summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--server/config/etc/sssd.api.d/sssd-ldap.conf2
-rw-r--r--server/db/sysdb.h3
-rw-r--r--server/providers/ipa/ipa_common.c17
-rw-r--r--server/providers/ldap/ldap_common.c40
-rw-r--r--server/providers/ldap/ldap_id.c2
-rw-r--r--server/providers/ldap/sdap.c10
-rw-r--r--server/providers/ldap/sdap.h22
7 files changed, 75 insertions, 21 deletions
diff --git a/server/config/etc/sssd.api.d/sssd-ldap.conf b/server/config/etc/sssd.api.d/sssd-ldap.conf
index 1c094f6d..af1e66cf 100644
--- a/server/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/server/config/etc/sssd.api.d/sssd-ldap.conf
@@ -16,6 +16,8 @@ krb5_kdcip = str, None
krb5_realm = str, None
ldap_krb5_keytab = str, None
ldap_krb5_init_creds = bool, None
+ldap_entry_usn = str, None
+ldap_rootdse_last_usn = str, None
[provider/ldap/id]
ldap_search_timeout = int, None
diff --git a/server/db/sysdb.h b/server/db/sysdb.h
index 72f56dba..642cc30a 100644
--- a/server/db/sysdb.h
+++ b/server/db/sysdb.h
@@ -75,6 +75,9 @@
#define SYSDB_ORIG_DN "originalDN"
#define SYSDB_ORIG_MODSTAMP "originalModifyTimestamp"
+#define SYSDB_USN "entryUSN"
+#define SYSDB_HIGH_USN "highestUSN"
+
#define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)"
#define SYSDB_UC "objectclass="SYSDB_USER_CLASS
diff --git a/server/providers/ipa/ipa_common.c b/server/providers/ipa/ipa_common.c
index 3f4d25de..a571aead 100644
--- a/server/providers/ipa/ipa_common.c
+++ b/server/providers/ipa/ipa_common.c
@@ -63,7 +63,12 @@ struct dp_option ipa_def_ldap_opts[] = {
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }
};
-struct sdap_id_map ipa_user_map[] = {
+struct sdap_attr_map ipa_attr_map[] = {
+ { "ldap_entry_usn", "entryUSN", SYSDB_USN, NULL },
+ { "ldap_rootdse_last_usn", "lastUSN", SYSDB_HIGH_USN, NULL }
+};
+
+struct sdap_attr_map ipa_user_map[] = {
{ "ldap_user_object_class", "posixAccount", SYSDB_USER_CLASS, NULL },
{ "ldap_user_name", "uid", SYSDB_NAME, NULL },
{ "ldap_user_pwd", "userPassword", SYSDB_PWD, NULL },
@@ -89,7 +94,7 @@ struct sdap_id_map ipa_user_map[] = {
{ "ldap_pwd_attribute", "pwdAttribute", SYSDB_PWD_ATTRIBUTE, NULL }
};
-struct sdap_id_map ipa_group_map[] = {
+struct sdap_attr_map ipa_group_map[] = {
{ "ldap_group_object_class", "posixGroup", SYSDB_GROUP_CLASS, NULL },
{ "ldap_group_name", "cn", SYSDB_NAME, NULL },
{ "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL },
@@ -354,6 +359,14 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
SDAP_GROUP_SEARCH_BASE)));
}
+ ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
+ ipa_attr_map,
+ SDAP_AT_GENERAL,
+ &ipa_opts->id->gen_map);
+ if (ret != EOK) {
+ goto done;
+ }
+
ret = sdap_get_map(ipa_opts->id,
cdb, conf_path,
ipa_user_map,
diff --git a/server/providers/ldap/ldap_common.c b/server/providers/ldap/ldap_common.c
index b117d022..f7cdf75e 100644
--- a/server/providers/ldap/ldap_common.c
+++ b/server/providers/ldap/ldap_common.c
@@ -56,7 +56,22 @@ struct dp_option default_basic_opts[] = {
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }
};
-struct sdap_id_map rfc2307_user_map[] = {
+struct sdap_attr_map generic_attr_map[] = {
+ { "ldap_entry_usn", NULL, SYSDB_USN, NULL },
