Hi, see the attached simple patch for ticket: https://fedorahosted.org/sssd/ticket/3045
The patch is missing a CI test. I will add one (hopefully later tomorrow) after I take a look at one bugzilla which has currently higher priority. If someone writes a test for this until then, I will gladly review it :) The reproducer is simple: 1. have ldap with RFC2307 schema with group that contains user from /etc/passwd (for example local_user) 2. run 'id local_user' 3. the ldap group should be among the displayed groups Michal
>From c324ca57d5bed4ad2a290d819ad84349d45cc669 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com> Date: Wed, 13 Jul 2016 20:02:47 +0200 Subject: [PATCH] sdap: Fix ldap_rfc_2307_fallback_to_local_users Fixes: https://fedorahosted.org/sssd/ticket/3045 We wrongly tried to store empty user attributes instead of the local user attributes with ldap_rfc_2307_fallback_to_local_users set to true. This gave us bad initgroups results and caused segfaults. --- src/providers/ldap/sdap_async_initgroups.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index d14563c..17593f0 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2893,6 +2893,9 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) (dp_opt_get_bool(state->opts->basic, SDAP_RFC2307_FALLBACK_TO_LOCAL_USERS) == true)) { ret = sdap_fallback_local_user(state, state->shortname, -1, &usr_attrs); + if (ret == EOK) { + state->orig_user = usr_attrs[0]; + } } else { ret = ENOENT; } -- 2.5.0
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org