Commits on Feb 9, 2024

1. sdap: add search_bases option to groups_by_user_send() …

   AD handles users and computer objects very similar and so does SSSD's
   GPO code when lookup up the host's group-memberships. But users and
   computers might be stored in different sub-tree of the AD LDAP tree and
   if a dedicated user search base is given with the ldap_user_search_base
   option in sssd.conf the host object might be in a different sub-tree. To
   make sure the host can still be found this patch uses the base DN of
   the LDAP tree when searching for hosts in the GPO code.
   
   Resolves: SSSD#5708

   

   sumit-bose committed Feb 9, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 84bf2ca
   • Browse repository at this point

   Copy the full SHA

   84bf2ca View commit details

   Browse the repository at this point in the history

2. sdap: add naming_context as new member of struct sdap_domain …

   The naming_context could be a more reliable source than basedn for the
   actual base DN because basedn is set very early from the domain name
   given in sssd.conf. Although it is recommended to use the fully
   qualified DNS domain name here it is not required. As a result basedn
   might not reflect the actual based DN of the LDAP server. Also pure LDAP
   server (i.e. not AD or FreeIPA) might use different schemes to set the
   base DN which will not be based on the DNS domain of the LDAP server.
   
   Resolves: SSSD#5708

   

   sumit-bose committed Feb 9, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for d7576f0
   • Browse repository at this point

   Copy the full SHA

   d7576f0 View commit details

   Browse the repository at this point in the history