summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c56
-rw-r--r--install/updates/10-config.update5
2 files changed, 55 insertions, 6 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
index 612d607b8..235b37ac3 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
@@ -64,6 +64,8 @@
#include <ctype.h>
#include "plstr.h"
+static int ipa_winsync_precedence = 0;
+
static void
sync_acct_disable(
void *cbdata, /* the usual domain config data */
@@ -268,7 +270,7 @@ ipa_winsync_pre_ds_add_user_cb(void *cbdata, const Slapi_Entry *rawentry,
if (!type) {
continue; /* should never happen */
}
-
+
if (!slapi_entry_attr_find(ds_entry, type, &e_attr) && e_attr) {
/* already has attribute - add missing values */
Slapi_Value *sv = NULL;
@@ -276,6 +278,14 @@ ipa_winsync_pre_ds_add_user_cb(void *cbdata, const Slapi_Entry *rawentry,
for (ii = slapi_attr_first_value(attr, &sv); ii != -1;
ii = slapi_attr_next_value(attr, ii, &sv))
{
+ if (!PL_strcasecmp(type, "uidNumber") ||
+ !PL_strcasecmp(type, "gidNumber")) {
+ LOG("--> ipa_winsync_pre_ds_add_user_cb -- "
+ "skipping [%s] for new entry [%s]\n",
+ type, slapi_entry_get_dn_const(ds_entry));
+ /* uid or gid already set in AD, skip it */
+ continue;
+ }
if (!slapi_entry_attr_has_syntax_value(ds_entry, type, sv)) {
/* attr-value sv not found in ds_entry; add it */
LOG("--> ipa_winsync_pre_ds_add_user_cb -- "
@@ -290,6 +300,9 @@ ipa_winsync_pre_ds_add_user_cb(void *cbdata, const Slapi_Entry *rawentry,
slapi_attr_get_valueset(attr, &svs); /* makes a copy */
slapi_entry_add_valueset(ds_entry, type, svs);
slapi_valueset_free(svs); /* free the copy */
+ LOG("--> ipa_winsync_pre_ds_add_user_cb -- "
+ "adding attr [%s] to new entry [%s]\n",
+ type, slapi_entry_get_dn_const(ds_entry));
}
}
@@ -383,8 +396,11 @@ ipa_winsync_pre_ds_add_user_cb(void *cbdata, const Slapi_Entry *rawentry,
/* add a loginShell if we have a default */
if (ipaconfig->login_shell) {
- slapi_entry_attr_set_charptr(ds_entry, "loginShell",
- ipaconfig->login_shell);
+ type = "loginShell";
+ if (slapi_entry_attr_find(ds_entry, type, &e_attr) || !e_attr) {
+ slapi_entry_attr_set_charptr(ds_entry, "loginShell",
+ ipaconfig->login_shell);
+ }
}
sync_acct_disable(cbdata, rawentry, ds_entry, ACCT_DISABLE_TO_DS,
@@ -545,6 +561,12 @@ ipa_winsync_destroy_agmt_cb(void *cbdata, const Slapi_DN *ds_subtree,
return;
}
+static int
+ipa_winsync_precedence_cb(void)
+{
+ return ipa_winsync_precedence;
+}
+
static void *ipa_winsync_api[] = {
NULL, /* reserved for api broker use, must be zero */
ipa_winsync_agmt_init,
@@ -565,7 +587,20 @@ static void *ipa_winsync_api[] = {
ipa_winsync_can_add_entry_to_ad_cb,
ipa_winsync_begin_update_cb,
ipa_winsync_end_update_cb,
- ipa_winsync_destroy_agmt_cb
+ ipa_winsync_destroy_agmt_cb,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ ipa_winsync_precedence_cb
};
/**
@@ -602,7 +637,7 @@ ipa_winsync_plugin_start(Slapi_PBlock *pb)
LOG("--> ipa_winsync_plugin_start -- begin\n");
- if( slapi_apib_register(WINSYNC_v1_0_GUID, ipa_winsync_api) ) {
+ if( slapi_apib_register(WINSYNC_v3_0_GUID, ipa_winsync_api) ) {
LOG_FATAL("<-- ipa_winsync_plugin_start -- failed to register winsync api -- end\n");
return -1;
}
@@ -626,7 +661,7 @@ ipa_winsync_plugin_close(Slapi_PBlock *pb)
{
LOG("--> ipa_winsync_plugin_close -- begin\n");
- slapi_apib_unregister(WINSYNC_v1_0_GUID);
+ slapi_apib_unregister(WINSYNC_v3_0_GUID);
LOG("<-- ipa_winsync_plugin_close -- end\n");
return 0;
@@ -638,6 +673,15 @@ ipa_winsync_plugin_close(Slapi_PBlock *pb)
int ipa_winsync_plugin_init(Slapi_PBlock *pb)
{
void *plugin_id = NULL;
+ Slapi_Entry *config = NULL;
+
+ if (slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_ENTRY, &config) && config) {
+ ipa_winsync_precedence = slapi_entry_attr_get_int(config, "nsslapd-pluginprecedence");
+ if (!ipa_winsync_precedence) {
+ /* Make sure we have a higher precedence by default */
+ ipa_winsync_precedence = WINSYNC_PLUGIN_DEFAULT_PRECEDENCE + 10;
+ }
+ }
LOG("--> ipa_winsync_plugin_init -- begin\n");
diff --git a/install/updates/10-config.update b/install/updates/10-config.update
index ecddb812f..e377689ea 100644
--- a/install/updates/10-config.update
+++ b/install/updates/10-config.update
@@ -42,3 +42,8 @@ add:nsslapd-defaultNamingContext:'$SUFFIX'
# Allow the root DSE to be searched even with minssf set
dn: cn=config
only:nsslapd-minssf-exclude-rootdse:on
+
+# Set the IPA winsync precedence so it will run after the DS
+# POSIX winsync plugin
+dn: cn=ipa-winsync,cn=plugins,cn=config
+only: nsslapd-pluginPrecedence: 60