SHA256
1
0
forked from pool/sssd

Accepting request 764123 from home:dmulder:branches:network:ldap

- SSSD GPO host entries are ignored if computer cn does not
  match it's samaccountname, add
  0001-Resolve-computer-lookup-failure-when-sam-cn.patch;
  (jsc#SLE-9298); (bsc#1160688)

OBS-URL: https://build.opensuse.org/request/show/764123
OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=228
This commit is contained in:
Jan Engelhardt 2020-01-13 20:59:00 +00:00 committed by Git OBS Bridge
parent 9f28c9b493
commit deb4fe685b
3 changed files with 54 additions and 0 deletions

View File

@ -0,0 +1,45 @@
From 0ea7661eeb7783c45d7f0ec9d19d99ce9fe407cf Mon Sep 17 00:00:00 2001
From: David Mulder <dmulder@suse.com>
Date: Fri, 10 Jan 2020 18:21:05 +0000
Subject: [PATCH] Resolve computer lookup failure when sam!=cn
References: jsc#SLE-9298
Upstream: submitted
---
src/providers/ad/ad_gpo.c | 11 ++---------
1 file changed, 2 insertions(+), 9 deletions(-)
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index 90e1909f8..6dd850cc9 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -1947,7 +1947,6 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq)
struct sysdb_attrs **reply;
const char *target_dn = NULL;
uint32_t uac;
- char *filter = NULL;
char *domain_dn;
const char *attrs[] = {AD_AT_SID, NULL};
struct ldb_message *msg;
@@ -2050,16 +2049,10 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq)
goto done;
}
- filter = talloc_asprintf(subreq, SYSDB_COMP_FILTER, state->ad_hostname);
- if (!filter) {
- ret = ENOMEM;
- goto done;
- }
-
subreq = sdap_get_generic_send(state, state->ev, state->opts,
sdap_id_op_handle(state->sdap_op),
- domain_dn, LDAP_SCOPE_SUBTREE,
- filter, attrs, NULL, 0,
+ state->target_dn, LDAP_SCOPE_BASE,
+ "(&)", attrs, NULL, 0,
state->timeout,
false);
--
2.24.0

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Mon Jan 13 14:40:11 UTC 2020 - David Mulder <dmulder@suse.com>
- SSSD GPO host entries are ignored if computer cn does not
match it's samaccountname, add
0001-Resolve-computer-lookup-failure-when-sam-cn.patch;
(jsc#SLE-9298); (bsc#1160688)
-------------------------------------------------------------------
Thu Jan 02 17:17:00 UTC 2020 - David Mulder <dmulder@suse.com>

View File

@ -31,6 +31,7 @@ Source3: baselibs.conf
Source5: %name.keyring
Patch1: krb-noversion.diff
Patch2: sssd-gpo_host_security_filter-2.2.2.patch
Patch3: 0001-Resolve-computer-lookup-failure-when-sam-cn.patch
BuildRoot: %_tmppath/%name-%version-build
%define servicename sssd