|
|
2fc102 |
From fd56e9302454869c636c2e40322eec52391b4c4f Mon Sep 17 00:00:00 2001
|
|
|
2fc102 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
2fc102 |
Date: Mon, 9 Dec 2013 12:17:43 +0100
|
|
|
2fc102 |
Subject: [PATCH 40/41] Add new option ldap_group_type
|
|
|
2fc102 |
|
|
|
2fc102 |
---
|
|
|
2fc102 |
src/config/SSSDConfig/__init__.py.in | 1 +
|
|
|
2fc102 |
src/config/etc/sssd.api.d/sssd-ad.conf | 1 +
|
|
|
2fc102 |
src/config/etc/sssd.api.d/sssd-ipa.conf | 1 +
|
|
|
2fc102 |
src/config/etc/sssd.api.d/sssd-ldap.conf | 1 +
|
|
|
2fc102 |
src/db/sysdb.h | 1 +
|
|
|
2fc102 |
src/man/sssd-ldap.5.xml | 21 +++++++++++++++++++++
|
|
|
2fc102 |
src/providers/ad/ad_opts.h | 1 +
|
|
|
2fc102 |
src/providers/ipa/ipa_opts.h | 1 +
|
|
|
2fc102 |
src/providers/ldap/ldap_opts.h | 3 +++
|
|
|
2fc102 |
src/providers/ldap/sdap.h | 1 +
|
|
|
2fc102 |
10 files changed, 32 insertions(+)
|
|
|
2fc102 |
|
|
|
2fc102 |
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
|
|
|
2fc102 |
index af5903c65e05411d5773f1f9b1f742fdb832433c..8563a91e7afe680edfa0b9dd951ac7ab5a0fd3b0 100644
|
|
|
2fc102 |
--- a/src/config/SSSDConfig/__init__.py.in
|
|
|
2fc102 |
+++ b/src/config/SSSDConfig/__init__.py.in
|
|
|
2fc102 |
@@ -284,6 +284,7 @@ option_strings = {
|
|
|
2fc102 |
'ldap_group_uuid' : _('Group UUID attribute'),
|
|
|
2fc102 |
'ldap_group_objectsid' : _("objectSID attribute"),
|
|
|
2fc102 |
'ldap_group_modify_timestamp' : _('Modification time attribute for groups'),
|
|
|
2fc102 |
+ 'ldap_group_type' : _('Type of the group and other flags'),
|
|
|
2fc102 |
#replaced by ldap_entry_usn# 'ldap_group_entry_usn' : _('entryUSN attribute'),
|
|
|
2fc102 |
'ldap_group_nesting_level' : _('Maximum nesting level SSSd will follow'),
|
|
|
2fc102 |
|
|
|
2fc102 |
diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
|
|
|
2fc102 |
index 00e8968d2b6dab33a39005f11a497cb3e2185302..6b136f2ec88614092cf1ceb4e2cea79db064d468 100644
|
|
|
2fc102 |
--- a/src/config/etc/sssd.api.d/sssd-ad.conf
|
|
|
2fc102 |
+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
|
|
|
2fc102 |
@@ -91,6 +91,7 @@ ldap_group_uuid = str, None, false
|
|
|
2fc102 |
ldap_group_objectsid = str, None, false
|
|
|
2fc102 |
ldap_group_modify_timestamp = str, None, false
|
|
|
2fc102 |
ldap_group_entry_usn = str, None, false
|
|
|
2fc102 |
+ldap_group_type = int, None, false
|
|
|
2fc102 |
ldap_force_upper_case_realm = bool, None, false
|
|
|
2fc102 |
ldap_group_nesting_level = int, None, false
|
|
|
2fc102 |
ldap_netgroup_search_base = str, None, false
|
|
|
2fc102 |
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
|
|
|
2fc102 |
index bc14fbe3d4153bd7a7ca4ffe0351edf0b8c02ee4..a94b5f09b073c050bff597d66c8164e4f38a9bfe 100644
|
|
|
2fc102 |
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
|
|
|
2fc102 |