+ { "ldap_rootdse_last_usn", NULL, SYSDB_USN, NULL }
+};
+
+struct sdap_attr_map gen_ipa_attr_map[] = {
+ { "ldap_entry_usn", "entryUSN", SYSDB_USN, NULL },
+ { "ldap_rootdse_last_usn", "lastUSN", SYSDB_HIGH_USN, NULL }
+};
+
+struct sdap_attr_map gen_ad_attr_map[] = {
+ { "ldap_entry_usn", "uSNChanged", SYSDB_USN, NULL },
+ { "ldap_rootdse_last_usn", "highestCommittedUSN", SYSDB_HIGH_USN, NULL }
+};
+
+struct sdap_attr_map rfc2307_user_map[] = {
{ "ldap_user_object_class", "posixAccount", SYSDB_USER_CLASS, NULL },
{ "ldap_user_name", "uid", SYSDB_NAME, NULL },
{ "ldap_user_pwd", "userPassword", SYSDB_PWD, NULL },
@@ -82,7 +97,7 @@ struct sdap_id_map rfc2307_user_map[] = {
{ "ldap_pwd_attribute", "pwdAttribute", SYSDB_PWD_ATTRIBUTE, NULL }
};
-struct sdap_id_map rfc2307_group_map[] = {
+struct sdap_attr_map rfc2307_group_map[] = {
{ "ldap_group_object_class", "posixGroup", SYSDB_GROUP_CLASS, NULL },
{ "ldap_group_name", "cn", SYSDB_NAME, NULL },
{ "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL },
@@ -92,7 +107,7 @@ struct sdap_id_map rfc2307_group_map[] = {
{ "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }
};
-struct sdap_id_map rfc2307bis_user_map[] = {
+struct sdap_attr_map rfc2307bis_user_map[] = {
{ "ldap_user_object_class", "posixAccount", SYSDB_USER_CLASS, NULL },
{ "ldap_user_name", "uid", SYSDB_NAME, NULL },
{ "ldap_user_pwd", "userPassword", SYSDB_PWD, NULL },
@@ -119,7 +134,7 @@ struct sdap_id_map rfc2307bis_user_map[] = {
{ "ldap_pwd_attribute", "pwdAttribute", SYSDB_PWD_ATTRIBUTE, NULL }
};
-struct sdap_id_map rfc2307bis_group_map[] = {
+struct sdap_attr_map rfc2307bis_group_map[] = {
{ "ldap_group_object_class", "posixGroup", SYSDB_GROUP_CLASS, NULL },
{ "ldap_group_name", "cn", SYSDB_NAME, NULL },
{ "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL },
@@ -135,8 +150,9 @@ int ldap_get_options(TALLOC_CTX *memctx,
const char *conf_path,
struct sdap_options **_opts)
{
- struct sdap_id_map *default_user_map;
- struct sdap_id_map *default_group_map;
+ struct sdap_attr_map *default_attr_map;
+ struct sdap_attr_map *default_user_map;
+ struct sdap_attr_map *default_group_map;
struct sdap_options *opts;
char *schema;
int ret;
@@ -181,21 +197,25 @@ int ldap_get_options(TALLOC_CTX *memctx,
schema = dp_opt_get_string(opts->basic, SDAP_SCHEMA);
if (strcasecmp(schema, "rfc2307") == 0) {
opts->schema_type = SDAP_SCHEMA_RFC2307;
+ default_attr_map = generic_attr_map;
default_user_map = rfc2307_user_map;
default_group_map = rfc2307_group_map;
} else
if (strcasecmp(schema, "rfc2307bis") == 0) {
opts->schema_type = SDAP_SCHEMA_RFC2307BIS;
+ default_attr_map = generic_attr_map;
default_user_map = rfc2307bis_user_map;
default_group_map = rfc2307bis_group_map;
} else
if (strcasecmp(schema, "IPA") == 0) {
opts->schema_type = SDAP_SCHEMA_IPA_V1;
+ default_attr_map = gen_ipa_attr_map;
default_user_map = rfc2307bis_user_map;
default_group_map = rfc2307bis_group_map;
} else
if (strcasecmp(schema, "AD") == 0) {
opts->schema_type = SDAP_SCHEMA_AD;
+ default_attr_map = gen_ad_attr_map;
default_user_map = rfc2307bis_user_map;
default_group_map = rfc2307bis_group_map;
} else {
@@ -205,6 +225,14 @@ int ldap_get_options(TALLOC_CTX *memctx,
}
ret = sdap_get_map(opts, cdb, conf_path,
+ default_attr_map,
+ SDAP_AT_GENERAL,
+ &opts->gen_map);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ ret = sdap_get_map(opts, cdb, conf_path,
default_user_map,
SDAP_OPTS_USER,
&opts->user_map);
diff --git a/server/providers/ldap/ldap_id.c b/server/providers/ldap/ldap_id.c
index 7e69c3dc..b7e29e61 100644
--- a/server/providers/ldap/ldap_id.c
+++ b/server/providers/ldap/ldap_id.c
@@ -33,7 +33,7 @@
#include "providers/ldap/sdap_async.h"
static int build_attrs_from_map(TALLOC_CTX *memctx,
- struct sdap_id_map *map,
+ struct sdap_attr_map *map,
size_t size,
const char ***_attrs)
{
diff --git a/server/providers/ldap/sdap.c b/server/providers/ldap/sdap.c
index 94cea885..5da698a1 100644
--- a/server/providers/ldap/sdap.c
+++ b/server/providers/ldap/sdap.c
@@ -29,14 +29,14 @@
int sdap_get_map(TALLOC_CTX *memctx,
struct confdb_ctx *cdb,
const char *conf_path,
- struct sdap_id_map *def_map,
+ struct sdap_attr_map *def_map,
int num_entries,
- struct sdap_id_map **_map)
+ struct sdap_attr_map **_map)
{
- struct sdap_id_map *map;
+ struct sdap_attr_map *map;
int i, ret;
- map = talloc_array(memctx, struct sdap_id_map, num_entries);
+ map = talloc_array(memctx, struct sdap_attr_map, num_entries);
if (!map) {
return ENOMEM;
}
@@ -70,7 +70,7 @@ int sdap_get_map(TALLOC_CTX *memctx,
static int sdap_parse_entry(TALLOC_CTX *memctx,
struct sdap_handle *sh, struct sdap_msg *sm,
- struct sdap_id_map *map, int attrs_num,
+ struct sdap_attr_map *map, int attrs_num,
struct sysdb_attrs **_attrs, char **_dn)
{
struct sysdb_attrs *attrs;
diff --git a/server/providers/ldap/sdap.h b/server/providers/ldap/sdap.h
index 152d46b9..03dab304 100644
--- a/server/providers/ldap/sdap.h
+++ b/server/providers/ldap/sdap.h
@@ -120,9 +120,16 @@ enum sdap_basic_opt {
SDAP_OPTS_BASIC /* opts counter */
};
+enum sdap_gen_attrs {
+ SDAP_AT_ENTRY_USN = 0,
+ SDAP_AT_LAST_USN,
+
+ SDAP_AT_GENERAL /* attrs counter */
+};
+
/* the objectclass must be the first attribute.
* Functions depend on this */
-enum sdap_user_opt {
+enum sdap_user_attrs {
SDAP_OC_USER = 0,
SDAP_AT_USER_NAME,
SDAP_AT_USER_PWD,
@@ -154,7 +161,7 @@ enum sdap_user_opt {
/* the objectclass must be the first attribute.
* Functions depend on this */
-enum sdap_group_opt {
+enum sdap_group_attrs {
SDAP_OC_GROUP = 0,
SDAP_AT_GROUP_NAME,
SDAP_AT_GROUP_PWD,
@@ -166,7 +173,7 @@ enum sdap_group_opt {
SDAP_OPTS_GROUP /* attrs counter */
};
-struct sdap_id_map {
+struct sdap_attr_map {
const char *opt_name;
const char *def_name;
const char *sys_name;
@@ -175,8 +182,9 @@ struct sdap_id_map {
struct sdap_options {
struct dp_option *basic;
- struct sdap_id_map *user_map;
- struct sdap_id_map *group_map;
+ struct sdap_attr_map *gen_map;
+ struct sdap_attr_map *user_map;
+ struct sdap_attr_map *group_map;
/* supported schema types */
enum schema_type {
@@ -193,9 +201,9 @@ struct sdap_options {
int sdap_get_map(TALLOC_CTX *memctx,
struct confdb_ctx *cdb,
const char *conf_path,
- struct sdap_id_map *def_map,
+ struct sdap_attr_map *def_map,
int num_entries,
- struct sdap_id_map **_map);
+ struct sdap_attr_map **_map);
int sdap_parse_user(TALLOC_CTX *memctx, struct sdap_options *opts,
struct sdap_handle *sh, struct sdap_msg *sm,