|
 |
aa60fb |
From 01ccf0deee2cfa98f76d79eb435be74efecd4626 Mon Sep 17 00:00:00 2001
|
|
|
aa60fb |
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
aa60fb |
Date: Mon, 22 Feb 2016 12:40:03 +0200
|
|
|
aa60fb |
Subject: [PATCH] slapi-nis: update configuration to allow external members of
|
|
|
aa60fb |
IPA groups
|
|
|
aa60fb |
|
|
|
aa60fb |
Currently in an environment with trust to AD the compat tree does not
|
|
|
aa60fb |
show AD users as members of IPA groups. The reason is that IPA groups
|
|
|
aa60fb |
are read directly from the IPA DS tree and external groups are not
|
|
|
aa60fb |
handled.
|
|
|
aa60fb |
|
|
|
aa60fb |
slapi-nis project has added support for it in 0.55, make sure we update
|
|
|
aa60fb |
configuration for the group map if it exists and depend on 0.55 version.
|
|
|
aa60fb |
|
|
|
aa60fb |
https://fedorahosted.org/freeipa/ticket/4403
|
|
|
aa60fb |
|
|
|
aa60fb |
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
aa60fb |
---
|
|
|
aa60fb |
freeipa.spec.in | 2 +-
|
|
|
aa60fb |
install/updates/50-externalmembers.update | 3 +++
|
|
|
aa60fb |
install/updates/Makefile.am | 1 +
|
|
|
aa60fb |
3 files changed, 5 insertions(+), 1 deletion(-)
|
|
|
aa60fb |
create mode 100644 install/updates/50-externalmembers.update
|
|
|
aa60fb |
|
|
|
aa60fb |
diff --git a/freeipa.spec.in b/freeipa.spec.in
|
|
|
aa60fb |
index cd26d4ce66e320f8b8bf6aaa3e738b4c11f89aa9..17b90fc4653bd7694bf389a19d5847d7df544890 100644
|
|
|
aa60fb |
--- a/freeipa.spec.in
|
|
|
aa60fb |
+++ b/freeipa.spec.in
|
|
|
aa60fb |
@@ -139,7 +139,7 @@ Requires(pre): systemd-units
|
|
|
aa60fb |
Requires(post): systemd-units
|
|
|
aa60fb |
Requires: selinux-policy >= %{selinux_policy_version}
|
|
|
aa60fb |
Requires(post): selinux-policy-base
|
|
|
aa60fb |
-Requires: slapi-nis >= 0.54.2-1
|
|
|
aa60fb |
+Requires: slapi-nis >= 0.55-1
|
|
|
aa60fb |
Requires: pki-ca >= 10.2.5
|
|
|
aa60fb |
Requires: pki-kra >= 10.2.5
|
|
|
aa60fb |
Requires(preun): python systemd-units
|
|
|
aa60fb |
diff --git a/install/updates/50-externalmembers.update b/install/updates/50-externalmembers.update
|
|
|
aa60fb |
new file mode 100644
|
|
|
aa60fb |
index 0000000000000000000000000000000000000000..6b9c5dd23fac65fd5e9055b255e7c4d41e5cc66b
|
|
|
aa60fb |
--- /dev/null
|
|
|
aa60fb |
+++ b/install/updates/50-externalmembers.update
|
|
|
aa60fb |
@@ -0,0 +1,3 @@
|
|
|
aa60fb |
+dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
|
|
|
aa60fb |
+addifexist: schema-compat-entry-attribute: ipaexternalmember=%deref_r("member","ipaexternalmember")
|
|
|
aa60fb |
+addifexist: schema-compat-entry-attribute: objectclass=ipaexternalgroup
|
|
|
aa60fb |
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
|
|
|
aa60fb |
index 26e4c04ed66a4a2061a3bb3ca2f4a6cd84502598..86799838c8713d04d03a69167a00ee4baa6acd6c 100644
|
|
|
aa60fb |
--- a/install/updates/Makefile.am
|
|
|
aa60fb |
+++ b/install/updates/Makefile.am
|
|
|
aa60fb |
@@ -45,6 +45,7 @@ app_DATA = \
|
|
|
aa60fb |
50-krbenctypes.update \
|
|
|
aa60fb |
50-nis.update \
|
|
|
aa60fb |
50-ipaconfig.update \
|
|
|
aa60fb |
+ 50-externalmembers.update \
|
|
|
aa60fb |
55-pbacmemberof.update \
|
|
|
aa60fb |
59-trusts-sysacount.update \
|
|
|
aa60fb |
60-trusts.update \
|
|
|
aa60fb |
--
|
|
|
aa60fb |
2.5.0
|
|
|
aa60fb |
|