summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-04-22 11:12:00 -0400
committerStephen Gallagher <sgallagh@redhat.com>2012-05-03 14:09:14 -0400
commit28f9836c888ce351400f8d1fd42eac905ce99f1d (patch)
tree66e0c48e434946e79869e57b6b6cc8675940a2c2
parent1a79825cfbbd26ef12ad085487247e5adf4d657d (diff)
downloadsssd-28f9836c888ce351400f8d1fd42eac905ce99f1d.tar.gz
sssd-28f9836c888ce351400f8d1fd42eac905ce99f1d.tar.bz2
sssd-28f9836c888ce351400f8d1fd42eac905ce99f1d.zip
LDAP: Enable looking up id-mapped users by UID
-rw-r--r--src/providers/ldap/ldap_id.c49
1 files changed, 43 insertions, 6 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index a433a8d5..a210a472 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -31,6 +31,7 @@
#include "db/sysdb.h"
#include "providers/ldap/ldap_common.h"
#include "providers/ldap/sdap_async.h"
+#include "providers/ldap/sdap_idmap.h"
/* =Users-Related-Functions-(by-name,by-uid)============================== */
@@ -65,7 +66,11 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
struct users_get_state *state;
const char *attr_name;
char *clean_name;
+ char *endptr;
int ret;
+ uid_t uid;
+ enum idmap_error_code err;
+ char *sid;
req = tevent_req_create(memctx, &state, struct users_get_state);
if (!req) return NULL;
@@ -89,20 +94,52 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
switch (filter_type) {
case BE_FILTER_NAME:
attr_name = ctx->opts->user_map[SDAP_AT_USER_NAME].name;
+ ret = sss_filter_sanitize(state, name, &clean_name);
+ if (ret != EOK) {
+ goto fail;
+ }
break;
case BE_FILTER_IDNUM:
- attr_name = ctx->opts->user_map[SDAP_AT_USER_UID].name;
+ if (dp_opt_get_bool(ctx->opts->basic, SDAP_ID_MAPPING)) {
+ /* If we're ID-mapping, we need to use the objectSID
+ * in the search filter.
+ */
+ uid = strtouint32(name, &endptr, 10);
+ if (errno != EOK) {
+ ret = EINVAL;
+ goto fail;
+ }
+
+ /* Convert the UID to its objectSID */
+ err = sss_idmap_unix_to_sid(ctx->opts->idmap_ctx->map,
+ uid, &sid);
+ if (err != IDMAP_SUCCESS) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("Mapping ID [%s] to SID failed: [%s]\n",
+ name, idmap_error_string(err)));
+ ret = EIO;
+ goto fail;
+ }
+
+ attr_name = ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
+ ret = sss_filter_sanitize(state, sid, &clean_name);
+ if (ret != EOK) {
+ goto fail;
+ }
+
+ } else {
+ attr_name = ctx->opts->user_map[SDAP_AT_USER_UID].name;
+ ret = sss_filter_sanitize(state, name, &clean_name);
+ if (ret != EOK) {
+ goto fail;
+ }
+ }
break;
default:
ret = EINVAL;
goto fail;
}
- ret = sss_filter_sanitize(state, name, &clean_name);
- if (ret != EOK) {
- goto fail;
- }
-
state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))",
attr_name, clean_name,
ctx->opts->user_map[SDAP_OC_USER].name);