7bddea6c90
Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4
89 lines
3.6 KiB
Diff
89 lines
3.6 KiB
Diff
From 337dd8a87cd774ac20d15c16ec3d9a6c4d2defc7 Mon Sep 17 00:00:00 2001
|
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
Date: Tue, 18 Apr 2017 11:47:30 +0200
|
|
Subject: [PATCH 125/135] IPA: Use search bases instead of domain_to_basedn
|
|
when fetching external groups
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Instead of deriving the search base from the IPA domain name, actually
|
|
use the search base from the sdap_domain structure.
|
|
|
|
This has primarily the advantage of not matching groups in the compat
|
|
tree.
|
|
|
|
Resolves:
|
|
https://pagure.io/SSSD/sssd/issue/3378
|
|
|
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
---
|
|
src/providers/ipa/ipa_subdomains_ext_groups.c | 30 ++++++++++++---------------
|
|
1 file changed, 13 insertions(+), 17 deletions(-)
|
|
|
|
diff --git a/src/providers/ipa/ipa_subdomains_ext_groups.c b/src/providers/ipa/ipa_subdomains_ext_groups.c
|
|
index d5727cc46eb9834abeab1d15cada692f81754b2e..505d89a51423489a5e2c0e09c9aa49d93c15231b 100644
|
|
--- a/src/providers/ipa/ipa_subdomains_ext_groups.c
|
|
+++ b/src/providers/ipa/ipa_subdomains_ext_groups.c
|
|
@@ -27,6 +27,7 @@
|
|
#include "db/sysdb.h"
|
|
#include "providers/ldap/ldap_common.h"
|
|
#include "providers/ldap/sdap_async.h"
|
|
+#include "providers/ldap/sdap_ops.h"
|
|
#include "providers/ipa/ipa_id.h"
|
|
#include "providers/ad/ad_id.h"
|
|
#include "providers/ipa/ipa_subdomains.h"
|
|
@@ -529,7 +530,6 @@ static void ipa_get_ad_memberships_connect_done(struct tevent_req *subreq)
|
|
struct get_ad_membership_state *state = tevent_req_data(req,
|
|
struct get_ad_membership_state);
|
|
int ret;
|
|
- char *basedn;
|
|
|
|
ret = sdap_id_op_connect_recv(subreq, &state->dp_error);
|
|
talloc_zfree(subreq);
|
|
@@ -546,20 +546,14 @@ static void ipa_get_ad_memberships_connect_done(struct tevent_req *subreq)
|
|
goto fail;
|
|
}
|
|
|
|
-
|
|
- ret = domain_to_basedn(state, state->domain, &basedn);
|
|
- if (ret != EOK) {
|
|
- DEBUG(SSSDBG_OP_FAILURE, "domain_to_basedn failed.\n");
|
|
- goto fail;
|
|
- }
|
|
-
|
|
- subreq = sdap_get_generic_send(state, state->ev, state->sdap_id_ctx->opts,
|
|
- sdap_id_op_handle(state->sdap_op), basedn,
|
|
- LDAP_SCOPE_SUBTREE,
|
|
- IPA_EXT_GROUPS_FILTER, NULL, NULL, 0,
|
|
- dp_opt_get_int(state->sdap_id_ctx->opts->basic,
|
|
- SDAP_ENUM_SEARCH_TIMEOUT),
|
|
- false);
|
|
+ subreq = sdap_search_bases_send(state, state->ev, state->sdap_id_ctx->opts,
|
|
+ sdap_id_op_handle(state->sdap_op),
|
|
+ state->sdap_id_ctx->opts->sdom->group_search_bases,
|
|
+ NULL, false,
|
|
+ dp_opt_get_int(state->sdap_id_ctx->opts->basic,
|
|
+ SDAP_ENUM_SEARCH_TIMEOUT),
|
|
+ IPA_EXT_GROUPS_FILTER,
|
|
+ NULL);
|
|
if (subreq == NULL) {
|
|
DEBUG(SSSDBG_OP_FAILURE, "sdap_get_generic_send failed.\n");
|
|
ret = ENOMEM;
|
|
@@ -583,8 +577,10 @@ static void ipa_get_ext_groups_done(struct tevent_req *subreq)
|
|
int ret;
|
|
hash_table_t *ext_group_hash;
|
|
|
|
- ret = sdap_get_generic_recv(subreq, state,
|
|
- &state->reply_count, &state->reply);
|
|
+ ret = sdap_search_bases_recv(subreq,
|
|
+ state,
|
|
+ &state->reply_count,
|
|
+ &state->reply);
|
|
talloc_zfree(subreq);
|
|
if (ret != EOK) {
|
|
DEBUG(SSSDBG_OP_FAILURE, "ipa_get_ext_groups request failed.\n");
|
|
--
|
|
2.12.2
|
|
|