summaryrefslogtreecommitdiffstats
path: root/daemons/ipa-slapi-plugins/ipa-winsync
diff options
context:
space:
mode:
Diffstat (limited to 'daemons/ipa-slapi-plugins/ipa-winsync')
-rw-r--r--daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif1
-rw-r--r--daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c53
-rw-r--r--daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c6
-rw-r--r--daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h7
4 files changed, 66 insertions, 1 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
index 5b5c56ac..e1e397f9 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
@@ -19,6 +19,7 @@ ipaWinSyncNewEntryFilter: (cn=ipaConfig)
ipaWinSyncNewUserOCAttr: ipauserobjectclasses
ipaWinSyncUserFlatten: true
ipaWinsyncHomeDirAttr: ipaHomesRootDir
+ipaWinsyncLoginShellAttr: ipaDefaultLoginShell
ipaWinSyncDefaultGroupAttr: ipaDefaultPrimaryGroup
ipaWinSyncDefaultGroupFilter: (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
ipaWinSyncAcctDisable: both
diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c
index a61cabb1..b089d3d1 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c
@@ -238,6 +238,15 @@ ipa_winsync_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_E
goto done2;
}
+ /* get login_shell_attr */
+ if (slapi_entry_attr_find(e, IPA_WINSYNC_LOGIN_SHELL_ATTR,
+ &testattr) ||
+ (NULL == testattr)) {
+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
+ "Warning: no value given for %s",
+ IPA_WINSYNC_LOGIN_SHELL_ATTR);
+ }
+
/* get default_group_attr */
if (slapi_entry_attr_find(e, IPA_WINSYNC_DEFAULTGROUP_ATTR,
&testattr) ||
@@ -372,6 +381,7 @@ ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
char *new_entry_filter = NULL;
char *new_user_oc_attr = NULL; /* don't care about groups for now */
char *homedir_prefix_attr = NULL;
+ char *login_shell_attr = NULL;
char *default_group_attr = NULL;
char *default_group_filter = NULL;
char *acct_disable = NULL;
@@ -436,6 +446,15 @@ ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
goto done3;
}
+ /* get login_shell_attr */
+ login_shell_attr = slapi_entry_attr_get_charptr(e,
+ IPA_WINSYNC_LOGIN_SHELL_ATTR);
+ if (!login_shell_attr) {
+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
+ "Warning: no value given for %s",
+ IPA_WINSYNC_LOGIN_SHELL_ATTR);
+ }
+
/* get default_group_attr */
if (!(default_group_attr = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_DEFAULTGROUP_ATTR))) {
@@ -567,6 +586,11 @@ ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
slapi_ch_free_string(&theConfig.homedir_prefix_attr);
theConfig.homedir_prefix_attr = homedir_prefix_attr;
homedir_prefix_attr = NULL;
+ if (login_shell_attr) {
+ slapi_ch_free_string(&theConfig.login_shell_attr);
+ theConfig.login_shell_attr = login_shell_attr;
+ login_shell_attr = NULL;
+ }
slapi_ch_free_string(&theConfig.default_group_attr);
theConfig.default_group_attr = default_group_attr;
default_group_attr = NULL;
@@ -594,6 +618,7 @@ done3:
slapi_ch_free_string(&new_entry_filter);
slapi_ch_free_string(&new_user_oc_attr);
slapi_ch_free_string(&homedir_prefix_attr);
+ slapi_ch_free_string(&login_shell_attr);
slapi_ch_free_string(&default_group_attr);
slapi_ch_free_string(&default_group_filter);
slapi_ch_array_free(attrsvals);
@@ -636,6 +661,7 @@ ipa_winsync_config_destroy_domain(
iwdc->domain_e = NULL;
slapi_ch_free_string(&iwdc->realm_name);
slapi_ch_free_string(&iwdc->homedir_prefix);
+ slapi_ch_free_string(&iwdc->login_shell);
slapi_ch_free_string(&iwdc->inactivated_group_dn);
slapi_ch_free_string(&iwdc->activated_group_dn);
slapi_ch_free((void **)&iwdc);
@@ -752,6 +778,7 @@ ipa_winsync_config_refresh_domain(
char *new_entry_filter = NULL;
char *new_user_oc_attr = NULL; /* don't care about groups for now */
char *homedir_prefix_attr = NULL;
+ char *login_shell_attr = NULL;
char *default_group_attr = NULL;
char *default_group_filter = NULL;
char *default_group_name = NULL;
@@ -774,6 +801,9 @@ ipa_winsync_config_refresh_domain(
new_entry_filter = slapi_ch_strdup(theConfig.new_entry_filter);
