From 8bbee851484f7fa51af542ed2757e2eea36bf535 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 29 May 2018 15:44:28 +0200
Subject: [PATCH] ipa: allow mpg group objects in apply_subdomain_homedir()
Since with algorithmic id-mapping SSSD automatically creates user
private groups for AD user with the help of magic private groups (mpg)
apply_subdomain_homedir() should be aware the in mpg domains a group
lookup might actually return a user object. Since the related sysdb
calls are clever and replace the objectcategory so that it matches the
original request type we have to check for the group category in the mpg
case as well. apply_subdomain_homedir() checks the uidNumber later as
well to make sure the object has the needed attributes for a user.
Related to https://pagure.io/SSSD/sssd/issue/3748
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit e66517dcf63f1d4aaf866c22371dac7740ce0a48)
---
src/providers/ipa/ipa_subdomains_id.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
index 3943579b07c7b2d32dde192b97b86eb036b91885..c2064d33029a27a2c5d4b5344034ce90f8e746b8 100644
--- a/src/providers/ipa/ipa_subdomains_id.c
+++ b/src/providers/ipa/ipa_subdomains_id.c
@@ -895,9 +895,16 @@ apply_subdomain_homedir(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,
goto done;
}
+ /* The object is a user if SYSDB_OBJECTCATEGORY is SYSDB_USER_CLASS or in
+ * case of a MPG group lookup if SYSDB_OBJECTCATEGORY is SYSDB_GROUP_CLASS.
+ */
for (c = 0; c < msg_el->num_values; c++) {
if (strncmp(SYSDB_USER_CLASS, (const char *)msg_el->values[c].data,
- msg_el->values[c].length) == 0) {
+ msg_el->values[c].length) == 0
+ || (dom->mpg
+ && strncmp(SYSDB_GROUP_CLASS,
+ (const char *)msg_el->values[c].data,
+ msg_el->values[c].length) == 0)) {
break;
}
}
--
2.14.4