diff options
| author | Sumit Bose <sbose@redhat.com> | 2014-10-24 15:41:04 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-11-05 18:54:57 +0100 |
| commit | 4d1985342d51075f0842c2221c034bbf7cc3d5af (patch) | |
| tree | 7817c6e6471d6674fb9258d425950d8dba5a93ce /src | |
| parent | a624616892da3dc0ee39659e24cbd5a40ae98e9e (diff) | |
| download | sssd-4d1985342d51075f0842c2221c034bbf7cc3d5af.tar.gz sssd-4d1985342d51075f0842c2221c034bbf7cc3d5af.tar.xz sssd-4d1985342d51075f0842c2221c034bbf7cc3d5af.zip | |
IPA: inherit ldap_user_extra_attrs to AD subdomains
Currently the component of the IPA provider which reads the AD user and
group attributes in ipa-server-mode uses default settings for the LDAP
related attributes. As a result even if ldap_user_extra_attrs is defined
in sssd.conf no extra attributes are read from AD.
With the patch the value if ldap_user_extra_attrs is inherited to the AD
subdomains to allow them to read extra attributes as well.
Related to https://fedorahosted.org/sssd/ticket/2464
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index c61c1c666..9281aab1b 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -109,6 +109,7 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx, char *ad_domain; struct sdap_domain *sdom; errno_t ret; + const char *extra_attrs; ad_options = ad_create_default_options(id_ctx, id_ctx->server_mode->realm, id_ctx->server_mode->hostname); @@ -135,6 +136,36 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx, return ret; } + extra_attrs = dp_opt_get_string(id_ctx->sdap_id_ctx->opts->basic, + SDAP_USER_EXTRA_ATTRS); + if (extra_attrs != NULL) { + DEBUG(SSSDBG_TRACE_ALL, + "Setting extra attrs for subdomain [%s] to [%s].\n", ad_domain, + extra_attrs); + + ret = dp_opt_set_string(ad_options->id->basic, SDAP_USER_EXTRA_ATTRS, + extra_attrs); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "dp_opt_get_string failed.\n"); + talloc_free(ad_options); + return ret; + } + + ret = sdap_extend_map_with_list(ad_options->id, ad_options->id, + SDAP_USER_EXTRA_ATTRS, + ad_options->id->user_map, + SDAP_OPTS_USER, + &ad_options->id->user_map, + &ad_options->id->user_map_cnt); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sdap_extend_map_with_list failed.\n"); + talloc_free(ad_options); + return ret; + } + } else { + DEBUG(SSSDBG_TRACE_ALL, "No extra attrs set.\n"); + } + gc_service_name = talloc_asprintf(ad_options, "%s%s", "gc_", subdom->name); if (gc_service_name == NULL) { talloc_free(ad_options); |