>From fd6034a063d9c6ec0d0f95c7b5fa1e4d8ac2345d Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 11 Mar 2014 17:39:31 +0100 Subject: [PATCH 2/2] LDAP: Only check GID if ID-mapping The group processing code checks the ID in order to determine if the group is a POSIX or non-POSIX one. However, the check will always fail if the domain is ID-mapping. Luckily, it's not a huge problem, as the GID is being mapped while saving the group. The faulty check does produce a confusing error message, though. --- src/providers/ldap/sdap_async_nested_groups.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/providers/ldap/sdap_async_nested_groups.c b/src/providers/ldap/sdap_async_nested_groups.c index efbf4080e6ae8e55566c4d68b701b08ff6429ec0..bc7394f689edb5f7e8a20580ecda720469573e89 100644 --- a/src/providers/ldap/sdap_async_nested_groups.c +++ b/src/providers/ldap/sdap_async_nested_groups.c @@ -34,6 +34,7 @@ #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_async_private.h" +#include "providers/ldap/sdap_idmap.h" #define sdap_nested_group_sysdb_search_users(domain, filter) \ sdap_nested_group_sysdb_search((domain), (filter), true) @@ -242,6 +243,7 @@ sdap_nested_group_hash_group(struct sdap_nested_group_ctx *group_ctx, errno_t ret; int32_t ad_group_type; bool posix_group = true; + bool use_id_mapping; if (group_ctx->opts->schema_type == SDAP_SCHEMA_AD) { ret = sysdb_attrs_get_int32_t(group, SYSDB_GROUP_TYPE, &ad_group_type); @@ -265,7 +267,12 @@ sdap_nested_group_hash_group(struct sdap_nested_group_ctx *group_ctx, } } - if (posix_group) { + use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( + group_ctx->opts->idmap_ctx, + group_ctx->domain->name, + group_ctx->domain->domain_id); + + if (posix_group && !use_id_mapping) { ret = sysdb_attrs_get_uint32_t(group, map[SDAP_AT_GROUP_GID].sys_name, &gid); } -- 1.8.5.3