diff options
author | Thierry bordaz (tbordaz) <tbordaz@redhat.com> | 2014-08-08 09:37:23 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2015-04-08 08:19:09 +0200 |
commit | c3ede5f1e9e8b66a3fb7ec12346e71d05a3a5599 (patch) | |
tree | ebdc358b02ba26cb32d04950e6bde96c0ce865d3 | |
parent | b92136cba287e38d9c2f41c3163f5a6b0b62ca17 (diff) | |
download | freeipa-c3ede5f1e9e8b66a3fb7ec12346e71d05a3a5599.tar.gz freeipa-c3ede5f1e9e8b66a3fb7ec12346e71d05a3a5599.tar.xz freeipa-c3ede5f1e9e8b66a3fb7ec12346e71d05a3a5599.zip |
User Life Cycle: Exclude subtree for ipaUniqueID generation
IPA UUID should not generate ipaUniqueID for entries under 'cn=provisioning,SUFFIX'
Add in the configuration the ability to set (optional) 'ipaUuidExcludeSubtree'
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c index 93da0f15b..ffade1467 100644 --- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c +++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c @@ -64,6 +64,7 @@ #define IPAUUID_GENERATE "ipaUuidMagicRegen" #define IPAUUID_FILTER "ipaUuidFilter" #define IPAUUID_SCOPE "ipaUuidScope" +#define IPAUUID_EXCLUDE_SUBTREE "ipaUuidExcludeSubtree" #define IPAUUID_ENFORCE "ipaUuidEnforce" #define IPAUUID_FEATURE_DESC "IPA UUID" @@ -91,6 +92,7 @@ struct configEntry { Slapi_Filter *slapi_filter; char *generate; char *scope; + char *exclude_subtree; bool enforce; }; @@ -537,6 +539,10 @@ ipauuid_parse_config_entry(Slapi_Entry * e, bool apply) } LOG_CONFIG("----------> %s [%s]\n", IPAUUID_SCOPE, entry->scope); + value = slapi_entry_attr_get_charptr(e, IPAUUID_EXCLUDE_SUBTREE); + entry->exclude_subtree = value; + LOG_CONFIG("----------> %s [%s]\n", IPAUUID_EXCLUDE_SUBTREE, entry->exclude_subtree); + entry->enforce = slapi_entry_attr_get_bool(e, IPAUUID_ENFORCE); LOG_CONFIG("----------> %s [%s]\n", IPAUUID_ENFORCE, entry->enforce ? "True" : "False"); @@ -640,6 +646,10 @@ ipauuid_free_config_entry(struct configEntry **entry) slapi_ch_free_string(&e->scope); } + if (e->exclude_subtree) { + slapi_ch_free_string(&e->exclude_subtree); + } + slapi_ch_free((void **)entry); } @@ -918,6 +928,12 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) } } + if (cfgentry->exclude_subtree) { + if (slapi_dn_issuffix(dn, cfgentry->exclude_subtree)) { + continue; + } + } + /* does the entry match the filter? */ if (cfgentry->slapi_filter) { Slapi_Entry *test_e = NULL; |