diff options
| author | Sumit Bose <sbose@redhat.com> | 2014-07-07 13:40:07 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-09-01 13:56:57 +0200 |
| commit | 25a387c2e90c74b27a26ea207503df8e4b6a1a76 (patch) | |
| tree | 1fc57876c605c43ed5f8fffee3a8350c545b8369 /src/providers/ldap/sdap_async_initgroups.c | |
| parent | 84d50b69d286f041aa96a948b008d311d8755075 (diff) | |
| download | sssd-25a387c2e90c74b27a26ea207503df8e4b6a1a76.tar.gz sssd-25a387c2e90c74b27a26ea207503df8e4b6a1a76.tar.xz sssd-25a387c2e90c74b27a26ea207503df8e4b6a1a76.zip | |
LDAP: If extra_value is 'U' do a UPN search
Besides the name the responders always send an extra string attribute to
the backends which is so far mostly empty. Since the only difference in
the processing of a request for a user name or a user principal name is
a different search attribute in the LDAP provider this extra value can
be used to indicate the type of the name. Providers which do not support
UPN lookup can just ignore this attribute.
Related to https://fedorahosted.org/sssd/ticket/1749
Diffstat (limited to 'src/providers/ldap/sdap_async_initgroups.c')
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 62e76cc4a..f96dfe0ff 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2616,6 +2616,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, const char *name, + const char *extra_value, const char **grp_attrs) { struct tevent_req *req; @@ -2623,6 +2624,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, int ret; char *clean_name; bool use_id_mapping; + const char *search_attr; DEBUG(SSSDBG_TRACE_ALL, "Retrieving info for initgroups call\n"); @@ -2661,10 +2663,15 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, return NULL; } + if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) { + search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name; + } else { + search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name; + } + state->user_base_filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)", - state->opts->user_map[SDAP_AT_USER_NAME].name, - clean_name, + search_attr, clean_name, state->opts->user_map[SDAP_OC_USER].name); if (!state->user_base_filter) { talloc_zfree(req); |