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
|
|
|
2fc102 |
@@ -98,6 +98,7 @@ ldap_group_uuid = str, None, false
|
|
|
2fc102 |
ldap_group_objectsid = str, None, false
|
|
|
2fc102 |
ldap_group_modify_timestamp = str, None, false
|
|
|
2fc102 |
ldap_group_entry_usn = str, None, false
|
|
|
2fc102 |
+ldap_group_type = int, None, false
|
|
|
2fc102 |
ldap_force_upper_case_realm = bool, None, false
|
|
|
2fc102 |
ldap_group_nesting_level = int, None, false
|
|
|
2fc102 |
ldap_netgroup_search_base = str, None, false
|
|
|
2fc102 |
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
|
|
|
2fc102 |
index eb239664c49e9d516468c184dfeac190ecf8ddd8..4f5a06800d4ba4dacea08285b9db3abdc44df8f3 100644
|
|
|
2fc102 |
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
|
|
|
2fc102 |
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
|
|
|
2fc102 |
@@ -93,6 +93,7 @@ ldap_group_uuid = str, None, false
|
|
|
2fc102 |
ldap_group_objectsid = str, None, false
|
|
|
2fc102 |
ldap_group_modify_timestamp = str, None, false
|
|
|
2fc102 |
ldap_group_entry_usn = str, None, false
|
|
|
2fc102 |
+ldap_group_type = int, None, false
|
|
|
2fc102 |
ldap_group_nesting_level = int, None, false
|
|
|
2fc102 |
ldap_force_upper_case_realm = bool, None, false
|
|
|
2fc102 |
ldap_netgroup_search_base = str, None, false
|
|
|
2fc102 |
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
|
|
|
2fc102 |
index f1ed8158ccff70f85940d63f247e23451c22c30f..9bcd7be0960fcfa390fb9150594ea84880a14eea 100644
|
|
|
2fc102 |
--- a/src/db/sysdb.h
|
|
|
2fc102 |
+++ b/src/db/sysdb.h
|
|
|
2fc102 |
@@ -76,6 +76,7 @@
|
|
|
2fc102 |
#define SYSDB_POSIX "isPosix"
|
|
|
2fc102 |
#define SYSDB_USER_CATEGORY "userCategory"
|
|
|
2fc102 |
#define SYSDB_HOST_CATEGORY "hostCategory"
|
|
|
2fc102 |
+#define SYSDB_GROUP_TYPE "groupType"
|
|
|
2fc102 |
|
|
|
2fc102 |
#define SYSDB_GECOS "gecos"
|
|
|
2fc102 |
#define SYSDB_LAST_LOGIN "lastLogin"
|
|
|
2fc102 |
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
|
|
|
2fc102 |
index efe22c9d22adccb244fe99603a74eb93dbddea7f..cc58544c38e8ffa779f0a1b22a69caaf3f193ce1 100644
|
|
|
2fc102 |
--- a/src/man/sssd-ldap.5.xml
|
|
|
2fc102 |
+++ b/src/man/sssd-ldap.5.xml
|
|
|
2fc102 |
@@ -849,6 +849,27 @@
|
|
|
2fc102 |
</varlistentry>
|
|
|
2fc102 |
|
|
|
2fc102 |
<varlistentry>
|
|
|
2fc102 |
+ <term>ldap_group_type (integer)</term>
|
|
|
2fc102 |
+ <listitem>
|
|
|
2fc102 |
+ <para>
|
|
|
2fc102 |
+ The LDAP attribute that contains an integer value
|
|
|
2fc102 |
+ indicating the type of the group and maybe other
|
|
|
2fc102 |
+ flags.
|
|
|
2fc102 |
+ </para>
|
|
|
2fc102 |
+ <para>
|
|
|
2fc102 |
+ This attribute is currently only used by the AD
|
|
|
2fc102 |
+ provider to determine if a group is a domain local
|
|
|
2fc102 |
+ groups and has to be filtered out for trusted
|
|
|
2fc102 |
+ domains.
