diff options
-rw-r--r-- | server/config/etc/sssd.api.d/sssd-ldap.conf | 2 | ||||
-rw-r--r-- | server/db/sysdb.h | 3 | ||||
-rw-r--r-- | server/providers/ipa/ipa_common.c | 17 | ||||
-rw-r--r-- | server/providers/ldap/ldap_common.c | 40 | ||||
-rw-r--r-- | server/providers/ldap/ldap_id.c | 2 | ||||
-rw-r--r-- | server/providers/ldap/sdap.c | 10 | ||||
-rw-r--r-- | server/providers/ldap/sdap.h | 22 |
7 files changed, 75 insertions, 21 deletions
diff --git a/server/config/etc/sssd.api.d/sssd-ldap.conf b/server/config/etc/sssd.api.d/sssd-ldap.conf index 1c094f6d..af1e66cf 100644 --- a/server/config/etc/sssd.api.d/sssd-ldap.conf +++ b/server/config/etc/sssd.api.d/sssd-ldap.conf @@ -16,6 +16,8 @@ krb5_kdcip = str, None krb5_realm = str, None ldap_krb5_keytab = str, None ldap_krb5_init_creds = bool, None +ldap_entry_usn = str, None +ldap_rootdse_last_usn = str, None [provider/ldap/id] ldap_search_timeout = int, None diff --git a/server/db/sysdb.h b/server/db/sysdb.h index 72f56dba..642cc30a 100644 --- a/server/db/sysdb.h +++ b/server/db/sysdb.h @@ -75,6 +75,9 @@ #define SYSDB_ORIG_DN "originalDN" #define SYSDB_ORIG_MODSTAMP "originalModifyTimestamp" +#define SYSDB_USN "entryUSN" +#define SYSDB_HIGH_USN "highestUSN" + #define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)" #define SYSDB_UC "objectclass="SYSDB_USER_CLASS diff --git a/server/providers/ipa/ipa_common.c b/server/providers/ipa/ipa_common.c index 3f4d25de..a571aead 100644 --- a/server/providers/ipa/ipa_common.c +++ b/server/providers/ipa/ipa_common.c @@ -63,7 +63,12 @@ struct dp_option ipa_def_ldap_opts[] = { { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING } }; -struct sdap_id_map ipa_user_map[] = { +struct sdap_attr_map ipa_attr_map[] = { + { "ldap_entry_usn", "entryUSN", SYSDB_USN, NULL }, + { "ldap_rootdse_last_usn", "lastUSN", SYSDB_HIGH_USN, NULL } +}; + +struct sdap_attr_map ipa_user_map[] = { { "ldap_user_object_class", "posixAccount", SYSDB_USER_CLASS, NULL }, { "ldap_user_name", "uid", SYSDB_NAME, NULL }, { "ldap_user_pwd", "userPassword", SYSDB_PWD, NULL }, @@ -89,7 +94,7 @@ struct sdap_id_map ipa_user_map[] = { { "ldap_pwd_attribute", "pwdAttribute", SYSDB_PWD_ATTRIBUTE, NULL } }; -struct sdap_id_map ipa_group_map[] = { +struct sdap_attr_map ipa_group_map[] = { { "ldap_group_object_class", "posixGroup", SYSDB_GROUP_CLASS, NULL }, { "ldap_group_name", "cn", SYSDB_NAME, NULL }, { "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL }, @@ -354,6 +359,14 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, SDAP_GROUP_SEARCH_BASE))); } + ret = sdap_get_map(ipa_opts->id, cdb, conf_path, + ipa_attr_map, + SDAP_AT_GENERAL, + &ipa_opts->id->gen_map); + if (ret != EOK) { + goto done; + } + ret = sdap_get_map(ipa_opts->id, cdb, conf_path, ipa_user_map, diff --git a/server/providers/ldap/ldap_common.c b/server/providers/ldap/ldap_common.c index b117d022..f7cdf75e 100644 --- a/server/providers/ldap/ldap_common.c +++ b/server/providers/ldap/ldap_common.c @@ -56,7 +56,22 @@ struct dp_option default_basic_opts[] = { { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING } }; -struct sdap_id_map rfc2307_user_map[] = { +struct sdap_attr_map generic_attr_map[] = { + { "ldap_entry_usn", NULL, SYSDB_USN, NULL }, + { "ldap_rootdse_last_usn", NULL, SYSDB_USN, NULL } +}; + +struct sdap_attr_map gen_ipa_attr_map[] = { + { "ldap_entry_usn", "entryUSN", SYSDB_USN, NULL }, + { "ldap_rootdse_last_usn", "lastUSN", SYSDB_HIGH_USN, NULL } +}; + +struct sdap_attr_map gen_ad_attr_map[] = { + { "ldap_entry_usn", "uSNChanged", SYSDB_USN, NULL }, + { "ldap_rootdse_last_usn", "highestCommittedUSN", SYSDB_HIGH_USN, NULL } +}; + +struct sdap_attr_map rfc2307_user_map[] = { { "ldap_user_object_class", "posixAccount", SYSDB_USER_CLASS, NULL }, { "ldap_user_name", "uid", SYSDB_NAME, NULL }, { "ldap_user_pwd", "userPassword", SYSDB_PWD, NULL }, @@ -82,7 +97,7 @@ struct sdap_id_map rfc2307_user_map[] = { { "ldap_pwd_attribute", "pwdAttribute", SYSDB_PWD_ATTRIBUTE, NULL } }; -struct sdap_id_map rfc2307_group_map[] = { +struct sdap_attr_map rfc2307_group_map[] = { { "ldap_group_object_class", "posixGroup", SYSDB_GROUP_CLASS, NULL }, { "ldap_group_name", "cn", SYSDB_NAME, NULL }, { "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL }, @@ -92,7 +107,7 @@ struct sdap_id_map rfc2307_group_map[] = { { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL } }; -struct sdap_id_map rfc2307bis_user_map[] = { +struct sdap_attr_map rfc2307bis_user_map[] = { { "ldap_user_object_class", "posixAccount", SYSDB_USER_CLASS, NULL }, { "ldap_user_name", "uid", SYSDB_NAME, NULL }, { "ldap_user_pwd", "userPassword", SYSDB_PWD, NULL }, @@ -119,7 +134,7 @@ struct sdap_id_map rfc2307bis_user_map[] = { { "ldap_pwd_attribute", "pwdAttribute", SYSDB_PWD_ATTRIBUTE, NULL } }; -struct sdap_id_map rfc2307bis_group_map[] = { +struct sdap_attr_map rfc2307bis_group_map[] = { { "ldap_group_object_class", "posixGroup", SYSDB_GROUP_CLASS, NULL }, { "ldap_group_name", "cn", SYSDB_NAME, NULL }, { "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL }, @@ -135,8 +150,9 @@ int ldap_get_options(TALLOC_CTX *memctx, const char *conf_path, struct sdap_options **_opts) { - struct sdap_id_map *default_user_map; - struct sdap_id_map *default_group_map; + struct sdap_attr_map *default_attr_map; + struct sdap_attr_map *default_user_map; + struct sdap_attr_map *default_group_map; struct sdap_options *opts; char *schema; int ret; @@ -181,21 +197,25 @@ int ldap_get_options(TALLOC_CTX *memctx, schema = dp_opt_get_string(opts->basic, SDAP_SCHEMA); if (strcasecmp(schema, "rfc2307") == 0) { opts->schema_type = SDAP_SCHEMA_RFC2307; + default_attr_map = generic_attr_map; default_user_map = rfc2307_user_map; default_group_map = rfc2307_group_map; } else if (strcasecmp(schema, "rfc2307bis") == 0) { opts->schema_type = SDAP_SCHEMA_RFC2307BIS; + default_attr_map = generic_attr_map; default_user_map = rfc2307bis_user_map; default_group_map = rfc2307bis_group_map; } else if (strcasecmp(schema, "IPA") == 0) { opts->schema_type = SDAP_SCHEMA_IPA_V1; + default_attr_map = gen_ipa_attr_map; default_user_map = rfc2307bis_user_map; default_group_map = rfc2307bis_group_map; } else if (strcasecmp(schema, "AD") == 0) { opts->schema_type = SDAP_SCHEMA_AD; + default_attr_map = gen_ad_attr_map; default_user_map = rfc2307bis_user_map; default_group_map = rfc2307bis_group_map; } else { @@ -205,6 +225,14 @@ int ldap_get_options(TALLOC_CTX *memctx, } ret = sdap_get_map(opts, cdb, conf_path, + default_attr_map, + SDAP_AT_GENERAL, + &opts->gen_map); + if (ret != EOK) { + goto done; + } + + ret = sdap_get_map(opts, cdb, conf_path, default_user_map, SDAP_OPTS_USER, &opts->user_map); diff --git a/server/providers/ldap/ldap_id.c b/server/providers/ldap/ldap_id.c index 7e69c3dc..b7e29e61 100644 --- a/server/providers/ldap/ldap_id.c +++ b/server/providers/ldap/ldap_id.c @@ -33,7 +33,7 @@ #include "providers/ldap/sdap_async.h" static int build_attrs_from_map(TALLOC_CTX *memctx, - struct sdap_id_map *map, + struct sdap_attr_map *map, size_t size, const char ***_attrs) { diff --git a/server/providers/ldap/sdap.c b/server/providers/ldap/sdap.c index 94cea885..5da698a1 100644 --- a/server/providers/ldap/sdap.c +++ b/server/providers/ldap/sdap.c @@ -29,14 +29,14 @@ int sdap_get_map(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, - struct sdap_id_map *def_map, + struct sdap_attr_map *def_map, int num_entries, - struct sdap_id_map **_map) + struct sdap_attr_map **_map) { - struct sdap_id_map *map; + struct sdap_attr_map *map; int i, ret; - map = talloc_array(memctx, struct sdap_id_map, num_entries); + map = talloc_array(memctx, struct sdap_attr_map, num_entries); if (!map) { return ENOMEM; } @@ -70,7 +70,7 @@ int sdap_get_map(TALLOC_CTX *memctx, static int sdap_parse_entry(TALLOC_CTX *memctx, struct sdap_handle *sh, struct sdap_msg *sm, - struct sdap_id_map *map, int attrs_num, + struct sdap_attr_map *map, int attrs_num, struct sysdb_attrs **_attrs, char **_dn) { struct sysdb_attrs *attrs; diff --git a/server/providers/ldap/sdap.h b/server/providers/ldap/sdap.h index 152d46b9..03dab304 100644 --- a/server/providers/ldap/sdap.h +++ b/server/providers/ldap/sdap.h @@ -120,9 +120,16 @@ enum sdap_basic_opt { SDAP_OPTS_BASIC /* opts counter */ }; +enum sdap_gen_attrs { + SDAP_AT_ENTRY_USN = 0, + SDAP_AT_LAST_USN, + + SDAP_AT_GENERAL /* attrs counter */ +}; + /* the objectclass must be the first attribute. * Functions depend on this */ -enum sdap_user_opt { +enum sdap_user_attrs { SDAP_OC_USER = 0, SDAP_AT_USER_NAME, SDAP_AT_USER_PWD, @@ -154,7 +161,7 @@ enum sdap_user_opt { /* the objectclass must be the first attribute. * Functions depend on this */ -enum sdap_group_opt { +enum sdap_group_attrs { SDAP_OC_GROUP = 0, SDAP_AT_GROUP_NAME, SDAP_AT_GROUP_PWD, @@ -166,7 +173,7 @@ enum sdap_group_opt { SDAP_OPTS_GROUP /* attrs counter */ }; -struct sdap_id_map { +struct sdap_attr_map { const char *opt_name; const char *def_name; const char *sys_name; @@ -175,8 +182,9 @@ struct sdap_id_map { struct sdap_options { struct dp_option *basic; - struct sdap_id_map *user_map; - struct sdap_id_map *group_map; + struct sdap_attr_map *gen_map; + struct sdap_attr_map *user_map; + struct sdap_attr_map *group_map; /* supported schema types */ enum schema_type { @@ -193,9 +201,9 @@ struct sdap_options { int sdap_get_map(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, - struct sdap_id_map *def_map, + struct sdap_attr_map *def_map, int num_entries, - struct sdap_id_map **_map); + struct sdap_attr_map **_map); int sdap_parse_user(TALLOC_CTX *memctx, struct sdap_options *opts, struct sdap_handle *sh, struct sdap_msg *sm, |