IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

hbactest does not work for external users

Browse Source 
Original patch for ticket #3803 implemented support to resolve SIDs
through SSSD. However, it also broke hbactest for external users. The
result of the updated external member group search must be local
non-external groups, not the external ones. Otherwise the rule is not
matched.

https://fedorahosted.org/freeipa/ticket/3803
This commit is contained in:
Martin Kosek
2014-01-10 12:41:29 +01:00
parent 554d43d689
commit faa820f39e
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ipalib/plugins/hbactest.py
View File

@@ -400,14 +400,16 @@ class hbactest(Command):
ldap = self.api.Backend.ldap2 ldap = self.api.Backend.ldap2
group_container = DN(api.env.container_group, api.env.basedn) group_container = DN(api.env.container_group, api.env.basedn)
try: try:
entries, truncated = ldap.find_entries(filter_sids, ['cn'], group_container) entries, truncated = ldap.find_entries(filter_sids, ['memberof'], group_container)
except errors.NotFound: except errors.NotFound:
request.user.groups = [] request.user.groups = []
else: else:
groups = [] groups = []
for dn, entry in entries: for dn, entry in entries:
if dn.endswith(group_container): memberof_dns = entry.get('memberof', [])
groups.append(dn[0][0].value) for memberof_dn in memberof_dns:
if memberof_dn.endswith(group_container):
groups.append(memberof_dn[0][0].value)
request.user.groups = sorted(set(groups)) request.user.groups = sorted(set(groups))
else: else:
# try searching for a local user # try searching for a local user