LDAP: Make it possible to extend an attribute map

https://fedorahosted.org/sssd/ticket/2073

This commit adds a new option ldap_user_extra_attrs that is unset by
default. When set, the option contains a list of LDAP attributes the LDAP
provider would download and store in addition to the usual set.

The list can either contain LDAP attribute names only, or colon-separated
tuples of LDAP attribute and SSSD cache attribute name. In case only LDAP
attribute name is specified, the attribute is saved to the cache verbatim.
Using a custom SSSD attribute name might be required by environments that
configure several SSSD domains with different LDAP schemas.

Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>

1 files changed, 45 insertions, 0 deletions

diff --git a/src/providers/ldap/ldap_options.c b/src/providers/ldap/ldap_options.c
index 8813572ff..11ed9c31f 100644
--- a/src/providers/ldap/ldap_options.c
+++ b/src/providers/ldap/ldap_options.c
@@ -23,6 +23,44 @@
 #include "providers/ldap/sdap_async_private.h"
 #include "util/crypto/sss_crypto.h"
 
+static int sdap_extend_map_with_list(TALLOC_CTX *mem_ctx,
+                                     struct sdap_options *opts,
+                                     int extra_attr_index,
+                                     struct sdap_attr_map *src_map,
+                                     size_t num_entries,
+                                     struct sdap_attr_map **_map,
+                                     size_t *_new_size)
+{
+    const char *extra_attrs;
+    char **extra_attrs_list;
+    errno_t ret;
+
+    extra_attrs = dp_opt_get_string(opts->basic, extra_attr_index);
+    if (extra_attrs == NULL) {
+        *_map = src_map;
+        *_new_size = num_entries;
+        return EOK;
+    }
+
+    /* split server parm into a list */
+    ret = split_on_separator(mem_ctx, extra_attrs, ',', true, true,
+                             &extra_attrs_list, NULL);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE, "Failed to parse server list!\n");
+        return ret;
+    }
+
+    ret = sdap_extend_map(mem_ctx, src_map,
+                          num_entries, extra_attrs_list,
+                          _map, _new_size);
+    talloc_free(extra_attrs_list);
+    if (ret != EOK) {
+        return ret;
+    }
+
+    return EOK;
+}
+
 int ldap_get_options(TALLOC_CTX *memctx,
                      struct sss_domain_info *dom,
                      struct confdb_ctx *cdb,
@@ -257,6 +295,13 @@ int ldap_get_options(TALLOC_CTX *memctx,
         goto done;
     }
 
+    ret = sdap_extend_map_with_list(opts, opts, SDAP_USER_EXTRA_ATTRS,
+                                    opts->user_map, SDAP_OPTS_USER,
+                                    &opts->user_map, &opts->user_map_cnt);
+    if (ret != EOK) {
+        goto done;
+    }
+
     ret = sdap_get_map(opts, cdb, conf_path,
                        default_group_map,
                        SDAP_OPTS_GROUP,