diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index 94959c36b46..b0ee3e616b4 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -2091,6 +2091,7 @@ ad_gpo_connect_done(struct tevent_req *subreq) char *server_uri; LDAPURLDesc *lud; struct sdap_domain *sdom; + struct sdap_search_base **search_bases; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ad_gpo_access_state); @@ -2184,9 +2185,18 @@ ad_gpo_connect_done(struct tevent_req *subreq) goto done; } + ret = common_parse_search_base(state, sdom->basedn, state->ldb_ctx, + "AD_HOSTS", NULL, &search_bases); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to create dedicated search base for host lookups, " + "trying with user search base."); + } + subreq = groups_by_user_send(state, state->ev, state->access_ctx->ad_id_ctx->sdap_id_ctx, sdom, state->conn, + search_bases, state->host_fqdn, BE_FILTER_NAME, NULL, diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 7159d635641..2c984ef50c4 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -304,6 +304,7 @@ struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, + struct sdap_search_base **search_bases, const char *filter_value, int filter_type, const char *extra_value, diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index da54816bdf9..b3ea2333f18 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -1139,6 +1139,7 @@ struct groups_by_user_state { struct sdap_id_op *op; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; + struct sdap_search_base **search_bases; const char *filter_value; int filter_type; @@ -1160,6 +1161,7 @@ struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, + struct sdap_search_base **search_bases, const char *filter_value, int filter_type, const char *extra_value, @@ -1192,6 +1194,7 @@ struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, state->extra_value = extra_value; state->domain = sdom->dom; state->sysdb = sdom->dom->sysdb; + state->search_bases = search_bases; if (state->domain->type == DOM_TYPE_APPLICATION || set_non_posix) { state->non_posix = true; @@ -1254,6 +1257,7 @@ static void groups_by_user_connect_done(struct tevent_req *subreq) sdap_id_op_handle(state->op), state->ctx, state->conn, + state->search_bases, state->filter_value, state->filter_type, state->extra_value, @@ -1449,7 +1453,7 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, } subreq = groups_by_user_send(state, be_ctx->ev, id_ctx, - sdom, conn, + sdom, conn, NULL, ar->filter_value, ar->filter_type, ar->extra_value, diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index f9027a776d9..de277e047fe 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -159,6 +159,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct sdap_handle *sh, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, + struct sdap_search_base **search_bases, const char *name, int filter_type, const char *extra_value, diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 97be594a389..fb3d8fe2462 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2732,6 +2732,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct sdap_handle *sh, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, + struct sdap_search_base **search_bases, const char *filter_value, int filter_type, const char *extra_value, @@ -2764,7 +2765,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, state->orig_user = NULL; state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); state->user_base_iter = 0; - state->user_search_bases = sdom->user_search_bases; + state->user_search_bases = (search_bases == NULL) ? sdom->user_search_bases + : search_bases; if (!state->user_search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, "Initgroups lookup request without a user search base\n");