From f1eb45c3e8a198615c6731dfe9d965ab421723e8 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 22 Jul 2016 12:19:26 +0200
Subject: [PATCH 50/62] LDAP: allow multiple user principals
In general a user can have multiple principals and recent IPA version
added support to defined multiple principals. With this patch SSSD does
not only store the first but all principals read by LDAP from a server.
Resolves https://fedorahosted.org/sssd/ticket/2958
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 0d5d490fb5ec685fd8ef7a75e612e6ec7ef6bde3)
---
src/providers/ldap/sdap_async_users.c | 32 ++++++++++++++++++--------------
1 file changed, 18 insertions(+), 14 deletions(-)
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index e44c045b3f8ff6aed33a42cf2919bc01aa41a243..28101a2d8a38f97d09d50a9f7e071a030b4f9719 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -142,6 +142,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
char *sid_str;
char *dom_sid_str = NULL;
struct sss_domain_info *subdomain;
+ size_t c;
DEBUG(SSSDBG_TRACE_FUNC, "Save user\n");
@@ -440,20 +441,23 @@ int sdap_save_user(TALLOC_CTX *memctx,
DEBUG(SSSDBG_TRACE_FUNC,
"User principal is not available for [%s].\n", user_name);
} else {
- upn = talloc_strdup(user_attrs, (const char*) el->values[0].data);
- if (!upn) {
- ret = ENOMEM;
- goto done;
- }
- if (dp_opt_get_bool(opts->basic, SDAP_FORCE_UPPER_CASE_REALM)) {
- make_realm_upper_case(upn);
- }
- DEBUG(SSSDBG_TRACE_FUNC,
- "Adding user principal [%s] to attributes of [%s].\n",
- upn, user_name);
- ret = sysdb_attrs_add_string(user_attrs, SYSDB_UPN, upn);
- if (ret) {
- goto done;
+ for (c = 0; c < el->num_values; c++) {
+ upn = talloc_strdup(tmpctx, (const char*) el->values[c].data);
+ if (!upn) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ if (dp_opt_get_bool(opts->basic, SDAP_FORCE_UPPER_CASE_REALM)) {
+ make_realm_upper_case(upn);
+ }
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Adding user principal [%s] to attributes of [%s].\n",
+ upn, user_name);
+ ret = sysdb_attrs_add_string(user_attrs, SYSDB_UPN, upn);
+ if (ret) {
+ goto done;
+ }
}
}
--
2.4.11