From deb4fe685b5f71e127c25eef85dd946fbf8215031a2972dc375b11df013cc4da Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Mon, 13 Jan 2020 20:59:00 +0000
Subject: [PATCH] Accepting request 764123 from
 home:dmulder:branches:network:ldap

- SSSD GPO host entries are ignored if computer cn does not
  match it's samaccountname, add
  0001-Resolve-computer-lookup-failure-when-sam-cn.patch;
  (jsc#SLE-9298); (bsc#1160688)

OBS-URL: https://build.opensuse.org/request/show/764123
OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=228
---
 ...-computer-lookup-failure-when-sam-cn.patch | 45 +++++++++++++++++++
 sssd.changes                                  |  8 ++++
 sssd.spec                                     |  1 +
 3 files changed, 54 insertions(+)
 create mode 100644 0001-Resolve-computer-lookup-failure-when-sam-cn.patch

diff --git a/0001-Resolve-computer-lookup-failure-when-sam-cn.patch b/0001-Resolve-computer-lookup-failure-when-sam-cn.patch
new file mode 100644
index 0000000..d154375
--- /dev/null
+++ b/0001-Resolve-computer-lookup-failure-when-sam-cn.patch
@@ -0,0 +1,45 @@
+From 0ea7661eeb7783c45d7f0ec9d19d99ce9fe407cf Mon Sep 17 00:00:00 2001
+From: David Mulder <dmulder@suse.com>
+Date: Fri, 10 Jan 2020 18:21:05 +0000
+Subject: [PATCH] Resolve computer lookup failure when sam!=cn
+References: jsc#SLE-9298
+Upstream: submitted
+
+---
+ src/providers/ad/ad_gpo.c | 11 ++---------
+ 1 file changed, 2 insertions(+), 9 deletions(-)
+
+diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
+index 90e1909f8..6dd850cc9 100644
+--- a/src/providers/ad/ad_gpo.c
++++ b/src/providers/ad/ad_gpo.c
+@@ -1947,7 +1947,6 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq)
+     struct sysdb_attrs **reply;
+     const char *target_dn = NULL;
+     uint32_t uac;
+-    char *filter = NULL;
+     char *domain_dn;
+     const char *attrs[] = {AD_AT_SID, NULL};
+     struct ldb_message *msg;
+@@ -2050,16 +2049,10 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq)
+             goto done;
+         }
+ 
+-        filter = talloc_asprintf(subreq, SYSDB_COMP_FILTER, state->ad_hostname);
+-        if (!filter) {
+-            ret = ENOMEM;
+-            goto done;
+-        }
+-
+         subreq = sdap_get_generic_send(state, state->ev, state->opts,
+                                        sdap_id_op_handle(state->sdap_op),
+-                                       domain_dn, LDAP_SCOPE_SUBTREE,
+-                                       filter, attrs, NULL, 0,
++                                       state->target_dn, LDAP_SCOPE_BASE,
++                                       "(&)", attrs, NULL, 0,
+                                        state->timeout,
+                                        false);
+ 
+-- 
+2.24.0
+
diff --git a/sssd.changes b/sssd.changes
index e766550..95e1cd7 100644
--- a/sssd.changes
+++ b/sssd.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Jan 13 14:40:11 UTC 2020 - David Mulder <dmulder@suse.com>
+
+- SSSD GPO host entries are ignored if computer cn does not
+  match it's samaccountname, add
+  0001-Resolve-computer-lookup-failure-when-sam-cn.patch;
+  (jsc#SLE-9298); (bsc#1160688)
+
 -------------------------------------------------------------------
 Thu Jan 02 17:17:00 UTC 2020 - David Mulder <dmulder@suse.com>
 
diff --git a/sssd.spec b/sssd.spec
index 2f59da0..f7dfee4 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -31,6 +31,7 @@ Source3:        baselibs.conf
 Source5:        %name.keyring
 Patch1:         krb-noversion.diff
 Patch2:         sssd-gpo_host_security_filter-2.2.2.patch
+Patch3:         0001-Resolve-computer-lookup-failure-when-sam-cn.patch
 BuildRoot:      %_tmppath/%name-%version-build
 
 %define servicename	sssd