diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 0f62e3b1adc..a47d9b17406 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2613,6 +2613,22 @@ int sysdb_store_user(struct sss_domain_info *domain, } } else { /* the user exists, let's just replace attributes when set */ + /* + * The sysdb_search_user_by_name() function also matches lowercased + * aliases, saved when the domain is case-insensitive. This means that + * the stored entry name can differ in capitalization from the search + * name. Use the cached entry name to perform the modification because + * if name capitalization in entry's DN differs the modify operation + * will fail. + */ + const char *entry_name = + ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); + if (entry_name != NULL) { + name = entry_name; + } else { + DEBUG(SSSDBG_MINOR_FAILURE, "User '%s' without a name?\n", name); + } + ret = sysdb_store_user_attrs(domain, name, uid, gid, gecos, homedir, shell, orig_dn, attrs, remove_attrs, cache_timeout, now); @@ -2847,6 +2863,22 @@ int sysdb_store_group(struct sss_domain_info *domain, ret = sysdb_store_new_group(domain, name, gid, attrs, cache_timeout, now); } else { + /* + * The sysdb_search_group_by_name() function also matches lowercased + * aliases, saved when the domain is case-insensitive. This means that + * the stored entry name can differ in capitalization from the search + * name. Use the cached entry name to perform the modification because + * if name capitalization in entry's DN differs the modify operation + * will fail. + */ + const char *entry_name = + ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); + if (entry_name != NULL) { + name = entry_name; + } else { + DEBUG(SSSDBG_MINOR_FAILURE, "Group '%s' without a name?\n", name); + } + ret = sysdb_store_group_attrs(domain, name, gid, attrs, cache_timeout, now); }