|
|
96eb28 |
|
|
|
96eb28 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
96eb28 |
(cherry picked from commit e66517dcf63f1d4aaf866c22371dac7740ce0a48)
|
|
|
96eb28 |
---
|
|
|
96eb28 |
src/providers/ipa/ipa_subdomains_id.c | 9 ++++++++-
|
|
|
96eb28 |
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
96eb28 |
|
|
|
96eb28 |
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
|
|
|
96eb28 |
index 3943579b07c7b2d32dde192b97b86eb036b91885..c2064d33029a27a2c5d4b5344034ce90f8e746b8 100644
|
|
|
96eb28 |
--- a/src/providers/ipa/ipa_subdomains_id.c
|
|
|
96eb28 |
+++ b/src/providers/ipa/ipa_subdomains_id.c
|
|
|
96eb28 |
@@ -895,9 +895,16 @@ apply_subdomain_homedir(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,
|
|
|
96eb28 |
goto done;
|
|
|
96eb28 |
}
|
|
|
96eb28 |
|
|
|
96eb28 |
+ /* The object is a user if SYSDB_OBJECTCATEGORY is SYSDB_USER_CLASS or in
|
|
|
96eb28 |
+ * case of a MPG group lookup if SYSDB_OBJECTCATEGORY is SYSDB_GROUP_CLASS.
|
|
|
96eb28 |
+ */
|
|
|
96eb28 |
for (c = 0; c < msg_el->num_values; c++) {
|
|
|
96eb28 |
if (strncmp(SYSDB_USER_CLASS, (const char *)msg_el->values[c].data,
|
|
|
96eb28 |
- msg_el->values[c].length) == 0) {
|
|
|
96eb28 |
+ msg_el->values[c].length) == 0
|
|
|
96eb28 |
+ || (dom->mpg
|
|
|
96eb28 |
+ && strncmp(SYSDB_GROUP_CLASS,
|
|
|
96eb28 |
+ (const char *)msg_el->values[c].data,
|
|
|
96eb28 |
+ msg_el->values[c].length) == 0)) {
|
|
|
96eb28 |
break;
|
|
|
96eb28 |
}
|
|
|
96eb28 |
}
|
|
|
96eb28 |
--
|
|
|
96eb28 |
2.14.4
|
|
|
96eb28 |
|