summaryrefslogtreecommitdiff
path: root/source3/sam/idmap_ad.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/sam/idmap_ad.c')
-rw-r--r--source3/sam/idmap_ad.c63
1 files changed, 37 insertions, 26 deletions
diff --git a/source3/sam/idmap_ad.c b/source3/sam/idmap_ad.c
index 0803f2a7ab..5edfad487d 100644
--- a/source3/sam/idmap_ad.c
+++ b/source3/sam/idmap_ad.c
@@ -30,14 +30,6 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_IDMAP
-#ifndef ATTR_UIDNUMBER
-#define ATTR_UIDNUMBER ADS_ATTR_SFU_UIDNUMBER_OID
-#endif
-
-#ifndef ATTR_GIDNUMBER
-#define ATTR_GIDNUMBER ADS_ATTR_SFU_GIDNUMBER_OID
-#endif
-
#define WINBIND_CCACHE_NAME "MEMORY:winbind_ccache"
NTSTATUS init_module(void);
@@ -48,28 +40,42 @@ static char *ad_idmap_uri = NULL;
static char *attr_uidnumber = NULL;
static char *attr_gidnumber = NULL;
-static BOOL ad_idmap_check_attr_mapping(ADS_STRUCT *ads)
+static ADS_STATUS ad_idmap_check_attr_mapping(ADS_STRUCT *ads)
{
+ ADS_STATUS status;
+ enum wb_posix_mapping map_type;
+
if (attr_uidnumber != NULL && attr_gidnumber != NULL) {
- return True;
+ return ADS_ERROR(LDAP_SUCCESS);
}
- if (use_nss_info("sfu")) {
-
- if (!ads_check_sfu_mapping(ads)) {
- DEBUG(0,("ad_idmap_check_attr_mapping: failed to check for SFU schema\n"));
- return False;
- }
+ SMB_ASSERT(ads->server.workgroup);
- attr_uidnumber = SMB_STRDUP(ads->schema.sfu_uidnumber_attr);
- attr_gidnumber = SMB_STRDUP(ads->schema.sfu_gidnumber_attr);
+ map_type = get_nss_info(ads->server.workgroup);
- } else {
- attr_uidnumber = SMB_STRDUP("uidNumber");
- attr_gidnumber = SMB_STRDUP("gidNumber");
+ if ((map_type == WB_POSIX_MAP_SFU) ||
+ (map_type == WB_POSIX_MAP_RFC2307)) {
+
+ status = ads_check_posix_schema_mapping(ads, map_type);
+ if (ADS_ERR_OK(status)) {
+ attr_uidnumber = SMB_STRDUP(ads->schema.posix_uidnumber_attr);
+ attr_gidnumber = SMB_STRDUP(ads->schema.posix_gidnumber_attr);
+ ADS_ERROR_HAVE_NO_MEMORY(attr_uidnumber);
+ ADS_ERROR_HAVE_NO_MEMORY(attr_gidnumber);
+ return ADS_ERROR(LDAP_SUCCESS);
+ } else {
+ DEBUG(0,("ads_check_posix_schema_mapping failed: %s\n", ads_errstr(status)));
+ /* return status; */
+ }
}
+
+ /* fallback to XAD defaults */
+ attr_uidnumber = SMB_STRDUP("uidNumber");
+ attr_gidnumber = SMB_STRDUP("gidNumber");
+ ADS_ERROR_HAVE_NO_MEMORY(attr_uidnumber);
+ ADS_ERROR_HAVE_NO_MEMORY(attr_gidnumber);
- return True;
+ return ADS_ERROR(LDAP_SUCCESS);
}
static ADS_STRUCT *ad_idmap_cached_connection(void)
@@ -123,7 +129,8 @@ static ADS_STRUCT *ad_idmap_cached_connection(void)
ads->is_mine = False;
- if (!ad_idmap_check_attr_mapping(ads)) {
+ status = ad_idmap_check_attr_mapping(ads);
+ if (!ADS_ERR_OK(status)) {
DEBUG(1, ("ad_idmap_init: failed to check attribute mapping\n"));
return NULL;
}
@@ -168,14 +175,14 @@ static NTSTATUS ad_idmap_get_sid_from_id(DOM_SID *sid, unid_t unid, int id_type)
case ID_USERID:
if (asprintf(&expr, "(&(|(sAMAccountType=%d)(sAMAccountType=%d)(sAMAccountType=%d))(%s=%d))",
ATYPE_NORMAL_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST,
- ATTR_UIDNUMBER, (int)unid.uid) == -1) {
+ ads->schema.posix_uidnumber_attr, (int)unid.uid) == -1) {
return NT_STATUS_NO_MEMORY;
}
break;
case ID_GROUPID:
if (asprintf(&expr, "(&(|(sAMAccountType=%d)(sAMAccountType=%d))(%s=%d))",
ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP,
- ATTR_GIDNUMBER, (int)unid.gid) == -1) {
+ ads->schema.posix_gidnumber_attr, (int)unid.gid) == -1) {
return NT_STATUS_NO_MEMORY;
}
break;
@@ -228,7 +235,11 @@ static NTSTATUS ad_idmap_get_id_from_sid(unid_t *unid, int *id_type, const DOM_S
{
ADS_STATUS rc;
NTSTATUS status = NT_STATUS_NONE_MAPPED;
- const char *attrs[] = { "sAMAccountType", ATTR_UIDNUMBER, ATTR_GIDNUMBER, NULL };
+ const char *attrs[] = { "sAMAccountType", ADS_ATTR_SFU_UIDNUMBER_OID,
+ ADS_ATTR_SFU_GIDNUMBER_OID,
+ ADS_ATTR_RFC2307_UIDNUMBER_OID,
+ ADS_ATTR_RFC2307_GIDNUMBER_OID,
+ NULL };
void *res = NULL;
void *msg = NULL;
char *expr = NULL;