|
 |
6b9042 |
From 00468e8eebd455ab4e41d4d86772fb5f8a745d0a Mon Sep 17 00:00:00 2001
|
|
|
6b9042 |
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
6b9042 |
Date: Thu, 21 Jan 2016 19:16:30 +0200
|
|
|
6b9042 |
Subject: [PATCH 11/12] idviews: bind with original DN if ID view does not
|
|
|
6b9042 |
override uid attribute
|
|
|
6b9042 |
|
|
|
6b9042 |
With ID Views in FreeIPA one can override different kinds of attributes,
|
|
|
6b9042 |
including the uid. When uid attribute is overriden, LDAP BINDs with
|
|
|
6b9042 |
DNs using new (overridden) uid are properly modified to reference the
|
|
|
6b9042 |
original (non-overridden) object.
|
|
|
6b9042 |
|
|
|
6b9042 |
However, when uid attribute is not overridden, slapi-nis did mistakenly
|
|
|
6b9042 |
avoided to build a reference to the original object without ID view.
|
|
|
6b9042 |
This resulted in inability to do LDAP BIND as overriden DN with original
|
|
|
6b9042 |
uid attribute.
|
|
|
6b9042 |
|
|
|
6b9042 |
Fix the issue by always processing a DN after removing ID view reference
|
|
|
6b9042 |
from it, whether RDN value (uid) was replaced or not.
|
|
|
6b9042 |
|
|
|
6b9042 |
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1301300
|
|
|
6b9042 |
---
|
|
|
6b9042 |
src/back-sch-idview.c | 4 ++--
|
|
|
6b9042 |
src/back-sch.c | 24 ++++++++++++------------
|
|
|
6b9042 |
2 files changed, 14 insertions(+), 14 deletions(-)
|
|
|
6b9042 |
|
|
|
6b9042 |
diff --git a/src/back-sch-idview.c b/src/back-sch-idview.c
|
|
|
6b9042 |
index 8ffab91..8842906 100644
|
|
|
6b9042 |
--- a/src/back-sch-idview.c
|
|
|
6b9042 |
+++ b/src/back-sch-idview.c
|
|
|
6b9042 |
@@ -311,7 +311,7 @@ idview_replace_bval_by_override(const char *bval_usage, const char *attr_name,
|
|
|
6b9042 |
}
|
|
|
6b9042 |
|
|
|
6b9042 |
attr_val = slapi_value_new_berval(bval);
|
|
|
6b9042 |
- slapi_log_error(SLAPI_LOG_FATAL, cbdata->state->plugin_desc->spd_id,
|
|
|
6b9042 |
+ slapi_log_error(SLAPI_LOG_PLUGIN, cbdata->state->plugin_desc->spd_id,
|
|
|
6b9042 |
"Searching for an override of the %s %s with %s=%*s from the overrides\n.",
|
|
|
6b9042 |
bval_usage, attr_name, attr_name, (int) bval->bv_len, bval->bv_val);
|
|
|
6b9042 |
|
|
|
6b9042 |
@@ -347,7 +347,7 @@ idview_replace_bval_by_override(const char *bval_usage, const char *attr_name,
|
|
|
6b9042 |
slapi_ber_bvdone(bval);
|
|
|
6b9042 |
slapi_ber_bvcpy(bval, slapi_value_get_berval(anchor_val));
|
|
|
6b9042 |
anchor_override_found = TRUE;
|
|
|
6b9042 |
- slapi_log_error(SLAPI_LOG_FATAL, cbdata->state->plugin_desc->spd_id,
|
|
|
6b9042 |
+ slapi_log_error(SLAPI_LOG_PLUGIN, cbdata->state->plugin_desc->spd_id,
|
|
|
6b9042 |
"Overriding the %s %s with %s=%*s from the override %s\n.",
|
|
|
6b9042 |
bval_usage, attr_name, IPA_IDVIEWS_ATTR_ANCHORUUID,
|
|
|
6b9042 |
(int) bval->bv_len, bval->bv_val,
|
|
|
6b9042 |
diff --git a/src/back-sch.c b/src/back-sch.c
|
|
|
6b9042 |
index 871734c..9a0e96b 100644
|
|
|
6b9042 |
--- a/src/back-sch.c
|
|
|
6b9042 |
+++ b/src/back-sch.c
|
|
|
6b9042 |
@@ -465,13 +465,13 @@ backend_set_process_external_members(Slapi_PBlock *pb,
|
|
|
6b9042 |
* but as dirsrv was restarted, SSSD might still consider its domain offline. */
|
|
|
6b9042 |
