sssd/0002-Require-existence-of-username-uid-and-gid-for-user-e.patch

From c6f9fcdbf62d616f9fc89b7695aa48fa4c8ebd80 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Mon, 14 Mar 2011 09:56:22 -0400
Subject: [PATCH 2/2] Require existence of username, uid and gid for user enumeration

We will ignore users that do not have these three values.
---
 src/providers/ldap/ldap_id_enum.c |   30 ++++++++++++++++++------------
 1 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c
index 42c2911926602bfc2e3a33a0af837d6e809ee68b..6899b87c08b46c3c2b61fcd975ab14a4118cc918 100644
--- a/src/providers/ldap/ldap_id_enum.c
+++ b/src/providers/ldap/ldap_id_enum.c
@@ -441,19 +441,25 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
     state->op = op;
 
     if (ctx->srv_opts && ctx->srv_opts->max_user_value && !purge) {
-        state->filter = talloc_asprintf(state,
-                               "(&(%s=*)(objectclass=%s)(%s>=%s)(!(%s=%s)))",
-                               ctx->opts->user_map[SDAP_AT_USER_NAME].name,
-                               ctx->opts->user_map[SDAP_OC_USER].name,
-                               ctx->opts->user_map[SDAP_AT_USER_USN].name,
-                               ctx->srv_opts->max_user_value,
-                               ctx->opts->user_map[SDAP_AT_USER_USN].name,
-                               ctx->srv_opts->max_user_value);
+        state->filter = talloc_asprintf(
+                state,
+                "(&(objectclass=%s)(%s=*)(%s=*)(%s=*)(%s>=%s)(!(%s=%s)))",
+                ctx->opts->user_map[SDAP_OC_USER].name,
+                ctx->opts->user_map[SDAP_AT_USER_NAME].name,
+                ctx->opts->user_map[SDAP_AT_USER_UID].name,
+                ctx->opts->user_map[SDAP_AT_USER_GID].name,
+                ctx->opts->user_map[SDAP_AT_USER_USN].name,
+                ctx->srv_opts->max_user_value,
+                ctx->opts->user_map[SDAP_AT_USER_USN].name,
+                ctx->srv_opts->max_user_value);
     } else {
-        state->filter = talloc_asprintf(state,
-                               "(&(%s=*)(objectclass=%s))",
-                               ctx->opts->user_map[SDAP_AT_USER_NAME].name,
-                               ctx->opts->user_map[SDAP_OC_USER].name);
+        state->filter = talloc_asprintf(
+                state,
+                "(&(objectclass=%s)(%s=*)(%s=*)(%s=*))",
+                ctx->opts->user_map[SDAP_OC_USER].name,
+                ctx->opts->user_map[SDAP_AT_USER_NAME].name,
+                ctx->opts->user_map[SDAP_AT_USER_UID].name,
+                ctx->opts->user_map[SDAP_AT_USER_GID].name);
     }
     if (!state->filter) {
         DEBUG(2, ("Failed to build filter\n"));
-- 
1.7.4