|
|
|
2fc102 |
+ </para>
|
|
|
2fc102 |
+ <para>
|
|
|
2fc102 |
+ Default: groupType in the AD provider, othewise not
|
|
|
2fc102 |
+ set
|
|
|
2fc102 |
+ </para>
|
|
|
2fc102 |
+ </listitem>
|
|
|
2fc102 |
+ </varlistentry>
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+ <varlistentry>
|
|
|
2fc102 |
<term>ldap_group_nesting_level (integer)</term>
|
|
|
2fc102 |
<listitem>
|
|
|
2fc102 |
<para>
|
|
|
2fc102 |
diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h
|
|
|
2fc102 |
index 5b7b1c89f5f45d7cc744a955e6378390948a99fd..0deeec99a9c1944301b80d1f25713b5d0504e88c 100644
|
|
|
2fc102 |
--- a/src/providers/ad/ad_opts.h
|
|
|
2fc102 |
+++ b/src/providers/ad/ad_opts.h
|
|
|
2fc102 |
@@ -209,6 +209,7 @@ struct sdap_attr_map ad_2008r2_group_map[] = {
|
|
|
2fc102 |
{ "ldap_group_objectsid", "objectSID", SYSDB_SID, NULL },
|
|
|
2fc102 |
{ "ldap_group_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL },
|
|
|
2fc102 |
{ "ldap_group_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL },
|
|
|
2fc102 |
+ { "ldap_group_type", "groupType", SYSDB_GROUP_TYPE, NULL },
|
|
|
2fc102 |
SDAP_ATTR_MAP_TERMINATOR
|
|
|
2fc102 |
};
|
|
|
2fc102 |
|
|
|
2fc102 |
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
|
|
|
2fc102 |
index 5ec36c550b166e07a9ed2f2c31474c55d0ecdaee..27dc3e2f977383836c18cb824abceb03c9e9056c 100644
|
|
|
2fc102 |
--- a/src/providers/ipa/ipa_opts.h
|
|
|
2fc102 |
+++ b/src/providers/ipa/ipa_opts.h
|
|
|
2fc102 |
@@ -209,6 +209,7 @@ struct sdap_attr_map ipa_group_map[] = {
|
|
|
2fc102 |
{ "ldap_group_objectsid", "ipaNTSecurityIdentifier", SYSDB_SID_STR, NULL },
|
|
|
2fc102 |
{ "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
|
|
|
2fc102 |
{ "ldap_group_entry_usn", NULL, SYSDB_USN, NULL },
|
|
|
2fc102 |
+ { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL },
|
|
|
2fc102 |
SDAP_ATTR_MAP_TERMINATOR
|
|
|
2fc102 |
};
|
|
|
2fc102 |
|
|
|
2fc102 |
diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h
|
|
|
2fc102 |
index a6c821f3ac3ad951a3b45168b298b96fefb96b60..9593dfd30a81db60b7358c66975871507340aa4b 100644
|
|
|
2fc102 |
--- a/src/providers/ldap/ldap_opts.h
|
|
|
2fc102 |
+++ b/src/providers/ldap/ldap_opts.h
|
|
|
2fc102 |
@@ -187,6 +187,7 @@ struct sdap_attr_map rfc2307_group_map[] = {
|
|
|
2fc102 |
{ "ldap_group_objectsid", NULL, SYSDB_SID, NULL },
|
|
|
2fc102 |
{ "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
|
|
|
2fc102 |
{ "ldap_group_entry_usn", NULL, SYSDB_USN, NULL },
|
|
|
2fc102 |
+ { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL },
|
|
|
2fc102 |
SDAP_ATTR_MAP_TERMINATOR
|
|
|
2fc102 |
};
|
|
|
2fc102 |
|
|
|
2fc102 |
@@ -241,6 +242,7 @@ struct sdap_attr_map rfc2307bis_group_map[] = {
|
|
|
2fc102 |
{ "ldap_group_objectsid", NULL, SYSDB_SID, NULL },
|
|
|
2fc102 |
{ "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
|
|
|
2fc102 |
{ "ldap_group_entry_usn", NULL, SYSDB_USN, NULL },
|
|
|
2fc102 |
+ { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL },
|
|
|
2fc102 |
SDAP_ATTR_MAP_TERMINATOR
|
|
|
2fc102 |
};
|
|
|
2fc102 |
|
|
|
2fc102 |
@@ -293,6 +295,7 @@ struct sdap_attr_map gen_ad2008r2_group_map[] = {
|
|
|
2fc102 |
{ "ldap_group_objectsid", "objectSID", SYSDB_SID, NULL },
|
|
|
2fc102 |
{ "ldap_group_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL },
|
|
|
2fc102 |
{ "ldap_group_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL },
|
|
|
2fc102 |
+ { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL },
|
|
|
2fc102 |
SDAP_ATTR_MAP_TERMINATOR
|
|
|
2fc102 |
};
|
|
|
2fc102 |
|
|
|
2fc102 |
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
|
|
|
2fc102 |
index a7ea94eb810a96b61862bd8cc6fcd800c3e8e0cb..d408be0a65cdd840d8379b7af4c0ab1e67ed3f5c 100644
|
|
|
2fc102 |
--- a/src/providers/ldap/sdap.h
|
|
|
2fc102 |
+++ b/src/providers/ldap/sdap.h
|
|
|
2fc102 |
@@ -296,6 +296,7 @@ enum sdap_group_attrs {
|
|
|
2fc102 |
SDAP_AT_GROUP_OBJECTSID,
|
|
|
2fc102 |
SDAP_AT_GROUP_MODSTAMP,
|
|
|
2fc102 |
SDAP_AT_GROUP_USN,
|
|
|
2fc102 |
+ SDAP_AT_GROUP_TYPE,
|
|
|
2fc102 |
|
|
|
2fc102 |
SDAP_OPTS_GROUP /* attrs counter */
|
|
|
2fc102 |
};
|
|
|
2fc102 |
--
|
|
|
2fc102 |
1.8.4.2
|
|
|
2fc102 |
|