From 5ac050f0f5160dc433aba21fd1ae2f2a8ffa9a88 Mon Sep 17 00:00:00 2001 From: Petr Cech Date: Fri, 22 Jul 2016 14:28:54 +0200 Subject: [PATCH 05/39] LDAP: Fixing of removing netgroup from cache MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There were problem with local key which wasn't properly removed. This patch fixes it. Resolves: https://fedorahosted.org/sssd/ticket/2841 Reviewed-by: Lukáš Slebodník (cherry picked from commit bf141e052a81b28ee0ad2f61ff8b4879e4faa13b) --- src/providers/ldap/sdap_async_netgroups.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index df233d956df70cfcb5f68bd2afc9e2a23c50c3bb..e1d69ad769f542cccffca50547932a5bfb352230 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -138,6 +138,22 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, goto fail; } + /* We store memberNisNetgroup from LDAP as originalMemberNisNetgroup in + * sysdb. It may contain simple name or DN. That's the reason why we always + * translate/generate simple name and store it in SYSDB_NETGROUP_MEMBER + * (memberNisNetgroup) in sysdb which is internally used for searching + * netgropus. + * We need to ensure if originalMemberNisNetgroup is missing, + * memberNisNetgroup is missing too. + */ + if (string_in_list(SYSDB_ORIG_NETGROUP_MEMBER, missing, false)) { + ret = add_string_to_list(attrs, SYSDB_NETGROUP_MEMBER, &missing); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add string into list\n"); + goto fail; + } + } + ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, missing, dom->netgroup_timeout, now); if (ret) goto fail; -- 2.9.3