pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
Blob Blame History Raw
From 01ccf0deee2cfa98f76d79eb435be74efecd4626 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Mon, 22 Feb 2016 12:40:03 +0200
Subject: [PATCH] slapi-nis: update configuration to allow external members of
 IPA groups

Currently in an environment with trust to AD the compat tree does not
show AD users as members of IPA groups. The reason is that IPA groups
are read directly from the IPA DS tree and external groups are not
handled.

slapi-nis project has added support for it in 0.55, make sure we update
configuration for the group map if it exists and depend on 0.55 version.

https://fedorahosted.org/freeipa/ticket/4403

Reviewed-By: Tomas Babej <tbabej@redhat.com>
---
 freeipa.spec.in                           | 2 +-
 install/updates/50-externalmembers.update | 3 +++
 install/updates/Makefile.am               | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 install/updates/50-externalmembers.update

diff --git a/freeipa.spec.in b/freeipa.spec.in
index cd26d4ce66e320f8b8bf6aaa3e738b4c11f89aa9..17b90fc4653bd7694bf389a19d5847d7df544890 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -139,7 +139,7 @@ Requires(pre): systemd-units
 Requires(post): systemd-units
 Requires: selinux-policy >= %{selinux_policy_version}
 Requires(post): selinux-policy-base
-Requires: slapi-nis >= 0.54.2-1
+Requires: slapi-nis >= 0.55-1
 Requires: pki-ca >= 10.2.5
 Requires: pki-kra >= 10.2.5
 Requires(preun): python systemd-units
diff --git a/install/updates/50-externalmembers.update b/install/updates/50-externalmembers.update
new file mode 100644
index 0000000000000000000000000000000000000000..6b9c5dd23fac65fd5e9055b255e7c4d41e5cc66b
--- /dev/null
+++ b/install/updates/50-externalmembers.update
@@ -0,0 +1,3 @@
+dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
+addifexist: schema-compat-entry-attribute: ipaexternalmember=%deref_r("member","ipaexternalmember")
+addifexist: schema-compat-entry-attribute: objectclass=ipaexternalgroup
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index 26e4c04ed66a4a2061a3bb3ca2f4a6cd84502598..86799838c8713d04d03a69167a00ee4baa6acd6c 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -45,6 +45,7 @@ app_DATA =				\
 	50-krbenctypes.update		\
 	50-nis.update			\
 	50-ipaconfig.update		\
+	50-externalmembers.update	\
 	55-pbacmemberof.update		\
 	59-trusts-sysacount.update	\
 	60-trusts.update		\
-- 
2.5.0