diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2016-01-15 16:16:00 +0200 |
---|---|---|
committer | Alexander Bokovoy <abokovoy@redhat.com> | 2016-01-15 17:22:42 +0200 |
commit | f54d461a8678a490a0fd757f242d4aa756516e61 (patch) | |
tree | e07d254b8f99e087e28de99abaca1da77cd96747 | |
parent | 38fc0024c2669006a4d71a722a75cf2aeeb3e4bf (diff) | |
download | slapi-nis-f54d461a8678a490a0fd757f242d4aa756516e61.tar.gz slapi-nis-f54d461a8678a490a0fd757f242d4aa756516e61.tar.xz slapi-nis-f54d461a8678a490a0fd757f242d4aa756516e61.zip |
nss: force lower case for memberUid attribute as per RFC2307
When memberUid attribute is generated, it has to be normalized or
otherwise searches for members against groups in compat tree will fail.
slapi-nis already normalizes elements of a search filter that mention
memberUid attribute values but the original memberUid value should be
normalized as well.
-rw-r--r-- | src/back-sch-nss.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/src/back-sch-nss.c b/src/back-sch-nss.c index 16d4164..702590c 100644 --- a/src/back-sch-nss.c +++ b/src/back-sch-nss.c @@ -246,8 +246,8 @@ backend_make_user_entry_from_nsswitch_passwd(struct passwd *pwd, return NULL; } - dn = backend_build_dn("uid", pwd->pw_name, container_sdn); - if (dn == NULL) { + name = (char *) slapi_utf8StrToLower((unsigned char *) pwd->pw_name); + if (name == NULL) { slapi_log_error(SLAPI_LOG_FATAL, cbdata->state->plugin_desc->spd_id, "error building DN for uid=%s,%s skipping\n", @@ -256,12 +256,22 @@ backend_make_user_entry_from_nsswitch_passwd(struct passwd *pwd, return NULL; } + dn = backend_build_dn("uid", name, container_sdn); + if (dn == NULL) { + slapi_log_error(SLAPI_LOG_FATAL, + cbdata->state->plugin_desc->spd_id, + "error building DN for uid=%s,%s skipping\n", + name, container_sdn); + slapi_entry_free(entry); + return NULL; + } + slapi_entry_add_string(entry, "objectClass", "top"); slapi_entry_add_string(entry, "objectClass", "posixAccount"); slapi_entry_add_string(entry, - "uid", pwd->pw_name); + "uid", name); slapi_entry_attr_set_uint(entry, "uidNumber", pwd->pw_uid); slapi_entry_attr_set_uint(entry, @@ -286,6 +296,7 @@ backend_make_user_entry_from_nsswitch_passwd(struct passwd *pwd, } slapi_entry_set_dn(entry, dn); + slapi_ch_free_string(&name); #ifdef HAVE_SSS_NSS_IDMAP rc = sss_nss_getsidbyid(pwd->pw_uid, &sid_str, &id_type); @@ -520,6 +531,7 @@ backend_make_group_entry_from_nsswitch_group(struct group *grp, Slapi_Entry *entry; int rc, i; char *dn = NULL; + char *name = NULL; #ifdef HAVE_SSS_NSS_IDMAP enum sss_id_type id_type; char *sid_str; @@ -551,7 +563,9 @@ backend_make_group_entry_from_nsswitch_group(struct group *grp, if (grp->gr_mem) { for (i=0; grp->gr_mem[i]; i++) { - slapi_entry_add_string(entry, "memberUid", grp->gr_mem[i]); + name = (char *) slapi_utf8StrToLower((unsigned char*) grp->gr_mem[i]); + slapi_entry_add_string(entry, "memberUid", name); + slapi_ch_free_string(&name); } } |