From fae99bfe4bfc8b4a12e9c2a0ad01b3684c22f934 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 15 Mar 2013 15:27:31 -0400 Subject: ldap: Fallback option for rfc2307 schema Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020 --- src/providers/ldap/sdap_async_initgroups.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'src/providers/ldap/sdap_async_initgroups.c') diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index a4310b46..23be22fd 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -26,6 +26,7 @@ #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_idmap.h" +#include "providers/ldap/sdap_users.h" /* ==Save-fake-group-list=====================================*/ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, @@ -2658,8 +2659,20 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) return; } - tevent_req_error(req, ENOENT); - return; + /* fallback to fetch a local user if required */ + if ((state->opts->schema_type == SDAP_SCHEMA_RFC2307) && + (dp_opt_get_bool(state->opts->basic, + SDAP_RFC2307_FALLBACK_TO_LOCAL_USERS) == true)) { + ret = sdap_fallback_local_user(state, state->opts, + state->name, -1, &usr_attrs); + } else { + ret = ENOENT; + } + + if (ret != EOK) { + tevent_req_error(req, ret); + return; + } } else if (count != 1) { DEBUG(2, ("Expected one user entry and got %d\n", count)); tevent_req_error(req, EINVAL); -- cgit