|
 |
905b4d |
From 4d1985342d51075f0842c2221c034bbf7cc3d5af Mon Sep 17 00:00:00 2001
|
|
|
905b4d |
From: Sumit Bose <sbose@redhat.com>
|
|
|
905b4d |
Date: Fri, 24 Oct 2014 15:41:04 +0200
|
|
|
905b4d |
Subject: [PATCH 56/64] IPA: inherit ldap_user_extra_attrs to AD subdomains
|
|
|
905b4d |
|
|
|
905b4d |
Currently the component of the IPA provider which reads the AD user and
|
|
|
905b4d |
group attributes in ipa-server-mode uses default settings for the LDAP
|
|
|
905b4d |
related attributes. As a result even if ldap_user_extra_attrs is defined
|
|
|
905b4d |
in sssd.conf no extra attributes are read from AD.
|
|
|
905b4d |
|
|
|
905b4d |
With the patch the value if ldap_user_extra_attrs is inherited to the AD
|
|
|
905b4d |
subdomains to allow them to read extra attributes as well.
|
|
|
905b4d |
|
|
|
905b4d |
Related to https://fedorahosted.org/sssd/ticket/2464
|
|
|
905b4d |
|
|
|
905b4d |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
905b4d |
---
|
|
|
905b4d |
src/providers/ipa/ipa_subdomains.c | 31 +++++++++++++++++++++++++++++++
|
|
|
905b4d |
1 file changed, 31 insertions(+)
|
|
|
905b4d |
|
|
|
905b4d |
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
|
|
|
905b4d |
index c61c1c666908ec23f8a92e5568222e55ec47be0a..9281aab1b028ebcaee8044b2768c6918efa4e514 100644
|
|
|
905b4d |
--- a/src/providers/ipa/ipa_subdomains.c
|
|
|
905b4d |
+++ b/src/providers/ipa/ipa_subdomains.c
|
|
|
905b4d |
@@ -109,6 +109,7 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
|
|
|
905b4d |
char *ad_domain;
|
|
|
905b4d |
struct sdap_domain *sdom;
|
|
|
905b4d |
errno_t ret;
|
|
|
905b4d |
+ const char *extra_attrs;
|
|
|
905b4d |
|
|
|
905b4d |
ad_options = ad_create_default_options(id_ctx, id_ctx->server_mode->realm,
|
|
|
905b4d |
id_ctx->server_mode->hostname);
|
|
|
905b4d |
@@ -135,6 +136,36 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
|
|
|
905b4d |
return ret;
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
+ extra_attrs = dp_opt_get_string(id_ctx->sdap_id_ctx->opts->basic,
|
|
|
905b4d |
+ SDAP_USER_EXTRA_ATTRS);
|
|
|
905b4d |
+ if (extra_attrs != NULL) {
|
|
|
905b4d |
+ DEBUG(SSSDBG_TRACE_ALL,
|
|
|
905b4d |
+ "Setting extra attrs for subdomain [%s] to [%s].\n", ad_domain,
|
|
|
905b4d |
+ extra_attrs);
|
|
|
905b4d |
+
|
|
|
905b4d |
+ ret = dp_opt_set_string(ad_options->id->basic, SDAP_USER_EXTRA_ATTRS,
|
|
|
905b4d |
+ extra_attrs);
|
|
|
905b4d |
+ if (ret != EOK) {
|
|
|
905b4d |
+ DEBUG(SSSDBG_OP_FAILURE, "dp_opt_get_string failed.\n");
|
|
|
905b4d |
+ talloc_free(ad_options);
|
|
|
905b4d |
+ return ret;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+
|
|
|
905b4d |
+ ret = sdap_extend_map_with_list(ad_options->id, ad_options->id,
|
|
|
905b4d |
+ SDAP_USER_EXTRA_ATTRS,
|
|
|
905b4d |
+ ad_options->id->user_map,
|
|
|
905b4d |
+ SDAP_OPTS_USER,
|
|
|
905b4d |
+ &ad_options->id->user_map,
|
|
|
905b4d |
+ &ad_options->id->user_map_cnt);
|
|
|
905b4d |
+ if (ret != EOK) {
|
|
|
905b4d |
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_extend_map_with_list failed.\n");
|
|
|
905b4d |
+ talloc_free(ad_options);
|
|
|
905b4d |
+ return ret;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+ } else {
|
|
|
905b4d |
+ DEBUG(SSSDBG_TRACE_ALL, "No extra attrs set.\n");
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+
|
|
|
905b4d |
gc_service_name = talloc_asprintf(ad_options, "%s%s", "gc_", subdom->name);
|
|
|
905b4d |
if (gc_service_name == NULL) {
|
|
|
905b4d |
talloc_free(ad_options);
|
|
|
905b4d |
--
|
|
|
905b4d |
1.9.3
|
|
|
905b4d |
|