From 4c713fb79bfdef602021be890ee687fc3743ebb9 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 5 Nov 2014 18:01:07 +0100
Subject: Fix uuid defaults
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Recently the uuid attributes for user and groups were removed because
it was found that there are not used at all and that some of them where
causing issues (https://fedorahosted.org/sssd/ticket/2383).

The new views/overrides feature of FreeIPA uses the ipaUniqueID attribute
to relate overrides with the original IPA objects. The previous two
patches revert the removal of the uuid attributes from users and groups
with this patch set the default value of these attributes to
ipaUniqueID from the IPA provider, to objectGUID for the AD provider and
leaves them unset for the general LDAP case to avoid issues like the one
from ticket #2383.

Related to https://fedorahosted.org/sssd/ticket/2481

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
 src/man/sssd-ldap.5.xml        | 6 ++++--
 src/providers/ipa/ipa_opts.h   | 4 ++--
 src/providers/ldap/ldap_opts.h | 6 ++----
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index f45522bd5..dad6f2793 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -345,7 +345,8 @@
                             an LDAP user object.
                         </para>
                         <para>
-                            Default: nsUniqueId
+                            Default: not set in the general case, objectGUID for
+                            AD and ipaUniqueID for IPA
                         </para>
                     </listitem>
                 </varlistentry>
@@ -866,7 +867,8 @@
                             an LDAP group object.
                         </para>
                         <para>
-                            Default: nsUniqueId
+                            Default: not set in the general case, objectGUID for
+                            AD and ipaUniqueID for IPA
                         </para>
                     </listitem>
                 </varlistentry>
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index e0478db39..59282e869 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -178,7 +178,7 @@ struct sdap_attr_map ipa_user_map[] = {
     { "ldap_user_principal", "krbPrincipalName", SYSDB_UPN, NULL },
     { "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL },
     { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL },
-    { "ldap_user_uuid", "nsUniqueId", SYSDB_UUID, NULL },
+    { "ldap_user_uuid", "ipaUniqueID", SYSDB_UUID, NULL },
     { "ldap_user_objectsid", "ipaNTSecurityIdentifier", SYSDB_SID_STR, NULL },
     { "ldap_user_primary_group", NULL, SYSDB_PRIMARY_GROUP, NULL },
     { "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
@@ -212,7 +212,7 @@ struct sdap_attr_map ipa_group_map[] = {
     { "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL },
     { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
     { "ldap_group_member", "member", SYSDB_MEMBER, NULL },
-    { "ldap_group_uuid", "nsUniqueId", SYSDB_UUID, NULL },
+    { "ldap_group_uuid", "ipaUniqueID", SYSDB_UUID, NULL },
     { "ldap_group_objectsid", "ipaNTSecurityIdentifier", SYSDB_SID_STR, NULL },
     { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
     { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL },
diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h
index 096a63bd5..29d9faf99 100644
--- a/src/providers/ldap/ldap_opts.h
+++ b/src/providers/ldap/ldap_opts.h
@@ -209,8 +209,7 @@ struct sdap_attr_map rfc2307bis_user_map[] = {
     { "ldap_user_principal", "krbPrincipalName", SYSDB_UPN, NULL },
     { "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL },
     { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL },
-    /* FIXME: this is 389ds specific */
-    { "ldap_user_uuid", "nsUniqueId", SYSDB_UUID, NULL },
+    { "ldap_user_uuid", NULL, SYSDB_UUID, NULL },
     { "ldap_user_objectsid", "objectSID", SYSDB_SID, NULL },
     { "ldap_user_primary_group", NULL, SYSDB_PRIMARY_GROUP, NULL },
     { "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
@@ -244,8 +243,7 @@ struct sdap_attr_map rfc2307bis_group_map[] = {
     { "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL },
     { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
     { "ldap_group_member", "member", SYSDB_MEMBER, NULL },
-    /* FIXME: this is 389ds specific */
-    { "ldap_group_uuid", "nsUniqueId", SYSDB_UUID, NULL },
+    { "ldap_group_uuid", NULL, SYSDB_UUID, NULL },
     { "ldap_group_objectsid", "objectSID", SYSDB_SID, NULL },
     { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
     { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL },
-- 
cgit