Treat UPGs correctly in winsync replication

IPA winsync plugin failed to replicate users when default user group
was non-posix even though User Private Groups (UPG) were enabled
on the server. Both their uidNumber and gidNumber were empty and
they missed essential object classes. When the default user group
was made posix and UPG was disabled it did not set gidNumber to
the default group gidNumber.

This patch improves this behavior to set gidNumber correctly
according to UPG configuration and the default group status
(posix/non-posix). 4 situations can occur, the following list
specifies what value is assigned to user gidNumber:
 1) Default group posix, UPG enabled: gidNumber = UPG gidNumber
 2) Default group posix, UPG disabled: gidNumber = default
    group gidNumber
 3) Default group non-posix, UPG enabled: gidNumber = UPG gidNumber
 4) Default group non-posix, UPG disabled: an error is printed to
    the dirsrv log as the gidNumber cannot be retrieved. User
    is replicated in the same way as before this patch, i.e.
    without essential object classes.

https://fedorahosted.org/freeipa/ticket/2436

1 files changed, 6 insertions, 0 deletions

diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h
index 939e63c1b..664af32a7 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h
@@ -167,4 +167,10 @@ enum {
    with the same value for samAccountName will be synced
 */
 #define IPA_WINSYNC_FORCE_SYNC "ipaWinSyncForceSync"
+
+/* Path to UPG configuration */
+#define IPA_WINSYNC_UPG_DEF_DN "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,%s"
+#define IPA_WINSYNC_UPG_DEF_ATTR "originfilter"
+#define IPA_WINSYNC_UPG_DEF_DISABLED "(objectclass=disable)"
+
 #endif /* IPA_WINSYNC_H */