From 56438ec7804e55b5d4de00e69d01d397a9905e61 Mon Sep 17 00:00:00 2001
From: Ondrej Valousek <ondrej.valousek.xm@renesas.com>
Date: Mon, 4 Nov 2024 11:51:08 +0100
Subject: [PATCH] Fix bug in objectclass_matched()

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
 src/providers/ldap/sdap.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index 956eba93a22..a64d8c157ee 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -648,11 +648,13 @@ static bool objectclass_matched(struct sdap_attr_map *map,
         len = strlen(objcl) + 1;
     }
 
-    if (strncasecmp(map[SDAP_OC_GROUP].name, objcl, len) == 0) {
+    if (strncasecmp(map[0].name, objcl, len) == 0) {
         return true;
     }
-
-    if (map[SDAP_OC_GROUP_ALT].name != NULL
+    /* first element is always object class, and for groups also the
+     * second element (SDAP_OC_GROUP_ALT) in the array */
+    if (strcmp(map[SDAP_OC_GROUP_ALT].sys_name, SYSDB_GROUP_CLASS) == 0
+        && map[SDAP_OC_GROUP_ALT].name != NULL
         && strncasecmp(map[SDAP_OC_GROUP_ALT].name, objcl, len) == 0) {
         return true;
     }