diff options
| author | Simo Sorce <simo@redhat.com> | 2013-03-15 15:27:31 -0400 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-03-20 11:49:50 +0100 |
| commit | fae99bfe4bfc8b4a12e9c2a0ad01b3684c22f934 (patch) | |
| tree | 333f20454afe5782e569a41d929631d938905151 /src/providers/ldap/ldap_id.c | |
| parent | dfd71fc92db940b2892cc996911cec03d7b6c52b (diff) | |
| download | sssd-fae99bfe4bfc8b4a12e9c2a0ad01b3684c22f934.tar.gz sssd-fae99bfe4bfc8b4a12e9c2a0ad01b3684c22f934.tar.bz2 sssd-fae99bfe4bfc8b4a12e9c2a0ad01b3684c22f934.zip | |
ldap: Fallback option for rfc2307 schema
Add option to fallback to fetch local users if rfc2307is being used.
This is useful for cases where people added local users as LDAP members
and rely on these group memberships to be maintained on the local host.
Disabled by default as it violates identity domain separation.
Ticket:
https://fedorahosted.org/sssd/ticket/1020
Diffstat (limited to 'src/providers/ldap/ldap_id.c')
| -rw-r--r-- | src/providers/ldap/ldap_id.c | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index d24b8aa6..073f6869 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -32,6 +32,7 @@ #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_idmap.h" +#include "providers/ldap/sdap_users.h" /* =Users-Related-Functions-(by-name,by-uid)============================== */ @@ -244,6 +245,44 @@ static void users_get_done(struct tevent_req *subreq) return; } + if ((ret == ENOENT) && + (state->ctx->opts->schema_type == SDAP_SCHEMA_RFC2307) && + (dp_opt_get_bool(state->ctx->opts->basic, + SDAP_RFC2307_FALLBACK_TO_LOCAL_USERS) == true)) { + struct sysdb_attrs **usr_attrs; + const char *name = NULL; + bool fallback; + + switch (state->filter_type) { + case BE_FILTER_NAME: + name = state->name; + uid = -1; + fallback = true; + break; + case BE_FILTER_IDNUM: + uid = (uid_t) strtouint32(state->name, &endptr, 10); + if (errno || *endptr || (state->name == endptr)) { + tevent_req_error(req, errno ? errno : EINVAL); + return; + } + fallback = true; + break; + default: + fallback = false; + break; + } + + if (fallback) { + ret = sdap_fallback_local_user(state, state->ctx->opts, + name, uid, &usr_attrs); + if (ret == EOK) { + ret = sdap_save_user(state, state->sysdb, + state->ctx->opts, state->domain, + usr_attrs[0], false, NULL, 0); + } + } + } + if (ret && ret != ENOENT) { state->dp_error = dp_error; tevent_req_error(req, ret); |