diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2012-03-13 10:07:25 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-03-14 13:53:34 -0400 |
commit | 5363682fb2f4ed7fd0112ac46bb603424179acb7 (patch) | |
tree | de5b071426ff60382e00537ec8ff3a1f39a81282 | |
parent | 2ea6196484055397cc4bc011c5960f790431fa9d (diff) | |
download | sssd-5363682fb2f4ed7fd0112ac46bb603424179acb7.tar.gz sssd-5363682fb2f4ed7fd0112ac46bb603424179acb7.tar.xz sssd-5363682fb2f4ed7fd0112ac46bb603424179acb7.zip |
LDAP: Add AD 2008r2 schema
https://fedorahosted.org/sssd/ticket/1031
-rw-r--r-- | src/man/sssd-ldap.5.xml | 5 | ||||
-rw-r--r-- | src/providers/ldap/ldap_common.c | 51 |
2 files changed, 53 insertions, 3 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 4fd4841e9..46ee8372b 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -164,10 +164,11 @@ attribute names retrieved from the servers may vary. The way that some attributes are handled may also differ. - Three schema types are currently supported: + Four schema types are currently supported: rfc2307 rfc2307bis IPA + AD The main difference between these schema types is how group memberships are recorded in the server. @@ -175,6 +176,8 @@ <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group members are listed by DN and stored in the <emphasis>member</emphasis> attribute. + The AD schema type sets the attributes to correspond with + Active Directory 2008r2 values. </para> <para> Default: rfc2307 diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 69d1bc2bc..22d375539 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -215,6 +215,53 @@ struct sdap_attr_map rfc2307bis_group_map[] = { { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL } }; +struct sdap_attr_map ad2008r2_user_map[] = { + { "ldap_user_object_class", "user", SYSDB_USER_CLASS, NULL }, + { "ldap_user_name", "sAMAccountName", SYSDB_NAME, NULL }, + { "ldap_user_pwd", "unixUserPassword", SYSDB_PWD, NULL }, + { "ldap_user_uid_number", "uidNumber", SYSDB_UIDNUM, NULL }, + { "ldap_user_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, + { "ldap_user_gecos", "gecos", SYSDB_GECOS, NULL }, + { "ldap_user_home_directory", "unixHomeDirectory", SYSDB_HOMEDIR, NULL }, + { "ldap_user_shell", "loginShell", SYSDB_SHELL, NULL }, + { "ldap_user_principal", "userPrincipalName", SYSDB_UPN, NULL }, + { "ldap_user_fullname", "name", SYSDB_FULLNAME, NULL }, + { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL }, + { "ldap_user_uuid", "objectGUID", SYSDB_UUID, NULL }, + { "ldap_user_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL }, + { "ldap_user_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL }, + { "ldap_user_shadow_last_change", NULL, SYSDB_SHADOWPW_LASTCHANGE, NULL }, + { "ldap_user_shadow_min", NULL, SYSDB_SHADOWPW_MIN, NULL }, + { "ldap_user_shadow_max", NULL, SYSDB_SHADOWPW_MAX, NULL }, + { "ldap_user_shadow_warning", NULL, SYSDB_SHADOWPW_WARNING, NULL }, + { "ldap_user_shadow_inactive", NULL, SYSDB_SHADOWPW_INACTIVE, NULL }, + { "ldap_user_shadow_expire", NULL, SYSDB_SHADOWPW_EXPIRE, NULL }, + { "ldap_user_shadow_flag", NULL, SYSDB_SHADOWPW_FLAG, NULL }, + { "ldap_user_krb_last_pwd_change", NULL, SYSDB_KRBPW_LASTCHANGE, NULL }, + { "ldap_user_krb_password_expiration", NULL, SYSDB_KRBPW_EXPIRATION, NULL }, + { "ldap_pwd_attribute", NULL, SYSDB_PWD_ATTRIBUTE, NULL }, + { "ldap_user_authorized_service", NULL, SYSDB_AUTHORIZED_SERVICE, NULL }, + { "ldap_user_ad_account_expires", "accountExpires", SYSDB_AD_ACCOUNT_EXPIRES, NULL}, + { "ldap_user_ad_user_account_control", "userAccountControl", SYSDB_AD_USER_ACCOUNT_CONTROL, NULL}, + { "ldap_ns_account_lock", NULL, SYSDB_NS_ACCOUNT_LOCK, NULL}, + { "ldap_user_authorized_host", NULL, SYSDB_AUTHORIZED_HOST, NULL }, + { "ldap_user_nds_login_disabled", NULL, SYSDB_NDS_LOGIN_DISABLED, NULL }, + { "ldap_user_nds_login_expiration_time", NULL, SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL }, + { "ldap_user_nds_login_allowed_time_map", NULL, SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }, + { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL } +}; + +struct sdap_attr_map ad2008r2_group_map[] = { + { "ldap_group_object_class", "group", SYSDB_GROUP_CLASS, NULL }, + { "ldap_group_name", "name", SYSDB_NAME, NULL }, + { "ldap_group_pwd", NULL, SYSDB_PWD, NULL }, + { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, + { "ldap_group_member", "member", SYSDB_MEMBER, NULL }, + { "ldap_group_uuid", "objectGUID", SYSDB_UUID, NULL }, + { "ldap_group_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL }, + { "ldap_group_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL } +}; + struct sdap_attr_map netgroup_map[] = { { "ldap_netgroup_object_class", "nisNetgroup", SYSDB_NETGROUP_CLASS, NULL }, { "ldap_netgroup_name", "cn", SYSDB_NAME, NULL }, @@ -466,8 +513,8 @@ int ldap_get_options(TALLOC_CTX *memctx, if (strcasecmp(schema, "AD") == 0) { opts->schema_type = SDAP_SCHEMA_AD; default_attr_map = gen_ad_attr_map; - default_user_map = rfc2307bis_user_map; - default_group_map = rfc2307bis_group_map; + default_user_map = ad2008r2_user_map; + default_group_map = ad2008r2_group_map; default_netgroup_map = netgroup_map; default_service_map = service_map; } else { |