summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-03-13 10:07:25 -0400
committerStephen Gallagher <sgallagh@redhat.com>2012-03-14 13:53:34 -0400
commit5363682fb2f4ed7fd0112ac46bb603424179acb7 (patch)
treede5b071426ff60382e00537ec8ff3a1f39a81282
parent2ea6196484055397cc4bc011c5960f790431fa9d (diff)
downloadsssd-5363682fb2f4ed7fd0112ac46bb603424179acb7.tar.gz
sssd-5363682fb2f4ed7fd0112ac46bb603424179acb7.tar.xz
sssd-5363682fb2f4ed7fd0112ac46bb603424179acb7.zip
LDAP: Add AD 2008r2 schema
https://fedorahosted.org/sssd/ticket/1031
-rw-r--r--src/man/sssd-ldap.5.xml5
-rw-r--r--src/providers/ldap/ldap_common.c51
2 files changed, 53 insertions, 3 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 4fd4841e9..46ee8372b 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -164,10 +164,11 @@
attribute names retrieved from the servers may vary.
The way that some attributes are handled may also differ.
- Three schema types are currently supported:
+ Four schema types are currently supported:
rfc2307
rfc2307bis
IPA
+ AD
The main difference between these schema types is
how group memberships are recorded in the server.
@@ -175,6 +176,8 @@
<emphasis>memberUid</emphasis> attribute.
With rfc2307bis and IPA, group members are listed by DN
and stored in the <emphasis>member</emphasis> attribute.
+ The AD schema type sets the attributes to correspond with
+ Active Directory 2008r2 values.
</para>
<para>
Default: rfc2307
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 69d1bc2bc..22d375539 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -215,6 +215,53 @@ struct sdap_attr_map rfc2307bis_group_map[] = {
{ "ldap_group_entry_usn", NULL, SYSDB_USN, NULL }
};
+struct sdap_attr_map ad2008r2_user_map[] = {
+ { "ldap_user_object_class", "user", SYSDB_USER_CLASS, NULL },
+ { "ldap_user_name", "sAMAccountName", SYSDB_NAME, NULL },
+ { "ldap_user_pwd", "unixUserPassword", SYSDB_PWD, NULL },
+ { "ldap_user_uid_number", "uidNumber", SYSDB_UIDNUM, NULL },
+ { "ldap_user_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
+ { "ldap_user_gecos", "gecos", SYSDB_GECOS, NULL },
+ { "ldap_user_home_directory", "unixHomeDirectory", SYSDB_HOMEDIR, NULL },
+ { "ldap_user_shell", "loginShell", SYSDB_SHELL, NULL },
+ { "ldap_user_principal", "userPrincipalName", SYSDB_UPN, NULL },
+ { "ldap_user_fullname", "name", SYSDB_FULLNAME, NULL },
+ { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL },
+ { "ldap_user_uuid", "objectGUID", SYSDB_UUID, NULL },
+ { "ldap_user_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL },
+ { "ldap_user_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL },
+ { "ldap_user_shadow_last_change", NULL, SYSDB_SHADOWPW_LASTCHANGE, NULL },
+ { "ldap_user_shadow_min", NULL, SYSDB_SHADOWPW_MIN, NULL },
+ { "ldap_user_shadow_max", NULL, SYSDB_SHADOWPW_MAX, NULL },
+ { "ldap_user_shadow_warning", NULL, SYSDB_SHADOWPW_WARNING, NULL },
+ { "ldap_user_shadow_inactive", NULL, SYSDB_SHADOWPW_INACTIVE, NULL },
+ { "ldap_user_shadow_expire", NULL, SYSDB_SHADOWPW_EXPIRE, NULL },
+ { "ldap_user_shadow_flag", NULL, SYSDB_SHADOWPW_FLAG, NULL },
+ { "ldap_user_krb_last_pwd_change", NULL, SYSDB_KRBPW_LASTCHANGE, NULL },
+ { "ldap_user_krb_password_expiration", NULL, SYSDB_KRBPW_EXPIRATION, NULL },
+ { "ldap_pwd_attribute", NULL, SYSDB_PWD_ATTRIBUTE, NULL },
+ { "ldap_user_authorized_service", NULL, SYSDB_AUTHORIZED_SERVICE, NULL },
+ { "ldap_user_ad_account_expires", "accountExpires", SYSDB_AD_ACCOUNT_EXPIRES, NULL},
+ { "ldap_user_ad_user_account_control", "userAccountControl", SYSDB_AD_USER_ACCOUNT_CONTROL, NULL},
+ { "ldap_ns_account_lock", NULL, SYSDB_NS_ACCOUNT_LOCK, NULL},
+ { "ldap_user_authorized_host", NULL, SYSDB_AUTHORIZED_HOST, NULL },
+ { "ldap_user_nds_login_disabled", NULL, SYSDB_NDS_LOGIN_DISABLED, NULL },
+ { "ldap_user_nds_login_expiration_time", NULL, SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL },
+ { "ldap_user_nds_login_allowed_time_map", NULL, SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL },
+ { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL }
+};
+
+struct sdap_attr_map ad2008r2_group_map[] = {
+ { "ldap_group_object_class", "group", SYSDB_GROUP_CLASS, NULL },
+ { "ldap_group_name", "name", SYSDB_NAME, NULL },
+ { "ldap_group_pwd", NULL, SYSDB_PWD, NULL },
+ { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
+ { "ldap_group_member", "member", SYSDB_MEMBER, NULL },
+ { "ldap_group_uuid", "objectGUID", SYSDB_UUID, NULL },
+ { "ldap_group_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL },
+ { "ldap_group_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL }
+};
+
struct sdap_attr_map netgroup_map[] = {
{ "ldap_netgroup_object_class", "nisNetgroup", SYSDB_NETGROUP_CLASS, NULL },
{ "ldap_netgroup_name", "cn", SYSDB_NAME, NULL },
@@ -466,8 +513,8 @@ int ldap_get_options(TALLOC_CTX *memctx,
if (strcasecmp(schema, "AD") == 0) {
opts->schema_type = SDAP_SCHEMA_AD;
default_attr_map = gen_ad_attr_map;
- default_user_map = rfc2307bis_user_map;
- default_group_map = rfc2307bis_group_map;
+ default_user_map = ad2008r2_user_map;
+ default_group_map = ad2008r2_group_map;
default_netgroup_map = netgroup_map;
default_service_map = service_map;
} else {