diff options
author | Sumit Bose <sbose@redhat.com> | 2016-06-20 12:57:43 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-07-29 14:44:47 +0200 |
commit | 78677495a7762469002b0976809fa20ac2196f42 (patch) | |
tree | fa3576ba22003fb3c75435b4ae852c7cd8b7a61d /src/db | |
parent | 83a796ec8de4bde65b11cc8032675406950641fa (diff) | |
download | sssd-78677495a7762469002b0976809fa20ac2196f42.tar.gz sssd-78677495a7762469002b0976809fa20ac2196f42.tar.xz sssd-78677495a7762469002b0976809fa20ac2196f42.zip |
sysdb: include email in UPN searches
Email addresses and Kerberos user principals names (UPNs) do not only
look similar they also can be used to identify a user uniquely.
In future this approach should be replace by a more generic one where
the attributes which can uniquely identifies a user can be configured to
support even a wider range of login names.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/db')
-rw-r--r-- | src/db/sysdb.h | 2 | ||||
-rw-r--r-- | src/db/sysdb_ops.c | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index f3952f8a5..c2f58ccb9 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -185,7 +185,7 @@ #define SYSDB_PWNAM_FILTER "(&("SYSDB_UC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_PWUID_FILTER "(&("SYSDB_UC")("SYSDB_UIDNUM"=%lu))" #define SYSDB_PWSID_FILTER "(&("SYSDB_UC")("SYSDB_SID_STR"=%s))" -#define SYSDB_PWUPN_FILTER "(&("SYSDB_UC")(|("SYSDB_UPN"=%s)("SYSDB_CANONICAL_UPN"=%s)))" +#define SYSDB_PWUPN_FILTER "(&("SYSDB_UC")(|("SYSDB_UPN"=%s)("SYSDB_CANONICAL_UPN"=%s)("SYSDB_USER_EMAIL"=%s)))" #define SYSDB_PWENT_FILTER "("SYSDB_UC")" #define SYSDB_GRNAM_FILTER "(&("SYSDB_GC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 9a8a55ed8..ed177d173 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -537,7 +537,7 @@ int sysdb_search_user_by_upn_res(TALLOC_CTX *mem_ctx, struct ldb_dn *base_dn; int ret; const char *def_attrs[] = { SYSDB_NAME, SYSDB_UPN, SYSDB_CANONICAL_UPN, - NULL }; + SYSDB_USER_EMAIL, NULL }; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -553,7 +553,7 @@ int sysdb_search_user_by_upn_res(TALLOC_CTX *mem_ctx, ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs ? attrs : def_attrs, - SYSDB_PWUPN_FILTER, upn, upn); + SYSDB_PWUPN_FILTER, upn, upn, upn); if (ret != EOK) { ret = sysdb_error_to_errno(ret); goto done; |