new_user_oc_attr = slapi_ch_strdup(theConfig.new_user_oc_attr);
homedir_prefix_attr = slapi_ch_strdup(theConfig.homedir_prefix_attr);
+ if (theConfig.login_shell_attr) {
+ login_shell_attr = slapi_ch_strdup(theConfig.login_shell_attr);
+ }
default_group_attr = slapi_ch_strdup(theConfig.default_group_attr);
default_group_filter = slapi_ch_strdup(theConfig.default_group_filter);
acct_disable = theConfig.acct_disable;
@@ -840,6 +870,27 @@ ipa_winsync_config_refresh_domain(
goto out;
}
+ /* get the login shell value */
+ /* note - this is in the same entry as the new entry template, so
+ use the same filter */
+ slapi_ch_free_string(&iwdc->login_shell);
+ if (login_shell_attr) {
+ ret = internal_find_entry_get_attr_val(config_dn, search_scope,
+ new_entry_filter,
+ login_shell_attr,
+ NULL, &iwdc->login_shell);
+ if (!iwdc->login_shell) {
+ LOG("Warning: could not find the entry containing the login shell "
+ "attribute for ds subtree [%s] filter [%s] attr [%s]\n",
+ slapi_sdn_get_dn(ds_subtree), new_entry_filter,
+ login_shell_attr);
+ }
+ }
+ if (!iwdc->login_shell) {
+ /* could not find the login shell or was not configured */
+ LOG("Warning: no login shell configured!");
+ }
+
/* find the default group - the entry above contains the group name, but
we need the gidNumber for posixAccount - so first find the entry
and attr value which has the group name, then lookup the group
@@ -939,6 +990,7 @@ out:
slapi_ch_free_string(&new_entry_filter);
slapi_ch_free_string(&new_user_oc_attr);
slapi_ch_free_string(&homedir_prefix_attr);
+ slapi_ch_free_string(&login_shell_attr);
slapi_ch_free_string(&default_group_attr);
slapi_ch_free_string(&default_group_filter);
slapi_ch_free_string(&default_group_name);
@@ -952,6 +1004,7 @@ out:
if (LDAP_SUCCESS != ret) {
slapi_ch_free_string(&iwdc->realm_name);
slapi_ch_free_string(&iwdc->homedir_prefix);
+ slapi_ch_free_string(&iwdc->login_shell);
slapi_entry_free(iwdc->domain_e);
iwdc->domain_e = NULL;
}
diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
index 3816ff56..2c0f4d1d 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
@@ -350,6 +350,12 @@ ipa_winsync_pre_ds_add_user_cb(void *cbdata, const Slapi_Entry *rawentry,
}
}
+ /* add a loginShell if we have a default */
+ if (ipaconfig->login_shell) {
+ slapi_entry_attr_set_charptr(ds_entry, "loginShell",
+ ipaconfig->login_shell);
+ }
+
sync_acct_disable(cbdata, rawentry, ds_entry, ACCT_DISABLE_TO_DS,
ds_entry, NULL, NULL);
LOG("<-- ipa_winsync_pre_ds_add_user_cb -- end\n");
diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h
index eb2a14b7..8f79dc64 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h
@@ -68,6 +68,7 @@ typedef struct ipa_winsync_config_struct {
char *new_entry_filter;
char *new_user_oc_attr; /* don't care about groups for now */
char *homedir_prefix_attr;
+ char *login_shell_attr;
char *default_group_attr;
char *default_group_filter;
int acct_disable; /* see below for possible values */
@@ -84,6 +85,7 @@ typedef struct ipa_winsync_domain_config {
Slapi_Entry *domain_e; /* info is stored in this entry */
char *realm_name; /* realm name */
char *homedir_prefix;
+ char *login_shell;
char *inactivated_group_dn; /* DN of inactivated group */
char *activated_group_dn; /* DN of activated group */
} IPA_WinSync_Domain_Config;
@@ -124,7 +126,10 @@ void ipa_winsync_config_destroy_domain(void *cbdata, const Slapi_DN *ds_subtree,
#define IPA_WINSYNC_NEW_USER_ATTRS_VALS "ipaWinSyncUserAttr"
/* name of attribute holding the name of the attribute which
has the homeDirectory prefix - suffix is the uid */
-#define IPA_WINSYNC_HOMEDIR_PREFIX_ATTR "ipaWinsyncHomeDirAttr"
+#define IPA_WINSYNC_HOMEDIR_PREFIX_ATTR "ipaWinSyncHomeDirAttr"
+/* name of attribute holding the name of the attribute which
+ has the loginShell value */
+#define IPA_WINSYNC_LOGIN_SHELL_ATTR "ipaWinSyncLoginShellAttr"
/* name of attribute holding the name of the attribute which is
used to get the default posix gidNumber */
#define IPA_WINSYNC_DEFAULTGROUP_ATTR "ipaWinSyncDefaultGroupAttr"