The Samba-Bugzilla – Bug 1183
Duplicate GIDs returned (when multiple AD groups mapped to single gid)
Last modified: 2005-08-24 10:19:22 UTC
We were testing an environment where a number Active Directory global groups
were mapped to a single Unix group. If a user belongs to several groups that map
to the same gid, that gid would be repeated in the groups list, taking up
however many slots were required. With a 16 group limit, this can cause a
Given active directory group AD_G1 is mapped to gid 20001,
AD_G2 is mapped to 20001, G1 is a local group with gid 2001,
and myUser belongs to Domain User, AD_G1, AD_G2, and G1.
Running "id -a myUser" gives:
uid=10000(myUser) gid=20000(Domain User) groups=20001(G1),20001(G1),20001(G1)
Due to the linux base function, this would apply to all unix os.
Created attachment 437 [details]
Patch to prevent return of duplicate gid's.
Patch modifies function _nss_winbind_initgroups_dyn in
nsswitch/winbind_nss_linux.c to check that a newly found gid is not already
present in the return list.
Created attachment 459 [details]
Fixed previous patch to search only assigned elements, not entire gid array length.
Fixed for 3.0.3rc1
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.