From cecc02451efa40f0b6418b3fd6bca39448fb99a8 Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun, 5 Jan 2014 14:59:11 +0100
Subject: Use myldap_get_deref_values() to get member uids

This uses information from the deref control (if available) to get the
username for each of the members of the group. Any missing deref member
attribute values will be seen as nested groups and will be traversed if
nested group support is enabled.
---
 nslcd/group.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/nslcd/group.c b/nslcd/group.c
index da0653d..ffaeb80 100644
--- a/nslcd/group.c
+++ b/nslcd/group.c
@@ -234,6 +234,7 @@ static void getmembers(MYLDAP_ENTRY *entry, MYLDAP_SESSION *session,
   char buf[BUFLEN_NAME];
   int i;
   const char **values;
+  const char ***derefs;
   /* add the memberUid values */
   values = myldap_get_values(entry, attmap_group_memberUid);
   if (values != NULL)
@@ -246,6 +247,26 @@ static void getmembers(MYLDAP_ENTRY *entry, MYLDAP_SESSION *session,
   /* skip rest if attmap_group_member is blank */
   if (strcasecmp(attmap_group_member, "\"\"") == 0)
     return;
+  /* add deref'd entries if we have them*/
+  derefs = myldap_get_deref_values(entry, attmap_group_member, attmap_passwd_uid);
+  if (derefs != NULL)
+  {
+    /* add deref'd uid attributes */
+    for (i = 0; derefs[0][i] != NULL; i++)
+      set_add(members, derefs[0][i]);
+    /* add non-deref'd attribute values as subgroups */
+    for (i = 0; derefs[1][i] != NULL; i++)
+    {
+      if ((seen == NULL) || (!set_contains(seen, derefs[1][i])))
+      {
+        if (seen != NULL)
+          set_add(seen, derefs[1][i]);
+        if (subgroups != NULL)
+          set_add(subgroups, derefs[1][i]);
+      }
+    }
+    return; /* no need to parse the member attribute ourselves */
+  }
   /* add the member values */
   values = myldap_get_values(entry, attmap_group_member);
   if (values != NULL)
-- 
cgit v1.2.3