From 9a7c044dcd17b23127ddda25ff9cddc9c67fe4ca Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>

Date: Mon, 19 Mar 2018 12:47:17 +0100

Subject: [PATCH] memberof: keep memberOf attribute for nested member

If we have a member that is both direct and nested member,

memberOf attribute was removed if the direct membership

was deleted.

1)

user ----------> groupB -> groupC

     -> groupA /

2)

user -> groupA -> groupB -> groupC

If we remove user->groupB from 1), we get 2) but groupB was still

removed from user memberOf attribute.

Resolves:

https://pagure.io/SSSD/sssd/issue/3636

Reviewed-by: Sumit Bose <sbose@redhat.com>

(cherry picked from commit 1f5d139d103328b6e4be7dc8368abdd39a91d3a6)

Reviewed-by: Sumit Bose <sbose@redhat.com>

---

 src/ldb_modules/memberof.c | 6 +-----

 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c

index 5e1ff95a8..dae51938b 100644

--- a/src/ldb_modules/memberof.c

+++ b/src/ldb_modules/memberof.c

@@ -2055,11 +2055,7 @@ static int mbof_del_anc_callback(struct ldb_request *req,

                     talloc_free(valdn);

                     continue;

                 }

-                /* do not re-add the original deleted entry by mistake */

-                if (ldb_dn_compare(valdn, del_ctx->first->entry_dn) == 0) {

-                    talloc_free(valdn);

-                    continue;

-                }

+

                 new_list->dns = talloc_realloc(new_list,

                                                new_list->dns,

                                                struct ldb_dn *,

-- 

2.21.1