diff options
author | Gerald Carter <jerry@samba.org> | 2003-05-14 05:28:16 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2003-05-14 05:28:16 +0000 |
commit | df641bc7caceab142372a279a2844df187c86597 (patch) | |
tree | 12685fae7636176db25ce404ecfaff7f98c3f5da | |
parent | b2c19b772738c036a44b344b77b7757781f2e1f0 (diff) | |
download | samba-df641bc7caceab142372a279a2844df187c86597.tar.gz samba-df641bc7caceab142372a279a2844df187c86597.tar.bz2 samba-df641bc7caceab142372a279a2844df187c86597.zip |
fix group mapping in LDAP under new schema
(This used to be commit 0714dda7cc4a1df73e1b9d11daae80a1f46583de)
-rw-r--r-- | examples/LDAP/samba.schema | 2 | ||||
-rw-r--r-- | source3/passdb/pdb_ldap.c | 96 |
2 files changed, 62 insertions, 36 deletions
diff --git a/examples/LDAP/samba.schema b/examples/LDAP/samba.schema index 6ef8980613..7093a96b04 100644 --- a/examples/LDAP/samba.schema +++ b/examples/LDAP/samba.schema @@ -313,7 +313,7 @@ objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ sambaSID $ sambaGroupType ) - MAY ( displayName $ description $ cn )) + MAY ( displayName $ description )) ## ## Whole-of-domain info diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 5dbf10c5b9..7b37d8c7d2 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -107,6 +107,7 @@ static struct ldapsam_privates *static_ldap_state; #define LDAP_OBJ_ACCOUNT "account" #define LDAP_OBJ_POSIXACCOUNT "posixAccount" +#define LDAP_OBJ_POSIXGROUP "posixGroup" /* some generic attributes that get reused a lot */ @@ -239,6 +240,14 @@ static ATTRIB_MAP_ENTRY groupmap_attr_list[] = { { LDAP_ATTR_LIST_END, NULL } }; +static ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[] = { + { LDAP_ATTR_GROUP_SID, "sambaSID" }, + { LDAP_ATTR_GROUP_TYPE, "sambaGroupType" }, + { LDAP_ATTR_DESC, "description" }, + { LDAP_ATTR_DISPLAY_NAME, "displayName" }, + { LDAP_ATTR_LIST_END, NULL } +}; + /********************************************************************** perform a simple table lookup and return the attribute name **********************************************************************/ @@ -3080,30 +3089,37 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state, pstring temp; if (ldap_state == NULL || map == NULL || entry == NULL || - ldap_state->ldap_struct == NULL) { + ldap_state->ldap_struct == NULL) + { DEBUG(0, ("init_group_from_ldap: NULL parameters found!\n")); return False; } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", - temp)) { - DEBUG(0, ("Mandatory attribute gidNumber not found\n")); + if (!get_single_attribute(ldap_state->ldap_struct, entry, + get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GIDNUMBER), temp)) + { + DEBUG(0, ("Mandatory attribute %s not found\n", + get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GIDNUMBER))); return False; } DEBUG(2, ("Entry found for group: %s\n", temp)); map->gid = (gid_t)atol(temp); - if (!get_single_attribute(ldap_state->ldap_struct, entry, "ntSid", - temp)) { - DEBUG(0, ("Mandatory attribute ntSid not found\n")); + if (!get_single_attribute(ldap_state->ldap_struct, entry, + get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_SID), temp)) + { + DEBUG(0, ("Mandatory attribute %s not found\n", + get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_SID))); return False; } string_to_sid(&map->sid, temp); - if (!get_single_attribute(ldap_state->ldap_struct, entry, "ntGroupType", - temp)) { - DEBUG(0, ("Mandatory attribute ntGroupType not found\n")); + if (!get_single_attribute(ldap_state->ldap_struct, entry, + get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_TYPE), temp)) + { + DEBUG(0, ("Mandatory attribute %s not found\n", + get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_TYPE))); return False; } map->sid_name_use = (uint32)atol(temp); @@ -3114,12 +3130,13 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state, return False; } - if (!get_single_attribute(ldap_state->ldap_struct, entry, "displayName", - temp)) { - DEBUG(3, ("Attribute displayName not found\n")); + if (!get_single_attribute(ldap_state->ldap_struct, entry, + get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), temp)) + { temp[0] = '\0'; - if (!get_single_attribute(ldap_state->ldap_struct, entry, "cn", - temp)) { + if (!get_single_attribute(ldap_state->ldap_struct, entry, + get_attr_key2string( groupmap_attr_list, LDAP_ATTR_CN), temp)) + { DEBUG(0, ("Attributes cn not found either " "for gidNumber(%i)\n",map->gid)); return False; @@ -3127,9 +3144,9 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state, } fstrcpy(map->nt_name, temp); - if (!get_single_attribute(ldap_state->ldap_struct, entry, "description", - temp)) { - DEBUG(3, ("Attribute description not found\n")); + if (!get_single_attribute(ldap_state->ldap_struct, entry, + get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DESC), temp)) + { temp[0] = '\0'; } fstrcpy(map->comment, temp); @@ -3158,12 +3175,16 @@ static BOOL init_ldap_from_group(LDAP *ldap_struct, *mods = NULL; sid_to_string(tmp, &map->sid); - make_ldap_mod(ldap_struct, existing, mods, "ntSid", tmp); + make_ldap_mod(ldap_struct, existing, mods, + get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GROUP_SID), tmp); snprintf(tmp, sizeof(tmp)-1, "%i", map->sid_name_use); - make_ldap_mod(ldap_struct, existing, mods, "ntGroupType", tmp); + make_ldap_mod(ldap_struct, existing, mods, + get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GROUP_TYPE), tmp); - make_ldap_mod(ldap_struct, existing, mods, "displayName", map->nt_name); - make_ldap_mod(ldap_struct, existing, mods, "description", map->comment); + make_ldap_mod(ldap_struct, existing, mods, + get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), map->nt_name); + make_ldap_mod(ldap_struct, existing, mods, + get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DESC), map->comment); return True; } @@ -3225,9 +3246,10 @@ static NTSTATUS ldapsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, { pstring filter; - snprintf(filter, sizeof(filter)-1, - "(&(objectClass=sambaGroupMapping)(ntSid=%s))", - sid_string_static(&sid)); + snprintf(filter, sizeof(filter)-1, "(&(objectClass=%s)(%s=%s))", + LDAP_OBJ_GROUPMAP, + get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GROUP_SID), + sid_string_static(&sid)); return ldapsam_getgroup(methods, filter, map); } @@ -3240,9 +3262,10 @@ static NTSTATUS ldapsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, { pstring filter; - snprintf(filter, sizeof(filter)-1, - "(&(objectClass=sambaGroupMapping)(gidNumber=%d))", - gid); + snprintf(filter, sizeof(filter)-1, "(&(objectClass=%s)(%s=%d))", + LDAP_OBJ_GROUPMAP, + get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GIDNUMBER), + gid); return ldapsam_getgroup(methods, filter, map); } @@ -3257,9 +3280,10 @@ static NTSTATUS ldapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, /* TODO: Escaping of name? */ - snprintf(filter, sizeof(filter)-1, - "(&(objectClass=sambaGroupMapping)(|(displayName=%s)(cn=%s)))", - name, name); + snprintf(filter, sizeof(filter)-1, "(&(objectClass=%s)(|(%s=%s)(%s=%s)))", + LDAP_OBJ_GROUPMAP, + get_attr_key2string(groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), name, + get_attr_key2string(groupmap_attr_list, LDAP_ATTR_CN), name); return ldapsam_getgroup(methods, filter, map); } @@ -3273,8 +3297,10 @@ static int ldapsam_search_one_group_by_gid(struct ldapsam_privates *ldap_state, { pstring filter; - snprintf(filter, sizeof(filter)-1, - "(&(objectClass=posixGroup)(gidNumber=%i))", gid); + snprintf(filter, sizeof(filter)-1, "(&(objectClass=%s)(%s=%i))", + LDAP_OBJ_POSIXGROUP, + get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GIDNUMBER), + gid); return ldapsam_search_one_group(ldap_state, filter, result); } @@ -3440,7 +3466,7 @@ static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods, return NT_STATUS_NO_SUCH_GROUP; } - attr_list = get_attr_list( groupmap_attr_list ); + attr_list = get_attr_list( groupmap_attr_list_to_delete ); ret = ldapsam_delete_entry(ldap_state, result, LDAP_OBJ_GROUPMAP, attr_list); free_attr_list ( attr_list ); @@ -3459,7 +3485,7 @@ static NTSTATUS ldapsam_setsamgrent(struct pdb_methods *my_methods, BOOL update) int rc; char **attr_list; - snprintf( filter, sizeof(filter)-1, "(%s=*)", LDAP_OBJ_GROUPMAP ); + snprintf( filter, sizeof(filter)-1, "(objectclass=%s)", LDAP_OBJ_GROUPMAP); attr_list = get_attr_list( groupmap_attr_list ); rc = ldapsam_search(ldap_state, lp_ldap_suffix(), LDAP_SCOPE_SUBTREE, filter, |