rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0075-sdap-always-create-sdap-object-for-a-forest-root.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   5ddef62b37609f4521b505c149088fab6ba1b66d
  2.   SOURCES
  3.   0075-sdap-always-create-sdap-object-for-a-forest-root.patch
Blob History Raw
73eb8e 
From 46b194196749d4ea77d5d4e6bdd64d7c0996b105 Mon Sep 17 00:00:00 2001
73eb8e 
From: Sumit Bose <sbose@redhat.com>
73eb8e 
Date: Tue, 31 Aug 2021 12:59:15 +0200
73eb8e 
Subject: [PATCH] sdap: always create sdap object for a forest root
73eb8e 
MIME-Version: 1.0
73eb8e 
Content-Type: text/plain; charset=UTF-8
73eb8e 
Content-Transfer-Encoding: 8bit
73eb8e
73eb8e 
Even if the forest root is disabled for user and group lookups a sdap
73eb8e 
object is needed to lookup trusted domains.
73eb8e
73eb8e 
This already works if the forest root is discovered for the first time
73eb8e 
at runtime. But if SSSD is restarted only the domain object but not the
73eb8e 
sdap object is created.
73eb8e
73eb8e 
Resolves: https://github.com/SSSD/sssd/issues/5770
73eb8e
73eb8e 
:fixes: Even if the forest root is disabled for lookups all required
73eb8e 
  internal data is initialized to be able to refresh the list of trusted
73eb8e 
  domains in the forest from a DC of the forest root.
73eb8e
73eb8e 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
73eb8e 
(cherry picked from commit 2a617c0efc07d10efc0688652bfe7ab2d8d6f477)
73eb8e 
---
73eb8e 
 src/providers/ldap/sdap_domain.c | 12 ++++++++++--
73eb8e 
 1 file changed, 10 insertions(+), 2 deletions(-)
73eb8e
73eb8e 
diff --git a/src/providers/ldap/sdap_domain.c b/src/providers/ldap/sdap_domain.c
73eb8e 
index d384b2e4a..fa6e9340d 100644
73eb8e 
--- a/src/providers/ldap/sdap_domain.c
73eb8e 
+++ b/src/providers/ldap/sdap_domain.c
73eb8e 
@@ -132,9 +132,17 @@ sdap_domain_subdom_add(struct sdap_id_ctx *sdap_id_ctx,
73eb8e 
     struct sdap_domain *sdom, *sditer;
73eb8e 
     errno_t ret;
73eb8e
73eb8e 
-    for (dom = get_next_domain(parent, SSS_GND_DESCEND);
73eb8e 
+    for (dom = get_next_domain(parent, SSS_GND_DESCEND|SSS_GND_INCLUDE_DISABLED);
73eb8e 
          dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
73eb8e 
-         dom = get_next_domain(dom, 0)) {
73eb8e 
+         dom = get_next_domain(dom, SSS_GND_INCLUDE_DISABLED)) {
73eb8e 
+
73eb8e 
+        /* Always create sdap domain object for the forest root, even if it is
73eb8e 
+         * disabled so that we can connect later to discover trusted domains
73eb8e 
+         * in the forest. */
73eb8e 
+        if (sss_domain_get_state(dom) == DOM_DISABLED
73eb8e 
+                && !sss_domain_is_forest_root(dom)) {
73eb8e 
+            continue;
73eb8e 
+        }
73eb8e
73eb8e 
         DLIST_FOR_EACH(sditer, sdom_list) {
73eb8e 
             if (sditer->dom == dom) {
73eb8e 
--
73eb8e 
2.26.3
73eb8e

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation