diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2012-04-21 09:09:43 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-05-03 14:09:14 -0400 |
commit | 2fd5864ac8eb2c4cfa0fafe7c0431a74f2ebe1fb (patch) | |
tree | 52617e91f66878f085b4bc09ec0f681d65a8d129 | |
parent | 8538f3d5109c548049c344fa042684d9d40f04d6 (diff) | |
download | sssd-2fd5864ac8eb2c4cfa0fafe7c0431a74f2ebe1fb.tar.gz sssd-2fd5864ac8eb2c4cfa0fafe7c0431a74f2ebe1fb.tar.bz2 sssd-2fd5864ac8eb2c4cfa0fafe7c0431a74f2ebe1fb.zip |
LDAP: Add autorid compatibility mode
-rw-r--r-- | src/config/SSSDConfig.py | 1 | ||||
-rw-r--r-- | src/config/etc/sssd.api.d/sssd-ipa.conf | 1 | ||||
-rw-r--r-- | src/config/etc/sssd.api.d/sssd-ldap.conf | 1 | ||||
-rw-r--r-- | src/providers/ipa/ipa_opts.h | 1 | ||||
-rw-r--r-- | src/providers/ldap/ldap_opts.h | 1 | ||||
-rw-r--r-- | src/providers/ldap/sdap.h | 1 | ||||
-rw-r--r-- | src/providers/ldap/sdap_idmap.c | 22 |
7 files changed, 20 insertions, 8 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index a48602b2..bdbb9021 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -264,6 +264,7 @@ option_strings = { 'ldap_idmap_range_min' : _('Lower bound for ID-mapping'), 'ldap_idmap_range_max' : _('Upper bound for ID-mapping'), 'ldap_idmap_range_size' : _('Number of IDs for each slice when ID-mapping'), + 'ldap_idmap_autorid_compat' : _('Use autorid-compatible algorithm for ID-mapping'), # [provider/ldap/auth] 'ldap_pwd_policy' : _('Policy to evaluate the password expiration'), diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index 1cad031f..0447d0c4 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -113,6 +113,7 @@ ipa_host_ssh_public_key = str, None, false ldap_idmap_range_min = int, None, false ldap_idmap_range_max = int, None, false ldap_idmap_range_size = int, None, false +ldap_idmap_autorid_compat = bool, None, false [provider/ipa/auth] krb5_ccachedir = str, None, false diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 79518155..1ea1c948 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -107,6 +107,7 @@ ldap_service_entry_usn = str, None, false ldap_idmap_range_min = int, None, false ldap_idmap_range_max = int, None, false ldap_idmap_range_size = int, None, false +ldap_idmap_autorid_compat = bool, None, false [provider/ldap/auth] ldap_pwd_policy = str, None, false diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index 866bd3ce..ee9ff15f 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -117,6 +117,7 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 100001 }, NULL_NUMBER }, { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000100000LL }, NULL_NUMBER }, { "ldap_idmap_range_size", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, + { "ldap_idmap_autorid_compat", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, DP_OPTION_TERMINATOR }; diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h index a4c78069..8b8ea25c 100644 --- a/src/providers/ldap/ldap_opts.h +++ b/src/providers/ldap/ldap_opts.h @@ -99,6 +99,7 @@ struct dp_option default_basic_opts[] = { { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 100001 }, NULL_NUMBER }, { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000100000LL }, NULL_NUMBER }, { "ldap_idmap_range_size", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, + { "ldap_idmap_autorid_compat", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, DP_OPTION_TERMINATOR }; diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index d72a0edd..7c55ad5a 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -214,6 +214,7 @@ enum sdap_basic_opt { SDAP_IDMAP_LOWER, SDAP_IDMAP_UPPER, SDAP_IDMAP_RANGESIZE, + SDAP_IDMAP_AUTORID_COMPAT, SDAP_OPTS_BASIC /* opts counter */ }; diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c index ea65195a..24e7ef37 100644 --- a/src/providers/ldap/sdap_idmap.c +++ b/src/providers/ldap/sdap_idmap.c @@ -196,15 +196,21 @@ sdap_idmap_add_domain(struct sdap_idmap_ctx *idmap_ctx, } else { /* If slice is -1, we're being asked to pick a new slice */ - /* Hash the domain sid string */ - hash_val = murmurhash3(dom_sid, strlen(dom_sid), 0xdeadbeef); - - /* Now get take the modulus of the hash val and the max_slices - * to determine its optimal position in the range. - */ - new_slice->slice_num = hash_val % max_slices; - orig_slice = new_slice->slice_num; + if (dp_opt_get_bool(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_AUTORID_COMPAT)) { + /* In autorid compatibility mode, always start at 0 and find the first + * free value. + */ + orig_slice = 0; + } else { + /* Hash the domain sid string */ + hash_val = murmurhash3(dom_sid, strlen(dom_sid), 0xdeadbeef); + /* Now get take the modulus of the hash val and the max_slices + * to determine its optimal position in the range. + */ + new_slice->slice_num = hash_val % max_slices; + orig_slice = new_slice->slice_num; + } /* Verify that this slice is not already in use */ do { DLIST_FOR_EACH(s, idmap_ctx->slices) { |