sssd/0005-LDAP-Fixing-of-removing-netgroup-from-cache.patch

From 5ac050f0f5160dc433aba21fd1ae2f2a8ffa9a88 Mon Sep 17 00:00:00 2001
From: Petr Cech <pcech@redhat.com>
Date: Fri, 22 Jul 2016 14:28:54 +0200
Subject: [PATCH 05/39] LDAP: Fixing of removing netgroup from cache
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

There were problem with local key which wasn't properly removed.
This patch fixes it.

Resolves:
https://fedorahosted.org/sssd/ticket/2841

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit bf141e052a81b28ee0ad2f61ff8b4879e4faa13b)
---
 src/providers/ldap/sdap_async_netgroups.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c
index df233d956df70cfcb5f68bd2afc9e2a23c50c3bb..e1d69ad769f542cccffca50547932a5bfb352230 100644
--- a/src/providers/ldap/sdap_async_netgroups.c
+++ b/src/providers/ldap/sdap_async_netgroups.c
@@ -138,6 +138,22 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx,
         goto fail;
     }
 
+    /* We store memberNisNetgroup from LDAP as originalMemberNisNetgroup in
+     * sysdb. It may contain simple name or DN. That's the reason why we always
+     * translate/generate simple name and store it in SYSDB_NETGROUP_MEMBER
+     * (memberNisNetgroup) in sysdb which is internally used for searching
+     * netgropus.
+     * We need to ensure if originalMemberNisNetgroup is missing,
+     * memberNisNetgroup is missing too.
+     */
+    if (string_in_list(SYSDB_ORIG_NETGROUP_MEMBER, missing, false)) {
+        ret = add_string_to_list(attrs, SYSDB_NETGROUP_MEMBER, &missing);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add string into list\n");
+            goto fail;
+        }
+    }
+
     ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, missing,
                              dom->netgroup_timeout, now);
     if (ret) goto fail;
-- 
2.9.3