From d2636b0f34d6e4ff7cf99a44db8317fd485a3783 Mon Sep 17 00:00:00 2001

From: Lukas Slebodnik <lslebodn@redhat.com>

Date: Fri, 26 Aug 2016 14:57:22 +0200

Subject: [PATCH 124/126] PROXY: Use right name in ldap filter

We used internal fq name in ldap filter

with id_provider proxy to files and auth provider

ldap

[sssd[be[LDAP]]] [sdap_get_generic_ext_step]

    (0x0400): calling ldap_search_ext with

    [(&(uid=testuser1@ldap)(objectclass=posixAccount))][dc=example,dc=com].

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

---

 src/providers/ldap/ldap_auth.c | 11 ++++++++---

 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c

index 35f16b0d4a6f8e566b0cf63b65ba46f31e7c1bcd..00d38284e428eea42254820fd08ee4fb125235a6 100644

--- a/src/providers/ldap/ldap_auth.c

+++ b/src/providers/ldap/ldap_auth.c

@@ -361,7 +361,7 @@ shadow_fail:

 /* ==Get-User-DN========================================================== */

 struct get_user_dn_state {

-    const char *username;

+    char *username;

     char *orig_dn;

 };

@@ -386,9 +386,14 @@ static struct tevent_req *get_user_dn_send(TALLOC_CTX *memctx,

     req = tevent_req_create(memctx, &state, struct get_user_dn_state);

     if (!req) return NULL;

-    state->username = username;

+    ret = sss_parse_internal_fqname(state, username,

+                                    &state->username, NULL);

+    if (ret != EOK) {

+        DEBUG(SSSDBG_OP_FAILURE, "Cannot parse %s\n", username);

+        goto done;

+    }

-    ret = sss_filter_sanitize(state, username, &clean_name);

+    ret = sss_filter_sanitize(state, state->username, &clean_name);

     if (ret != EOK) {

         goto done;

     }

-- 

2.4.11