| commit | a074f74e627e1d947a76bcf3a39e3c5df4d4ffe5 | |
| author | Andrew Bartlett <abartlet@samba.org> | |
| Tue, 25 Feb 2003 02:20:46 +0000 (25 02:20 +0000) | ||
| committer | Andrew Bartlett <abartlet@samba.org> | |
| Tue, 25 Feb 2003 02:20:46 +0000 (25 02:20 +0000) | ||
| tree | 1ba09d5b4a3ba378429ee6236ef4749250ebae8a | treesnapshot (tar.gz zip) |
| parent | 231d2f84ef36b30be98baf3b56ebf4a5cd8dad11 | commitdiff |
Fix a really nasty bug where some users in AD domains (particularly child
domains) would not have the tokenGroups or memberOf attributes filled in.
This would cause a user to have no supplementary group membership.
Detect this by the fact that the primaryGid must be present in the tokenGroups,
and if it isn't (ie, if there is no tokenGroups at all), do a server-side
search on all groups using the 'member' attribute and the user's DN.
Andrew Bartlett
domains) would not have the tokenGroups or memberOf attributes filled in.
This would cause a user to have no supplementary group membership.
Detect this by the fact that the primaryGid must be present in the tokenGroups,
and if it isn't (ie, if there is no tokenGroups at all), do a server-side
search on all groups using the 'member' attribute and the user's DN.
Andrew Bartlett
| source/nsswitch/winbindd_ads.c | diffblobblamehistory |