rpms / slapi-nis

Clone
Source Code
GIT

Blame SOURCES/slapi-0007-back-sch-nss-for-users-with-aliases-return-alias-as-.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   01d2b297adcaaefee7d0eb2203423819a5f95d67
  2.   SOURCES
  3.   slapi-0007-back-sch-nss-for-users-with-aliases-return-alias-as-.patch
Blob History Raw
01d2b2 
From e6f9e2c9282905fa41046379e0bc5c2ac82ae3a9 Mon Sep 17 00:00:00 2001
01d2b2 
From: Alexander Bokovoy <abokovoy@redhat.com>
01d2b2 
Date: Wed, 27 Jul 2016 17:37:14 +0300
01d2b2 
Subject: [PATCH 7/8] back-sch-nss: for users with aliases, return alias as uid
01d2b2
01d2b2 
When SSSD resolves AD users on behalf of slapi-nis, it can accept
01d2b2 
any user identifier, including user principal name (UPN) which
01d2b2 
may be different than the canonical user name which SSSD returns.
01d2b2
01d2b2 
As result, the entry created by slapi-nis will be using canonical user
01d2b2 
name but the filter for search will refer to the original (aliased)
01d2b2 
name. The search will not match the newly created entry.
01d2b2
01d2b2 
Fix this issue by returning two values for 'uid' attribute: the
01d2b2 
canonical one and the aliased one. This way search will match.
01d2b2
01d2b2 
Verified that SSSD with id_provider=ldap happily consumes such entries.
01d2b2 
By LDAP schema, 'uid' attribute can have multiple values.
01d2b2
01d2b2 
Fixes https://fedorahosted.org/slapi-nis/ticket/12
01d2b2 
---
01d2b2 
 src/back-sch-nss.c | 14 ++++++++++++++
01d2b2 
 1 file changed, 14 insertions(+)
01d2b2
01d2b2 
diff --git a/src/back-sch-nss.c b/src/back-sch-nss.c
01d2b2 
index 702590c..db63e59 100644
01d2b2 
--- a/src/back-sch-nss.c
01d2b2 
+++ b/src/back-sch-nss.c
01d2b2 
@@ -230,6 +230,7 @@ backend_build_dn(const char *attribute, const char *value,
01d2b2 
 static Slapi_Entry *
01d2b2 
 backend_make_user_entry_from_nsswitch_passwd(struct passwd *pwd,
01d2b2 
 					     char *container_sdn,
01d2b2 
+					     char *user_name,
01d2b2 
 					     struct backend_search_cbdata *cbdata)
01d2b2 
 {
01d2b2 
 	Slapi_Entry *entry;
01d2b2 
@@ -272,6 +273,18 @@ backend_make_user_entry_from_nsswitch_passwd(struct passwd *pwd,
01d2b2 
 			       "objectClass", "posixAccount");
01d2b2 
 	slapi_entry_add_string(entry,
01d2b2 
 			       "uid", name);
01d2b2 
+	if (user_name != NULL) {
01d2b2 
+		/* For non-NULL original user name check if it was
01d2b2 
+		 * an alias/UPN. If so, add it to the entry.
01d2b2 
+		 * Yes, LDAP schema allows multiple values of 'uid'
01d2b2 
+		 * attribute.
01d2b2 
+		 */
01d2b2 
+		if (slapi_utf8casecmp((unsigned char*) user_name,
01d2b2 
+				      (unsigned char*) name) != 0) {
01d2b2 
+			slapi_entry_add_string(entry, "uid", user_name);
01d2b2 
+		}
01d2b2 
+	}
01d2b2 
+
01d2b2 
 	slapi_entry_attr_set_uint(entry,
01d2b2 
 				 "uidNumber", pwd->pw_uid);
01d2b2 
 	slapi_entry_attr_set_uint(entry,
01d2b2 
@@ -510,6 +523,7 @@ repeat:
01d2b2 
 	}
01d2b2
01d2b2 
 	entry = backend_make_user_entry_from_nsswitch_passwd(&pwd, container_sdn,
01d2b2 
+							     is_uid ? NULL : user_name,
01d2b2 
 							     cbdata);
01d2b2 
 	entries = malloc(sizeof(entries[0]) * 2);
01d2b2 
 	if (entries != NULL) {
01d2b2 
--
01d2b2 
2.7.4
01d2b2

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation