dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0079-Revert-LDAP-Change-defaults-for-ldap_user-group_obje.patch

905b4d
From 7f88b3a46f296520c1d73bb431c5960ba5daeba7 Mon Sep 17 00:00:00 2001
905b4d
From: Lukas Slebodnik <lslebodn@redhat.com>
905b4d
Date: Fri, 7 Nov 2014 13:27:53 +0100
905b4d
Subject: [PATCH 79/79] Revert "LDAP: Change defaults for
905b4d
 ldap_user/group_objectsid"
905b4d
MIME-Version: 1.0
905b4d
Content-Type: text/plain; charset=UTF-8
905b4d
Content-Transfer-Encoding: 8bit
905b4d
905b4d
This reverts commit f834f712548db811695ea0fd6d6b31d3bd03e2a3.
905b4d
905b4d
OpenLDAP server cannot dereference unknown attributes. The attribute objectSID
905b4d
isn't in any standard objectclass on OpenLDAP server. This is a reason why
905b4d
objectSID cannot be set by default in rfc2307 map and rfc2307bis map.
905b4d
It is the same problem as using non standard attribute "nsUniqueId"
905b4d
in ticket https://fedorahosted.org/sssd/ticket/2383
905b4d
905b4d
Reviewed-by: Michal Židek <mzidek@redhat.com>
905b4d
---
905b4d
 src/man/sssd-ldap.5.xml        | 4 ++--
905b4d
 src/providers/ldap/ldap_opts.h | 8 ++++----
905b4d
 2 files changed, 6 insertions(+), 6 deletions(-)
905b4d
905b4d
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
905b4d
index dad6f27933ced506fed7cd040e9fe91968295632..2dcf7e3f8ab5c307e0262efdebfc148c30ea3679 100644
905b4d
--- a/src/man/sssd-ldap.5.xml
905b4d
+++ b/src/man/sssd-ldap.5.xml
905b4d
@@ -360,7 +360,7 @@
905b4d
                             necessary for ActiveDirectory servers.
905b4d
                         </para>
905b4d
                         <para>
905b4d
-                            Default: ipaNTSecurityIdentifier for IPA, objectSID
905b4d
+                            Default: objectSid for ActiveDirectory, not set
905b4d
                             for other servers.
905b4d
                         </para>
905b4d
                     </listitem>
905b4d
@@ -882,7 +882,7 @@
905b4d
                             necessary for ActiveDirectory servers.
905b4d
                         </para>
905b4d
                         <para>
905b4d
-                            Default: ipaNTSecurityIdentifier for IPA, objectSID
905b4d
+                            Default: objectSid for ActiveDirectory, not set
905b4d
                             for other servers.
905b4d
                         </para>
905b4d
                     </listitem>
905b4d
diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h
905b4d
index 29d9faf99784bfc3526398488be837a2716ee11d..dedbdac0bcf647337d4c00b1fbb82d6b46be5b54 100644
905b4d
--- a/src/providers/ldap/ldap_opts.h
905b4d
+++ b/src/providers/ldap/ldap_opts.h
905b4d
@@ -156,7 +156,7 @@ struct sdap_attr_map rfc2307_user_map[] = {
905b4d
     { "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL },
905b4d
     { "ldap_user_member_of", NULL, SYSDB_MEMBEROF, NULL },
905b4d
     { "ldap_user_uuid", NULL, SYSDB_UUID, NULL },
905b4d
-    { "ldap_user_objectsid", "objectSID", SYSDB_SID, NULL },
905b4d
+    { "ldap_user_objectsid", NULL, SYSDB_SID, NULL },
905b4d
     { "ldap_user_primary_group", NULL, SYSDB_PRIMARY_GROUP, NULL },
905b4d
     { "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
905b4d
     { "ldap_user_entry_usn", NULL, SYSDB_USN, NULL },
905b4d
@@ -190,7 +190,7 @@ struct sdap_attr_map rfc2307_group_map[] = {
905b4d
     { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
905b4d
     { "ldap_group_member", "memberuid", SYSDB_MEMBER, NULL },
905b4d
     { "ldap_group_uuid", NULL, SYSDB_UUID, NULL },
905b4d
-    { "ldap_group_objectsid", "objectSID", SYSDB_SID, NULL },
905b4d
+    { "ldap_group_objectsid", NULL, SYSDB_SID, NULL },
905b4d
     { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
905b4d
     { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL },
905b4d
     { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL },
905b4d
@@ -210,7 +210,7 @@ struct sdap_attr_map rfc2307bis_user_map[] = {
905b4d
     { "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL },
905b4d
     { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL },
905b4d
     { "ldap_user_uuid", NULL, SYSDB_UUID, NULL },
905b4d
-    { "ldap_user_objectsid", "objectSID", SYSDB_SID, NULL },
905b4d
+    { "ldap_user_objectsid", NULL, SYSDB_SID, NULL },
905b4d
     { "ldap_user_primary_group", NULL, SYSDB_PRIMARY_GROUP, NULL },
905b4d
     { "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
905b4d
     { "ldap_user_entry_usn", NULL, SYSDB_USN, NULL },
905b4d
@@ -244,7 +244,7 @@ struct sdap_attr_map rfc2307bis_group_map[] = {
905b4d
     { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
905b4d
     { "ldap_group_member", "member", SYSDB_MEMBER, NULL },
905b4d
     { "ldap_group_uuid", NULL, SYSDB_UUID, NULL },
905b4d
-    { "ldap_group_objectsid", "objectSID", SYSDB_SID, NULL },
905b4d
+    { "ldap_group_objectsid", NULL, SYSDB_SID, NULL },
905b4d
     { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL },
905b4d
     { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL },
905b4d
     { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL },
905b4d
-- 
905b4d
1.9.3
905b4d