ldap group fixes
Review Request #2501 - Created Jan. 28, 2020 and submitted
Fixes using DNs to enumerate posixGroup membership for non-AD LDAP servers
Prior to fixes, ldap groups did not show up, and did not list any secondary members. With the fix, groups now show up and list members correctly.
Could you explain the use of UIDFILTER here? Previously, this would have been _NIS_FILTER ("nisdomain=*") when used in find_domainname. What's the goal of the change? Is it to restrict results to those with a 'uid' field defined? Additionally, UIDFILTER is "(&(objectclass=posixAccount)(uid=%s))". Is the %s getting filled in implicitly somewhere? __ns_ldap_uid2dn() has to fill it in manually.
This should be
strdup(dn_data->lkd_filter). In the end it turns out it's not used -- the only thing that uses the
__s_api_merge_SSD_filter()which uses the SSD filter to set
__ns_ldap_list()as the search state machine iterates through . Since
__ns_ldap_list(), isn't used,
__s_api_merge_SSD_filter()isn't called, and the field is not touched.
It also doesn't make much semantic sense since SSDs are used to search multiple locations, and in this case we aren't really searching -- we're retrieving a specific entry. However, the original find_domainname does set the
filterfield, so I meant to do the same (even if it's not used). I will post an update shortly with the fixed version.