|
 |
ba46c7 |
From ba999074cab9ae43c636a0ae9dfa870bfcda215f Mon Sep 17 00:00:00 2001
|
|
|
ba46c7 |
From: Noriko Hosoi <nhosoi@redhat.com>
|
|
|
ba46c7 |
Date: Tue, 20 Aug 2013 14:09:26 -0700
|
|
|
ba46c7 |
Subject: [PATCH 1/2] Ticket #47488 - Users from AD sub OU does not sync to IPA
|
|
|
ba46c7 |
|
|
|
ba46c7 |
Bug description: When processing a DN from AD, the DN is passed to
|
|
|
ba46c7 |
a helper function is_subject_of_agreement_remote (windows_protocol_
|
|
|
ba46c7 |
util.c) to check if the DN is a subject of the sync service or not.
|
|
|
ba46c7 |
The helper function was checking if the AD DN is just one-level
|
|
|
ba46c7 |
child of the agreement subtree top (nsds7WindowsReplicaSubtree) but
|
|
|
ba46c7 |
not the subtree-level descendents. Note: the DN is an original one
|
|
|
ba46c7 |
in AD, which has not be flattened yet. Therefore, the AD entry was
|
|
|
ba46c7 |
determined not to be synchronized.
|
|
|
ba46c7 |
|
|
|
ba46c7 |
Fix description: This bug was fixed in the master tree with the
|
|
|
ba46c7 |
ticket #521 - modrdn + NSMMReplicationPlugin - Consumer failed to
|
|
|
ba46c7 |
replay change.
|
|
|
ba46c7 |
3) is_subject_of_agreement_remote (windows_protocol_util.c):
|
|
|
ba46c7 |
When checking if the entry was in the subtree defined in the
|
|
|
ba46c7 |
agreement or not, it returned true only if the entry is a
|
|
|
ba46c7 |
direct child of the agreement subtree top. This patch returns
|
|
|
ba46c7 |
true if the entry is the further descendent of the subtree.
|
|
|
ba46c7 |
The fix is back ported to 389-ds-base-1.3.1 branch.
|
|
|
ba46c7 |
|
|
|
ba46c7 |
Reviewed by Rich (Thank you!!)
|
|
|
ba46c7 |
|
|
|
ba46c7 |
https://fedorahosted.org/389/ticket/47488
|
|
|
ba46c7 |
(cherry picked from commit 529a544a2fe9961d9286e191346fb5faca27d38b)
|
|
|
ba46c7 |
---
|
|
|
ba46c7 |
ldap/servers/plugins/replication/windows_protocol_util.c | 10 ++++++++--
|
|
|
ba46c7 |
1 file changed, 8 insertions(+), 2 deletions(-)
|
|
|
ba46c7 |
|
|
|
ba46c7 |
diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
|
|
|
ba46c7 |
index 964566a..730d9a6 100644
|
|
|
ba46c7 |
--- a/ldap/servers/plugins/replication/windows_protocol_util.c
|
|
|
ba46c7 |
+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
|
|
|
ba46c7 |
@@ -3950,7 +3950,12 @@ error:
|
|
|
ba46c7 |
return retval;
|
|
|
ba46c7 |
}
|
|
|
ba46c7 |
|
|
|
ba46c7 |
-/* Tests if the entry is subject to our agreement (i.e. is it in the sync'ed subtree in AD and either a user or a group ?) */
|
|
|
ba46c7 |
+/*
|
|
|
ba46c7 |
+ * Tests if the entry is subject to our agreement
|
|
|
ba46c7 |
+ * (i.e. is it in the sync'ed subtree in AD and either a user or a group ?)
|
|
|
ba46c7 |
+ * return value: 1 -- it is subject to the agreement
|
|
|
ba46c7 |
+ * 0 -- out of scope
|
|
|
ba46c7 |
+ */
|
|
|
ba46c7 |
static int
|
|
|
ba46c7 |
is_subject_of_agreement_remote(Slapi_Entry *e, const Repl_Agmt *ra)
|
|
|
ba46c7 |
{
|
|
|
ba46c7 |
@@ -3981,7 +3986,8 @@ is_subject_of_agreement_remote(Slapi_Entry *e, const Repl_Agmt *ra)
|
|
|
ba46c7 |
* 'e' as out of scope.
|
|
|
ba46c7 |
*/
|
|
|
ba46c7 |
slapi_sdn_get_parent(sdn, &psdn);
|
|
|
ba46c7 |
- if (0 == slapi_sdn_compare(&psdn, agreement_subtree)) {
|
|
|
ba46c7 |
+ if (slapi_sdn_issuffix(&psdn, agreement_subtree)) {
|
|
|
ba46c7 |
+ /* parent is in agreement_subtree. */
|
|
|
ba46c7 |
retval = 1;
|
|
|
ba46c7 |
} else {
|
|
|
ba46c7 |
/* If parent entry is not local, the entry is out of scope */
|
|
|
ba46c7 |
--
|
|
|
ba46c7 |
1.8.1.4
|
|
|
ba46c7 |
|