Add a new option ldap_group_external_member

Required for: https://fedorahosted.org/sssd/ticket/2522 Reviewed-by: Sumit Bose <sbose@redhat.com>
author: Jakub Hrozek <jhrozek@redhat.com> 2016-01-25 16:03:23 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2016-02-24 14:05:16 +0100
commit: 3cf7fdfcaedb986f42a6640e26aa057007b64045 (patch)
tree: b0306f0205df0d3f80ea0f36d8f3b4f362a2c544
parent: b590f44c06158485357d69cc5b24d5af05f1bb95 (diff)
download: sssd-3cf7fdfcaedb986f42a6640e26aa057007b64045.tar.gz
sssd-3cf7fdfcaedb986f42a6640e26aa057007b64045.tar.xz
sssd-3cf7fdfcaedb986f42a6640e26aa057007b64045.zip
10 files changed, 27 insertions, 0 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 495cb650e..65e5e655d 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -334,6 +334,7 @@ option_strings = {
     'ldap_group_objectsid' : _("objectSID attribute"),
     'ldap_group_modify_timestamp' : _('Modification time attribute for groups'),
     'ldap_group_type' : _('Type of the group and other flags'),
+    'ldap_group_external_member' : _('The LDAP group external member attribute'),
     #replaced by ldap_entry_usn# 'ldap_group_entry_usn' : _('entryUSN attribute'),
     'ldap_group_nesting_level' : _('Maximum nesting level SSSd will follow'),
 
diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
index 149590f4f..23006d26c 100644
--- a/src/config/etc/sssd.api.d/sssd-ad.conf
+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
@@ -110,6 +110,7 @@ ldap_group_objectsid = str, None, false
 ldap_group_modify_timestamp = str, None, false
 ldap_group_entry_usn = str, None, false
 ldap_group_type = int, None, false
+ldap_group_external_member = str, None, false
 ldap_force_upper_case_realm = bool, None, false
 ldap_group_nesting_level = int, None, false
 ldap_netgroup_search_base = str, None, false
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index 822599db6..8cd20c0c6 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -104,6 +104,7 @@ ldap_group_objectsid = str, None, false
 ldap_group_modify_timestamp = str, None, false
 ldap_group_entry_usn = str, None, false
 ldap_group_type = int, None, false
+ldap_group_external_member = str, None, false
 ldap_force_upper_case_realm = bool, None, false
 ldap_group_nesting_level = int, None, false
 ldap_netgroup_search_base = str, None, false
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index fc9fcefce..8b52f268a 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -98,6 +98,7 @@ ldap_group_objectsid = str, None, false
 ldap_group_modify_timestamp = str, None, false
 ldap_group_entry_usn = str, None, false
 ldap_group_type = int, None, false
+ldap_group_external_member = str, None, false
 ldap_group_nesting_level = int, None, false
 ldap_force_upper_case_realm = bool, None, false
 ldap_netgroup_search_base = str, None, false
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 2e797fd7f..95a908676 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -81,6 +81,7 @@
 #define SYSDB_USER_CATEGORY "userCategory"
 #define SYSDB_HOST_CATEGORY "hostCategory"
 #define SYSDB_GROUP_TYPE "groupType"
+#define SYSDB_EXTERNAL_MEMBER "externalMember"
 
 #define SYSDB_GECOS "gecos"
 #define SYSDB_LAST_LOGIN "lastLogin"
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 66b9024bc..a30100408 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -942,6 +942,22 @@
                 </varlistentry>
 
                 <varlistentry>
+                    <term>ldap_group_external_member (string)</term>
+                    <listitem>
+                        <para>
+                            The LDAP attribute that references group
+                            members that are defined in an external
+                            domain. At the moment, only IPA's external
+                            members are supported.
+                        </para>
+                        <para>
+                            Default: ipaExternalMember in the IPA provider,
+                            otherwise unset.
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
                     <term>ldap_group_nesting_level (integer)</term>
                     <listitem>
                         <para>
diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c
index 28d4768b2..15024adb7 100644
--- a/src/providers/ad/ad_opts.c
+++ b/src/providers/ad/ad_opts.c
@@ -233,6 +233,7 @@ struct sdap_attr_map ad_2008r2_group_map[] = {
     { "ldap_group_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL },
     { "ldap_group_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL },
     { "ldap_group_type", "groupType", SYSDB_GROUP_TYPE, NULL },
+    { "ldap_group_external_member", NULL, SYSDB_EXTERNAL_MEMBER, NULL },
     SDAP_ATTR_MAP_TERMINATOR
 };
 
diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c
index cd87852e5..fe469852b 100644
--- a/src/providers/ipa/ipa_opts.c
+++ b/src/providers/ipa/ipa_opts.c
@@ -219,6 +219,7 @@ struct sdap_attr_map ipa_group_map[] = {
     { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
     { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL },
     { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL },
+    { "ldap_group_external_member", "ipaExternalMember", SYSDB_EXTERNAL_MEMBER, NULL },
     SDAP_ATTR_MAP_TERMINATOR
 };
 
diff --git a/src/providers/ldap/ldap_opts.c b/src/providers/ldap/ldap_opts.c
index 84ba2b542..ff9bf0d8b 100644
--- a/src/providers/ldap/ldap_opts.c
+++ b/src/providers/ldap/ldap_opts.c
@@ -195,6 +195,7 @@ struct sdap_attr_map rfc2307_group_map[] = {
     { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
     { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL },
     { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL },
+    { "ldap_group_external_member", NULL, SYSDB_EXTERNAL_MEMBER, NULL },
     SDAP_ATTR_MAP_TERMINATOR
 };
 
@@ -251,6 +252,7 @@ struct sdap_attr_map rfc2307bis_group_map[] = {
     { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
     { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL },
     { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL },
+    { "ldap_group_external_member", NULL, SYSDB_EXTERNAL_MEMBER, NULL },
     SDAP_ATTR_MAP_TERMINATOR
 };
 
@@ -307,6 +309,7 @@ struct sdap_attr_map gen_ad2008r2_group_map[] = {
     { "ldap_group_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL },
     { "ldap_group_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL },
     { "ldap_group_type", "groupType", SYSDB_GROUP_TYPE, NULL },
+    { "ldap_group_external_member", NULL, SYSDB_EXTERNAL_MEMBER, NULL },
     SDAP_ATTR_MAP_TERMINATOR
 };
 
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index e06f2b6ac..9dc2e16a0 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -304,6 +304,7 @@ enum sdap_group_attrs {
     SDAP_AT_GROUP_MODSTAMP,
     SDAP_AT_GROUP_USN,
     SDAP_AT_GROUP_TYPE,
+    SDAP_AT_GROUP_EXT_MEMBER,
 
     SDAP_OPTS_GROUP /* attrs counter */
 };
author	Jakub Hrozek <jhrozek@redhat.com>	2016-01-25 16:03:23 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2016-02-24 14:05:16 +0100
commit	3cf7fdfcaedb986f42a6640e26aa057007b64045 (patch)
tree	b0306f0205df0d3f80ea0f36d8f3b4f362a2c544
parent	b590f44c06158485357d69cc5b24d5af05f1bb95 (diff)
download	sssd-3cf7fdfcaedb986f42a6640e26aa057007b64045.tar.gz sssd-3cf7fdfcaedb986f42a6640e26aa057007b64045.tar.xz sssd-3cf7fdfcaedb986f42a6640e26aa057007b64045.zip