Mercurial > illumos > git > illumos-omnios

changeset 21405:afafd6629b96

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
10995 idmap fails to lookup group SID in AD Reviewed by: Gordon Ross <gwr@nexenta.com> Approved by: Richard Lowe <richlowe@richlowe.net>
author Matt Barden <matt.barden@nexenta.com>
date Wed, 18 Jul 2018 19:14:58 -0400
parents fbbf913eecac
children c2d4708b2856
files usr/src/cmd/idmap/idmapd/adutils.c
diffstat 1 files changed, 4 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/cmd/idmap/idmapd/adutils.c	Mon Feb 12 16:36:31 2018 -0500
+++ b/usr/src/cmd/idmap/idmapd/adutils.c	Wed Jul 18 19:14:58 2018 -0400
@@ -21,6 +21,8 @@
 
 /*
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
  */
 
 /*
@@ -59,7 +61,7 @@
 #define	UIDNUMBERFILTER	"(&(objectclass=user)(uidNumber=%u))"
 #define	GIDNUMBERFILTER	"(&(objectclass=group)(gidNumber=%u))"
 #define	SANFILTER	"(sAMAccountName=%s)"
-#define	OBJSIDFILTER	"(objectSid=%s)"
+#define	OBJSIDFILTER	"(|(objectSid=%s)(sIDHistory=%s))"
 
 void	idmap_ldap_res_search_cb(LDAP *ld, LDAPMessage **res, int rc,
 		int qid, void *argp);
@@ -792,7 +794,7 @@
 		return (IDMAP_ERR_SID);
 
 	/* Assemble filter */
-	(void) asprintf(&filter, OBJSIDFILTER, cbinsid);
+	(void) asprintf(&filter, OBJSIDFILTER, cbinsid, cbinsid);
 	if (filter == NULL)
 		return (IDMAP_ERR_MEMORY);