From 2d9a33aaa3ecae4af7fb64c64fc2ada176b26a02 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 5 Nov 2014 18:01:07 +0100
Subject: [PATCH 78/79] Fix uuid defaults
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Recently the uuid attributes for user and groups were removed because
it was found that there are not used at all and that some of them where
causing issues (https://fedorahosted.org/sssd/ticket/2383).
The new views/overrides feature of FreeIPA uses the ipaUniqueID attribute
to relate overrides with the original IPA objects. The previous two
patches revert the removal of the uuid attributes from users and groups
with this patch set the default value of these attributes to
ipaUniqueID from the IPA provider, to objectGUID for the AD provider and
leaves them unset for the general LDAP case to avoid issues like the one
from ticket #2383.
Related to https://fedorahosted.org/sssd/ticket/2481
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
src/man/sssd-ldap.5.xml | 6 ++++--
src/providers/ipa/ipa_opts.h | 4 ++--
src/providers/ldap/ldap_opts.h | 6 ++----
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index f45522bd5f6c599bce7a38d8821cb0a08f6b5df3..dad6f27933ced506fed7cd040e9fe91968295632 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -345,7 +345,8 @@
an LDAP user object.
</para>
<para>
- Default: nsUniqueId
+ Default: not set in the general case, objectGUID for
+ AD and ipaUniqueID for IPA
</para>
</listitem>
</varlistentry>
@@ -866,7 +867,8 @@
an LDAP group object.
</para>
<para>
- Default: nsUniqueId
+ Default: not set in the general case, objectGUID for
+ AD and ipaUniqueID for IPA
</para>
</listitem>
</varlistentry>
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index e0478db39913b87c071d8f4daf9c2a0b33a0b0f4..59282e8699091fbccf08ddfc6825034d4f81a87f 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -178,7 +178,7 @@ struct sdap_attr_map ipa_user_map[] = {
{ "ldap_user_principal", "krbPrincipalName", SYSDB_UPN, NULL },
{ "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL },
{ "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL },
- { "ldap_user_uuid", "nsUniqueId", SYSDB_UUID, NULL },
+ { "ldap_user_uuid", "ipaUniqueID", SYSDB_UUID, NULL },
{ "ldap_user_objectsid", "ipaNTSecurityIdentifier", SYSDB_SID_STR, NULL },
{ "ldap_user_primary_group", NULL, SYSDB_PRIMARY_GROUP, NULL },
{ "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
@@ -212,7 +212,7 @@ struct sdap_attr_map ipa_group_map[] = {
{ "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL },
{ "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
{ "ldap_group_member", "member", SYSDB_MEMBER, NULL },
- { "ldap_group_uuid", "nsUniqueId", SYSDB_UUID, NULL },
+ { "ldap_group_uuid", "ipaUniqueID", SYSDB_UUID, NULL },
{ "ldap_group_objectsid", "ipaNTSecurityIdentifier", SYSDB_SID_STR, NULL },
{ "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
{ "ldap_group_entry_usn", NULL, SYSDB_USN, NULL },
diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h
index 096a63bd53918ba79378c01257a18e543597209a..29d9faf99784bfc3526398488be837a2716ee11d 100644
--- a/src/providers/ldap/ldap_opts.h
+++ b/src/providers/ldap/ldap_opts.h
@@ -209,8 +209,7 @@ struct sdap_attr_map rfc2307bis_user_map[] = {
{ "ldap_user_principal", "krbPrincipalName", SYSDB_UPN, NULL },
{ "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL },
{ "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL },
- /* FIXME: this is 389ds specific */
- { "ldap_user_uuid", "nsUniqueId", SYSDB_UUID, NULL },
+ { "ldap_user_uuid", NULL, SYSDB_UUID, NULL },
{ "ldap_user_objectsid", "objectSID", SYSDB_SID, NULL },
{ "ldap_user_primary_group", NULL, SYSDB_PRIMARY_GROUP, NULL },
{ "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
@@ -244,8 +243,7 @@ struct sdap_attr_map rfc2307bis_group_map[] = {
{ "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL },
{ "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
{ "ldap_group_member", "member", SYSDB_MEMBER, NULL },
- /* FIXME: this is 389ds specific */
- { "ldap_group_uuid", "nsUniqueId", SYSDB_UUID, NULL },
+ { "ldap_group_uuid", NULL, SYSDB_UUID, NULL },
{ "ldap_group_objectsid", "objectSID", SYSDB_SID, NULL },
{ "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
{ "ldap_group_entry_usn", NULL, SYSDB_USN, NULL },
--
1.9.3