From 4f07a5ba197b902afd3a785baf6bd9967f50dfd2 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Tue, 10 Apr 2012 20:00:36 -0400 Subject: LDAP: Add objectSID config option --- src/config/SSSDConfig.py | 2 ++ src/config/etc/sssd.api.d/sssd-ipa.conf | 2 ++ src/config/etc/sssd.api.d/sssd-ldap.conf | 2 ++ src/db/sysdb.h | 1 + src/man/sssd-ldap.5.xml | 30 ++++++++++++++++++++++++++++++ src/providers/ipa/ipa_opts.h | 2 ++ src/providers/ldap/ldap_opts.h | 6 ++++++ src/providers/ldap/sdap.h | 2 ++ 8 files changed, 47 insertions(+) diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index d38014c28..ddad27657 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -205,6 +205,7 @@ option_strings = { 'ldap_user_home_directory' : _('Home directory attribute'), 'ldap_user_shell' : _('Shell attribute'), 'ldap_user_uuid' : _('UUID attribute'), + 'ldap_user_objectsid' : _("objectSID attribute"), 'ldap_user_principal' : _('User principal attribute (for Kerberos)'), 'ldap_user_fullname' : _('Full Name'), 'ldap_user_member_of' : _('memberOf attribute'), @@ -239,6 +240,7 @@ option_strings = { 'ldap_group_gid_number' : _('GID attribute'), 'ldap_group_member' : _('Group member attribute'), 'ldap_group_uuid' : _('Group UUID attribute'), + 'ldap_group_objectsid' : _("objectSID attribute"), 'ldap_group_modify_timestamp' : _('Modification time attribute for groups'), #replaced by ldap_entry_usn# 'ldap_group_entry_usn' : _('entryUSN attribute'), 'ldap_group_nesting_level' : _('Maximum nesting level SSSd will follow'), diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index 850b9dbd6..7e3d3ff7f 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -60,6 +60,7 @@ ldap_user_gecos = str, None, false ldap_user_home_directory = str, None, false ldap_user_shell = str, None, false ldap_user_uuid = str, None, false +ldap_user_objectsid = str, None, false ldap_user_principal = str, None, false ldap_user_fullname = str, None, false ldap_user_member_of = str, None, false @@ -84,6 +85,7 @@ ldap_group_name = str, None, false ldap_group_gid_number = str, None, false ldap_group_member = str, None, false ldap_group_uuid = str, None, false +ldap_group_objectsid = str, None, false ldap_group_modify_timestamp = str, None, false ldap_group_entry_usn = str, None, false ldap_force_upper_case_realm = bool, None, false diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 0a5b7f1f3..df602784b 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -52,6 +52,7 @@ ldap_user_gecos = str, None, false ldap_user_home_directory = str, None, false ldap_user_shell = str, None, false ldap_user_uuid = str, None, false +ldap_user_objectsid = str, None, false ldap_user_principal = str, None, false ldap_user_fullname = str, None, false ldap_user_member_of = str, None, false @@ -84,6 +85,7 @@ ldap_group_name = str, None, false ldap_group_gid_number = str, None, false ldap_group_member = str, None, false ldap_group_uuid = str, None, false +ldap_group_objectsid = str, None, false ldap_group_modify_timestamp = str, None, false ldap_group_entry_usn = str, None, false ldap_group_nesting_level = int, None, false diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 56c9f0525..e4df69c5e 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -107,6 +107,7 @@ #define SYSDB_CACHEDPWD "cachedPassword" #define SYSDB_UUID "uniqueID" +#define SYSDB_SID "objectSID" #define SYSDB_UPN "userPrincipalName" #define SYSDB_CCACHE_FILE "ccacheFile" diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 95ebd8349..33f50831f 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -330,6 +330,21 @@ + + ldap_user_objectsid (string) + + + The LDAP attribute that contains the objectSID of + an LDAP user object. This is usually only + necessary for ActiveDirectory servers. + + + Default: objectSid for ActiveDirectory, not set + for other servers. + + + + ldap_user_modify_timestamp (string) @@ -771,6 +786,21 @@ + + ldap_group_objectsid (string) + + + The LDAP attribute that contains the objectSID of + an LDAP group object. This is usually only + necessary for ActiveDirectory servers. + + + Default: objectSid for ActiveDirectory, not set + for other servers. + + + + ldap_group_modify_timestamp (string) diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index 20f57fca5..48c839de7 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -135,6 +135,7 @@ struct sdap_attr_map ipa_user_map[] = { { "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL }, { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL }, { "ldap_user_uuid", "nsUniqueId", SYSDB_UUID, NULL }, + { "ldap_user_objectsid", NULL, SYSDB_SID, NULL }, { "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_user_entry_usn", NULL, SYSDB_USN, NULL }, { "ldap_user_shadow_last_change", "shadowLastChange", SYSDB_SHADOWPW_LASTCHANGE, NULL }, @@ -166,6 +167,7 @@ struct sdap_attr_map ipa_group_map[] = { { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, { "ldap_group_member", "member", SYSDB_MEMBER, NULL }, { "ldap_group_uuid", "nsUniqueId", SYSDB_UUID, NULL }, + { "ldap_group_objectsid", NULL, SYSDB_SID, NULL }, { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL }, SDAP_ATTR_MAP_TERMINATOR diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h index f1a7326ac..a609aca90 100644 --- a/src/providers/ldap/ldap_opts.h +++ b/src/providers/ldap/ldap_opts.h @@ -129,6 +129,7 @@ struct sdap_attr_map rfc2307_user_map[] = { { "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL }, { "ldap_user_member_of", NULL, SYSDB_MEMBEROF, NULL }, { "ldap_user_uuid", NULL, SYSDB_UUID, NULL }, + { "ldap_user_objectsid", NULL, SYSDB_SID, NULL }, { "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_user_entry_usn", NULL, SYSDB_USN, NULL }, { "ldap_user_shadow_last_change", "shadowLastChange", SYSDB_SHADOWPW_LASTCHANGE, NULL }, @@ -160,6 +161,7 @@ struct sdap_attr_map rfc2307_group_map[] = { { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, { "ldap_group_member", "memberuid", SYSDB_MEMBER, NULL }, { "ldap_group_uuid", NULL, SYSDB_UUID, NULL }, + { "ldap_group_objectsid", NULL, SYSDB_SID, NULL }, { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL }, SDAP_ATTR_MAP_TERMINATOR @@ -179,6 +181,7 @@ struct sdap_attr_map rfc2307bis_user_map[] = { { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL }, /* FIXME: this is 389ds specific */ { "ldap_user_uuid", "nsUniqueId", SYSDB_UUID, NULL }, + { "ldap_user_objectsid", NULL, SYSDB_SID, NULL }, { "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_user_entry_usn", NULL, SYSDB_USN, NULL }, { "ldap_user_shadow_last_change", "shadowLastChange", SYSDB_SHADOWPW_LASTCHANGE, NULL }, @@ -211,6 +214,7 @@ struct sdap_attr_map rfc2307bis_group_map[] = { { "ldap_group_member", "member", SYSDB_MEMBER, NULL }, /* FIXME: this is 389ds specific */ { "ldap_group_uuid", "nsUniqueId", SYSDB_UUID, NULL }, + { "ldap_group_objectsid", NULL, SYSDB_SID, NULL }, { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL }, SDAP_ATTR_MAP_TERMINATOR @@ -229,6 +233,7 @@ struct sdap_attr_map ad2008r2_user_map[] = { { "ldap_user_fullname", "name", SYSDB_FULLNAME, NULL }, { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL }, { "ldap_user_uuid", "objectGUID", SYSDB_UUID, NULL }, + { "ldap_user_objectsid", "objectSID", SYSDB_SID, NULL }, { "ldap_user_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_user_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL }, { "ldap_user_shadow_last_change", NULL, SYSDB_SHADOWPW_LASTCHANGE, NULL }, @@ -260,6 +265,7 @@ struct sdap_attr_map ad2008r2_group_map[] = { { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, { "ldap_group_member", "member", SYSDB_MEMBER, NULL }, { "ldap_group_uuid", "objectGUID", SYSDB_UUID, NULL }, + { "ldap_group_objectsid", "objectSID", SYSDB_SID, NULL }, { "ldap_group_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_group_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL }, SDAP_ATTR_MAP_TERMINATOR diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 18ec37bbe..5109ea86a 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -236,6 +236,7 @@ enum sdap_user_attrs { SDAP_AT_USER_FULLNAME, SDAP_AT_USER_MEMBEROF, SDAP_AT_USER_UUID, + SDAP_AT_USER_OBJECTSID, SDAP_AT_USER_MODSTAMP, SDAP_AT_USER_USN, SDAP_AT_SP_LSTCHG, @@ -272,6 +273,7 @@ enum sdap_group_attrs { SDAP_AT_GROUP_GID, SDAP_AT_GROUP_MEMBER, SDAP_AT_GROUP_UUID, + SDAP_AT_GROUP_OBJECTSID, SDAP_AT_GROUP_MODSTAMP, SDAP_AT_GROUP_USN, -- cgit