summaryrefslogtreecommitdiff
path: root/src/providers/ldap
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-06-12 14:37:35 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-28 20:20:59 +0200
commit949fbc93defad394648b2651b43a7bbfa5bff42b (patch)
tree390560cf1fd747cac9e26322d6104466dde98525 /src/providers/ldap
parenteceefd520802efe356d413a13247c5f68d8e27c8 (diff)
downloadsssd-949fbc93defad394648b2651b43a7bbfa5bff42b.tar.gz
sssd-949fbc93defad394648b2651b43a7bbfa5bff42b.tar.bz2
sssd-949fbc93defad394648b2651b43a7bbfa5bff42b.zip
SDAP IDMAP: Add configured domain to idmap context
To allow libsss_idmap to manage all id-ranges the id-ranges of the domains configured in sssd.conf which are currently unmanaged must be added to libsss_idmap.
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/sdap_idmap.c70
1 files changed, 70 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c
index a81bc98b..5d96fce2 100644
--- a/src/providers/ldap/sdap_idmap.c
+++ b/src/providers/ldap/sdap_idmap.c
@@ -37,6 +37,64 @@ sdap_idmap_talloc_free(void *ptr, void *pvt)
talloc_free(ptr);
}
+static errno_t
+sdap_idmap_add_configured_external_range(struct sdap_idmap_ctx *idmap_ctx)
+{
+ int int_id;
+ struct sss_idmap_range range;
+ struct sdap_id_ctx *id_ctx;
+ enum idmap_error_code err;
+
+ if (idmap_ctx == NULL) {
+ return EINVAL;
+ }
+
+ id_ctx = idmap_ctx->id_ctx;
+
+ int_id = dp_opt_get_int(id_ctx->opts->basic, SDAP_MIN_ID);
+ if (int_id < 0) {
+ DEBUG(SSSDBG_CONF_SETTINGS, ("ldap_min_id must be greater than 0.\n"));
+ return EINVAL;
+ }
+ range.min = int_id;
+
+ int_id = dp_opt_get_int(id_ctx->opts->basic, SDAP_MAX_ID);
+ if (int_id < 0) {
+ DEBUG(SSSDBG_CONF_SETTINGS, ("ldap_min_id must be greater than 0.\n"));
+ return EINVAL;
+ }
+ range.max = int_id;
+
+ if ((range.min == 0 && range.max != 0)
+ || (range.min != 0 && range.max == 0)) {
+ DEBUG(SSSDBG_CONF_SETTINGS, ("Both ldap_min_id and ldap_max_id " \
+ "either must be 0 (not set) " \
+ "or positive integers.\n"));
+ return EINVAL;
+ }
+
+ if (range.min == 0 && range.max == 0) {
+ /* ldap_min_id and ldap_max_id not set, using min_id and max_id */
+ range.min = id_ctx->be->domain->id_min;
+ range.max = id_ctx->be->domain->id_max;
+ if (range.max == 0) {
+ range.max = UINT32_MAX;
+ }
+ }
+
+ err = sss_idmap_add_domain_ex(idmap_ctx->map, id_ctx->be->domain->name,
+ id_ctx->be->domain->domain_id, &range,
+ NULL, 0, true);
+ if (err != IDMAP_SUCCESS) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Could not add domain [%s] to the map: [%d]\n",
+ id_ctx->be->domain->name, err));
+ return EIO;
+ }
+
+ return EOK;
+}
+
errno_t
sdap_idmap_init(TALLOC_CTX *mem_ctx,
struct sdap_id_ctx *id_ctx,
@@ -120,6 +178,18 @@ sdap_idmap_init(TALLOC_CTX *mem_ctx,
return EIO;
}
+
+ /* Setup range for externally managed IDs, i.e. IDs are read from the
+ * ldap_user_uid_number and ldap_group_gid_number attributes. */
+ if (!dp_opt_get_bool(idmap_ctx->id_ctx->opts->basic, SDAP_ID_MAPPING)) {
+ ret = sdap_idmap_add_configured_external_range(idmap_ctx);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("sdap_idmap_add_configured_external_range failed.\n"));
+ goto done;
+ }
+ }
+
/* Read in any existing mappings from the cache */
ret = sysdb_idmap_get_mappings(tmp_ctx, sysdb, id_ctx->be->domain, &res);
if (ret != EOK && ret != ENOENT) {