is_group_exists = backend_retrieve_from_nsswitch(&staged, &cbdata);
|
|
|
6b9042 |
if (!is_group_exists) {
|
|
|
6b9042 |
- slapi_log_error(SLAPI_LOG_PLUGIN, plugin_id,
|
|
|
6b9042 |
- "group \"%s\" does not exist because SSSD is offline.",
|
|
|
6b9042 |
+ slapi_log_error(SLAPI_LOG_FATAL, plugin_id,
|
|
|
6b9042 |
+ "group \"%s\" does not exist because SSSD is offline.\n",
|
|
|
6b9042 |
staged.name);
|
|
|
6b9042 |
if (state->ready_to_serve == 0) {
|
|
|
6b9042 |
/* Only wait for SSSD when we populate the original set */
|
|
|
6b9042 |
- slapi_log_error(SLAPI_LOG_PLUGIN, plugin_id,
|
|
|
6b9042 |
- "waiting for SSSD to become online...");
|
|
|
6b9042 |
+ slapi_log_error(SLAPI_LOG_FATAL, plugin_id,
|
|
|
6b9042 |
+ "waiting for SSSD to become online...\n");
|
|
|
6b9042 |
DS_Sleep(PR_SecondsToInterval(35));
|
|
|
6b9042 |
} else {
|
|
|
6b9042 |
break;
|
|
|
6b9042 |
@@ -1609,15 +1609,15 @@ backend_search_cb(Slapi_PBlock *pb)
|
|
|
6b9042 |
{
|
|
|
6b9042 |
struct backend_search_cbdata cbdata;
|
|
|
6b9042 |
struct backend_staged_search *staged, *next;
|
|
|
6b9042 |
- int i, isroot;
|
|
|
6b9042 |
+ int i, isroot, ret;
|
|
|
6b9042 |
|
|
|
6b9042 |
if (wrap_get_call_level() > 0) {
|
|
|
6b9042 |
return 0;
|
|
|
6b9042 |
}
|
|
|
6b9042 |
memset(&cbdata, 0, sizeof(cbdata));
|
|
|
6b9042 |
cbdata.pb = pb;
|
|
|
6b9042 |
- slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &cbdata.state);
|
|
|
6b9042 |
- if (cbdata.state->plugin_base == NULL) {
|
|
|
6b9042 |
+ ret = slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &cbdata.state);
|
|
|
6b9042 |
+ if ((ret == -1) || (cbdata.state->plugin_base == NULL)) {
|
|
|
6b9042 |
/* The plugin was not actually started. */
|
|
|
6b9042 |
return 0;
|
|
|
6b9042 |
}
|
|
|
6b9042 |
@@ -1626,9 +1626,9 @@ backend_search_cb(Slapi_PBlock *pb)
|
|
|
6b9042 |
return 0;
|
|
|
6b9042 |
}
|
|
|
6b9042 |
|
|
|
6b9042 |
- slapi_pblock_get(pb, SLAPI_REQUESTOR_ISROOT, &isroot);
|
|
|
6b9042 |
+ ret = slapi_pblock_get(pb, SLAPI_REQUESTOR_ISROOT, &isroot);
|
|
|
6b9042 |
|
|
|
6b9042 |
- if (slapi_op_internal(pb) || (slapi_is_ldapi_conn(pb) && isroot)) {
|
|
|
6b9042 |
+ if ((ret == -1) || (slapi_op_internal(pb) || (slapi_is_ldapi_conn(pb) && isroot))) {
|
|
|
6b9042 |
/* The plugin should not engage in internal searches of other
|
|
|
6b9042 |
* plugins or ldapi+cn=DM */
|
|
|
6b9042 |
return 0;
|
|
|
6b9042 |
@@ -1959,10 +1959,10 @@ backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char **
|
|
|
6b9042 |
if (res == 1) {
|
|
|
6b9042 |
slapi_rdn_remove_index(rdn, 1);
|
|
|
6b9042 |
slapi_rdn_add(rdn, "uid", bval.bv_val);
|
|
|
6b9042 |
- slapi_sdn_free(&cbdata.target_dn);
|
|
|
6b9042 |
- cbdata.target_dn = slapi_sdn_set_rdn(scbdata.target_dn, rdn);
|
|
|
6b9042 |
- map_data_foreach_map(cbdata.state, NULL, backend_locate_cb, &cbdata);
|
|
|
6b9042 |
}
|
|
|
6b9042 |
+ slapi_sdn_free(&cbdata.target_dn);
|
|
|
6b9042 |
+ cbdata.target_dn = slapi_sdn_set_rdn(scbdata.target_dn, rdn);
|
|
|
6b9042 |
+ map_data_foreach_map(cbdata.state, NULL, backend_locate_cb, &cbdata);
|
|
|
6b9042 |
slapi_ber_bvdone(&bval);
|
|
|
6b9042 |
slapi_rdn_free(&rdn;;
|
|
|
6b9042 |
idview_free_overrides(&scbdata);
|
|
|
6b9042 |
--
|
|
|
6b9042 |
2.5.0
|
|
|
6b9042 |
|