diff options
| author | Sumit Bose <sbose@redhat.com> | 2014-10-24 15:41:04 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-11-05 15:17:14 +0100 |
| commit | 1f7844eb0aa4b19247533aa83f1cb4876396c738 (patch) | |
| tree | afa4ccf59efaf6f2e980f79c70c71db73b682246 | |
| parent | 9ce7a46f6578a86b72f20acd7b0e55b1b4ebea09 (diff) | |
| download | sssd-1f7844eb0aa4b19247533aa83f1cb4876396c738.tar.gz sssd-1f7844eb0aa4b19247533aa83f1cb4876396c738.tar.xz sssd-1f7844eb0aa4b19247533aa83f1cb4876396c738.zip | |
IPA: inherit ldap_user_extra_attrs to AD subdomains
Currently the component of the IPA provider which reads the AD user and
group attributes in ipa-server-mode uses default settings for the LDAP
related attributes. As a result even if ldap_user_extra_attrs is defined
in sssd.conf no extra attributes are read from AD.
With the patch the value if ldap_user_extra_attrs is inherited to the AD
subdomains to allow them to read extra attributes as well.
Related to https://fedorahosted.org/sssd/ticket/2464
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
| -rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index c61c1c666..9281aab1b 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -109,6 +109,7 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx, char *ad_domain; struct sdap_domain *sdom; errno_t ret; + const char *extra_attrs; ad_options = ad_create_default_options(id_ctx, id_ctx->server_mode->realm, id_ctx->server_mode->hostname); @@ -135,6 +136,36 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx, return ret; } + extra_attrs = dp_opt_get_string(id_ctx->sdap_id_ctx->opts->basic, + SDAP_USER_EXTRA_ATTRS); + if (extra_attrs != NULL) { + DEBUG(SSSDBG_TRACE_ALL, + "Setting extra attrs for subdomain [%s] to [%s].\n", ad_domain, + extra_attrs); + + ret = dp_opt_set_string(ad_options->id->basic, SDAP_USER_EXTRA_ATTRS, + extra_attrs); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "dp_opt_get_string failed.\n"); + talloc_free(ad_options); + return ret; + } + + ret = sdap_extend_map_with_list(ad_options->id, ad_options->id, + SDAP_USER_EXTRA_ATTRS, + ad_options->id->user_map, + SDAP_OPTS_USER, + &ad_options->id->user_map, + &ad_options->id->user_map_cnt); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sdap_extend_map_with_list failed.\n"); + talloc_free(ad_options); + return ret; + } + } else { + DEBUG(SSSDBG_TRACE_ALL, "No extra attrs set.\n"); + } + gc_service_name = talloc_asprintf(ad_options, "%s%s", "gc_", subdom->name); if (gc_service_name == NULL) { talloc_free(ad_options); |