summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-04-22 14:05:30 -0400
committerStephen Gallagher <sgallagh@redhat.com>2012-05-03 14:09:14 -0400
commit8538f3d5109c548049c344fa042684d9d40f04d6 (patch)
tree743be517d7c932569a05e1e61a68cff05c2f6680 /src/providers/ldap
parentd0a10e530823d6d8eff31ef164eee9ba2fb71c63 (diff)
downloadsssd-8538f3d5109c548049c344fa042684d9d40f04d6.tar.gz
sssd-8538f3d5109c548049c344fa042684d9d40f04d6.tar.xz
sssd-8538f3d5109c548049c344fa042684d9d40f04d6.zip
LDAP: Enable looking up ID-mapped users by name
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/ldap_common.h1
-rw-r--r--src/providers/ldap/sdap_async_users.c63
2 files changed, 55 insertions, 9 deletions
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
index 58054afe6..44c53ed94 100644
--- a/src/providers/ldap/ldap_common.h
+++ b/src/providers/ldap/ldap_common.h
@@ -27,6 +27,7 @@
#include "providers/ldap/sdap_id_op.h"
#include "providers/fail_over.h"
#include "providers/krb5/krb5_common.h"
+#include "lib/idmap/sss_idmap.h"
#define PWD_POL_OPT_NONE "none"
#define PWD_POL_OPT_SHADOW "shadow"
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index 200670404..5f8875a58 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -25,6 +25,7 @@
#include "db/sysdb.h"
#include "providers/ldap/sdap_async_private.h"
#include "providers/ldap/ldap_common.h"
+#include "providers/ldap/sdap_idmap.h"
/* ==Save-User-Entry====================================================== */
@@ -54,6 +55,10 @@ int sdap_save_user(TALLOC_CTX *memctx,
char *usn_value = NULL;
char **missing = NULL;
TALLOC_CTX *tmpctx = NULL;
+ bool use_id_mapping = dp_opt_get_bool(opts->basic, SDAP_ID_MAPPING);
+ struct dom_sid *dom_sid;
+ char *sid_str;
+ enum idmap_error_code err;
DEBUG(9, ("Save user\n"));
@@ -110,16 +115,56 @@ int sdap_save_user(TALLOC_CTX *memctx,
if (el->num_values == 0) shell = NULL;
else shell = (const char *)el->values[0].data;
- ret = sysdb_attrs_get_uint32_t(attrs,
- opts->user_map[SDAP_AT_USER_UID].sys_name,
- &uid);
- if (ret != EOK) {
- DEBUG(1, ("no uid provided for [%s] in domain [%s].\n",
- name, dom->name));
- ret = EINVAL;
- goto fail;
- }
+ /* Retrieve or map the UID as appropriate */
+ if (use_id_mapping) {
+ ret = sysdb_attrs_get_el(attrs,
+ opts->user_map[SDAP_AT_USER_OBJECTSID].sys_name,
+ &el);
+ if (ret != EOK || el->num_values != 1) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("No [%s] attribute for user [%s] while id-mapping\n",
+ opts->user_map[SDAP_AT_USER_OBJECTSID].name,
+ name));
+ goto fail;
+ }
+
+ ret = binary_to_dom_sid(tmpctx,
+ el->values[0].data,
+ el->values[0].length,
+ &dom_sid);
+ if (ret != EOK) goto fail;
+ ret = dom_sid_to_string(tmpctx, dom_sid, &sid_str);
+ talloc_zfree(dom_sid);
+ if (ret != EOK) goto fail;
+
+ /* Add string representation to the cache for easier
+ * debugging
+ */
+ ret = sysdb_attrs_add_string(user_attrs, SYSDB_SID_STR, sid_str);
+ if (ret != EOK) goto fail;
+
+ /* Convert the SID into a UNIX user ID */
+ err = sss_idmap_sid_to_unix(
+ opts->idmap_ctx->map,
+ sid_str,
+ (uint32_t *)&uid);
+ if (err != IDMAP_SUCCESS) {
+ ret = EIO;
+ goto fail;
+ }
+
+ } else {
+ ret = sysdb_attrs_get_uint32_t(attrs,
+ opts->user_map[SDAP_AT_USER_UID].sys_name,
+ &uid);
+ if (ret != EOK) {
+ DEBUG(1, ("no uid provided for [%s] in domain [%s].\n",
+ name, dom->name));
+ ret = EINVAL;
+ goto fail;
+ }
+ }
/* check that the uid is valid for this domain */
if (OUT_OF_ID_RANGE(uid, dom->id_min, dom->id_max)) {
DEBUG(2, ("User [%s] filtered out! (id out of range)\n",