From fd56e9302454869c636c2e40322eec52391b4c4f Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 9 Dec 2013 12:17:43 +0100
Subject: Add new option ldap_group_type

---
 src/config/SSSDConfig/__init__.py.in     |  1 +
 src/config/etc/sssd.api.d/sssd-ad.conf   |  1 +
 src/config/etc/sssd.api.d/sssd-ipa.conf  |  1 +
 src/config/etc/sssd.api.d/sssd-ldap.conf |  1 +
 src/db/sysdb.h                           |  1 +
 src/man/sssd-ldap.5.xml                  | 21 +++++++++++++++++++++
 src/providers/ad/ad_opts.h               |  1 +
 src/providers/ipa/ipa_opts.h             |  1 +
 src/providers/ldap/ldap_opts.h           |  3 +++
 src/providers/ldap/sdap.h                |  1 +
 10 files changed, 32 insertions(+)

diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index af5903c65..8563a91e7 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -284,6 +284,7 @@ option_strings = {
     'ldap_group_uuid' : _('Group UUID attribute'),
     'ldap_group_objectsid' : _("objectSID attribute"),
     'ldap_group_modify_timestamp' : _('Modification time attribute for groups'),
+    'ldap_group_type' : _('Type of the group and other flags'),
     #replaced by ldap_entry_usn# 'ldap_group_entry_usn' : _('entryUSN attribute'),
     'ldap_group_nesting_level' : _('Maximum nesting level SSSd will follow'),
 
diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
index 00e8968d2..6b136f2ec 100644
--- a/src/config/etc/sssd.api.d/sssd-ad.conf
+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
@@ -91,6 +91,7 @@ ldap_group_uuid = str, None, false
 ldap_group_objectsid = str, None, false
 ldap_group_modify_timestamp = str, None, false
 ldap_group_entry_usn = str, None, false
+ldap_group_type = int, None, false
 ldap_force_upper_case_realm = bool, None, false
 ldap_group_nesting_level = int, None, false
 ldap_netgroup_search_base = str, None, false
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index bc14fbe3d..a94b5f09b 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -98,6 +98,7 @@ ldap_group_uuid = str, None, false
 ldap_group_objectsid = str, None, false
 ldap_group_modify_timestamp = str, None, false
 ldap_group_entry_usn = str, None, false
+ldap_group_type = int, None, false
 ldap_force_upper_case_realm = bool, None, false
 ldap_group_nesting_level = int, None, false
 ldap_netgroup_search_base = str, None, false
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index eb239664c..4f5a06800 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -93,6 +93,7 @@ ldap_group_uuid = str, None, false
 ldap_group_objectsid = str, None, false
 ldap_group_modify_timestamp = str, None, false
 ldap_group_entry_usn = str, None, false
+ldap_group_type = int, None, false
 ldap_group_nesting_level = int, None, false
 ldap_force_upper_case_realm = bool, None, false
 ldap_netgroup_search_base = str, None, false
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index f1ed8158c..9bcd7be09 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -76,6 +76,7 @@
 #define SYSDB_POSIX "isPosix"
 #define SYSDB_USER_CATEGORY "userCategory"
 #define SYSDB_HOST_CATEGORY "hostCategory"
+#define SYSDB_GROUP_TYPE "groupType"
 
 #define SYSDB_GECOS "gecos"
 #define SYSDB_LAST_LOGIN "lastLogin"
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index efe22c9d2..cc58544c3 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -848,6 +848,27 @@
                     </listitem>
                 </varlistentry>
 
+                <varlistentry>
+                    <term>ldap_group_type (integer)</term>
+                    <listitem>
+                        <para>
+                            The LDAP attribute that contains an integer value
+                            indicating the type of the group and maybe other
+                            flags.
+                        </para>
+                        <para>
+                            This attribute is currently only used by the AD
+                            provider to determine if a group is a domain local
+                            groups and has to be filtered out for trusted
+                            domains.
+                        </para>
+                        <para>
+                            Default: groupType in the AD provider, othewise not
+                            set
+                        </para>
+                    </listitem>
+                </varlistentry>
+
                 <varlistentry>
                     <term>ldap_group_nesting_level (integer)</term>
                     <listitem>
diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h
index 5b7b1c89f..0deeec99a 100644
--- a/src/providers/ad/ad_opts.h
+++ b/src/providers/ad/ad_opts.h
@@ -209,6 +209,7 @@ struct sdap_attr_map ad_2008r2_group_map[] = {
     { "ldap_group_objectsid", "objectSID", SYSDB_SID, NULL },
     { "ldap_group_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL },
     { "ldap_group_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL },
+    { "ldap_group_type", "groupType", SYSDB_GROUP_TYPE, NULL },
     SDAP_ATTR_MAP_TERMINATOR
 };
 
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index 5ec36c550..27dc3e2f9 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -209,6 +209,7 @@ struct sdap_attr_map ipa_group_map[] = {
     { "ldap_group_objectsid", "ipaNTSecurityIdentifier", SYSDB_SID_STR, NULL },
     { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
     { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL },
+    { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL },
     SDAP_ATTR_MAP_TERMINATOR
 };
 
diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h
index a6c821f3a..9593dfd30 100644
--- a/src/providers/ldap/ldap_opts.h
+++ b/src/providers/ldap/ldap_opts.h
@@ -187,6 +187,7 @@ struct sdap_attr_map rfc2307_group_map[] = {
     { "ldap_group_objectsid", NULL, SYSDB_SID, NULL },
     { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
     { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL },
+    { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL },
     SDAP_ATTR_MAP_TERMINATOR
 };
 
@@ -241,6 +242,7 @@ struct sdap_attr_map rfc2307bis_group_map[] = {
     { "ldap_group_objectsid", NULL, SYSDB_SID, NULL },
     { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
     { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL },
+    { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL },
     SDAP_ATTR_MAP_TERMINATOR
 };
 
@@ -293,6 +295,7 @@ struct sdap_attr_map gen_ad2008r2_group_map[] = {
     { "ldap_group_objectsid", "objectSID", SYSDB_SID, NULL },
     { "ldap_group_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL },
     { "ldap_group_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL },
+    { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL },
     SDAP_ATTR_MAP_TERMINATOR
 };
 
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index a7ea94eb8..d408be0a6 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -296,6 +296,7 @@ enum sdap_group_attrs {
     SDAP_AT_GROUP_OBJECTSID,
     SDAP_AT_GROUP_MODSTAMP,
     SDAP_AT_GROUP_USN,
+    SDAP_AT_GROUP_TYPE,
 
     SDAP_OPTS_GROUP /* attrs counter */
 };
-- 
cgit