From 2fd5864ac8eb2c4cfa0fafe7c0431a74f2ebe1fb Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Sat, 21 Apr 2012 09:09:43 -0400
Subject: LDAP: Add autorid compatibility mode

---
 src/config/SSSDConfig.py                 |  1 +
 src/config/etc/sssd.api.d/sssd-ipa.conf  |  1 +
 src/config/etc/sssd.api.d/sssd-ldap.conf |  1 +
 src/providers/ipa/ipa_opts.h             |  1 +
 src/providers/ldap/ldap_opts.h           |  1 +
 src/providers/ldap/sdap.h                |  1 +
 src/providers/ldap/sdap_idmap.c          | 22 ++++++++++++++--------
 7 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index a48602b28..bdbb90214 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -264,6 +264,7 @@ option_strings = {
     'ldap_idmap_range_min' : _('Lower bound for ID-mapping'),
     'ldap_idmap_range_max' : _('Upper bound for ID-mapping'),
     'ldap_idmap_range_size' : _('Number of IDs for each slice when ID-mapping'),
+    'ldap_idmap_autorid_compat' : _('Use autorid-compatible algorithm for ID-mapping'),
 
     # [provider/ldap/auth]
     'ldap_pwd_policy' : _('Policy to evaluate the password expiration'),
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index 1cad031fc..0447d0c45 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -113,6 +113,7 @@ ipa_host_ssh_public_key = str, None, false
 ldap_idmap_range_min = int, None, false
 ldap_idmap_range_max = int, None, false
 ldap_idmap_range_size = int, None, false
+ldap_idmap_autorid_compat = bool, None, false
 
 [provider/ipa/auth]
 krb5_ccachedir = str, None, false
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index 795181554..1ea1c948b 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -107,6 +107,7 @@ ldap_service_entry_usn = str, None, false
 ldap_idmap_range_min = int, None, false
 ldap_idmap_range_max = int, None, false
 ldap_idmap_range_size = int, None, false
+ldap_idmap_autorid_compat = bool, None, false
 
 [provider/ldap/auth]
 ldap_pwd_policy = str, None, false
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index 866bd3ce0..ee9ff15f3 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -117,6 +117,7 @@ struct dp_option ipa_def_ldap_opts[] = {
     { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 100001 }, NULL_NUMBER },
     { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000100000LL }, NULL_NUMBER },
     { "ldap_idmap_range_size", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER },
+    { "ldap_idmap_autorid_compat", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
     DP_OPTION_TERMINATOR
 };
 
diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h
index a4c780691..8b8ea25c6 100644
--- a/src/providers/ldap/ldap_opts.h
+++ b/src/providers/ldap/ldap_opts.h
@@ -99,6 +99,7 @@ struct dp_option default_basic_opts[] = {
     { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 100001 }, NULL_NUMBER },
     { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000100000LL }, NULL_NUMBER },
     { "ldap_idmap_range_size", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER },
+    { "ldap_idmap_autorid_compat", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
     DP_OPTION_TERMINATOR
 };
 
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index d72a0edd9..7c55ad5a0 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -214,6 +214,7 @@ enum sdap_basic_opt {
     SDAP_IDMAP_LOWER,
     SDAP_IDMAP_UPPER,
     SDAP_IDMAP_RANGESIZE,
+    SDAP_IDMAP_AUTORID_COMPAT,
 
     SDAP_OPTS_BASIC /* opts counter */
 };
diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c
index ea65195ac..24e7ef371 100644
--- a/src/providers/ldap/sdap_idmap.c
+++ b/src/providers/ldap/sdap_idmap.c
@@ -196,15 +196,21 @@ sdap_idmap_add_domain(struct sdap_idmap_ctx *idmap_ctx,
     } else {
         /* If slice is -1, we're being asked to pick a new slice */
 
-        /* Hash the domain sid string */
-        hash_val = murmurhash3(dom_sid, strlen(dom_sid), 0xdeadbeef);
-
-        /* Now get take the modulus of the hash val and the max_slices
-         * to determine its optimal position in the range.
-         */
-        new_slice->slice_num = hash_val % max_slices;
-        orig_slice = new_slice->slice_num;
+        if (dp_opt_get_bool(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_AUTORID_COMPAT)) {
+            /* In autorid compatibility mode, always start at 0 and find the first
+             * free value.
+             */
+            orig_slice = 0;
+        } else {
+            /* Hash the domain sid string */
+            hash_val = murmurhash3(dom_sid, strlen(dom_sid), 0xdeadbeef);
 
+            /* Now get take the modulus of the hash val and the max_slices
+             * to determine its optimal position in the range.
+             */
+            new_slice->slice_num = hash_val % max_slices;
+            orig_slice = new_slice->slice_num;
+        }
         /* Verify that this slice is not already in use */
         do {
             DLIST_FOR_EACH(s, idmap_ctx->slices) {
-- 
cgit