From 53554c55a75477b0ea719b845ff1660ac1a2ec82 Mon Sep 17 00:00:00 2001

From: Lukas Slebodnik <lslebodn@redhat.com>

Date: Fri, 24 Jan 2014 17:03:27 +0100

Subject: [PATCH 74/75] LDAP: store group if subdomain cannot be found by sid

Domain needn't contain sid if id_provider is ldap.

With enabled id mapping, group couldn't be stored, because domain

couldn't be found by sid.

Resolves:

https://fedorahosted.org/sssd/ticket/2172

---

 src/providers/ldap/sdap_async_groups.c | 10 ++++++----

 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c

index 4ed7d4ab9c0c932da49b244f061329a334719159..ab3691f80aaecca988dcbf0877491a37af3ae49b 100644

--- a/src/providers/ldap/sdap_async_groups.c

+++ b/src/providers/ldap/sdap_async_groups.c

@@ -452,6 +452,7 @@ static int sdap_save_group(TALLOC_CTX *memctx,

     bool posix_group;

     bool use_id_mapping;

     char *sid_str;

+    struct sss_domain_info *subdomain;

     int32_t ad_group_type;

     tmpctx = talloc_new(NULL);

@@ -490,11 +491,12 @@ static int sdap_save_group(TALLOC_CTX *memctx,

     /* If this object has a SID available, we will determine the correct

      * domain by its SID. */

     if (sid_str != NULL) {

-        dom = find_subdomain_by_sid(get_domains_head(dom), sid_str);

-        if (dom == NULL) {

-            DEBUG(SSSDBG_OP_FAILURE, ("SID %s does not belong to any known "

+        subdomain = find_subdomain_by_sid(get_domains_head(dom), sid_str);

+        if (subdomain) {

+            dom = subdomain;

+        } else {

+            DEBUG(SSSDBG_TRACE_FUNC, ("SID %s does not belong to any known "

                                       "domain\n", sid_str));

-            return ERR_DOMAIN_NOT_FOUND;

         }

     }

-- 

1.8.4.2