|
|
f441eb |
From 408880a11879b1a57a450e25c77ef2e310bdffd5 Mon Sep 17 00:00:00 2001
|
|
|
f441eb |
From: Sumit Bose <sbose@redhat.com>
|
|
|
f441eb |
Date: Mon, 18 Mar 2019 16:45:54 +0100
|
|
|
f441eb |
Subject: [PATCH 2/2] create-user: try to find NIS domain if needed
|
|
|
f441eb |
|
|
|
f441eb |
Related to https://gitlab.freedesktop.org/realmd/adcli/issues/2
|
|
|
f441eb |
---
|
|
|
f441eb |
doc/adcli.xml | 4 +++-
|
|
|
f441eb |
library/adentry.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
|
|
|
f441eb |
library/adentry.h | 2 ++
|
|
|
f441eb |
tools/entry.c | 16 ++++++++++++++++
|
|
|
f441eb |
4 files changed, 65 insertions(+), 1 deletion(-)
|
|
|
f441eb |
|
|
|
f441eb |
diff --git a/doc/adcli.xml b/doc/adcli.xml
|
|
|
f441eb |
index 18620c0..af73433 100644
|
|
|
f441eb |
--- a/doc/adcli.xml
|
|
|
f441eb |
+++ b/doc/adcli.xml
|
|
|
f441eb |
@@ -537,7 +537,9 @@ $ adcli create-user Fry --domain=domain.example.com \
|
|
|
f441eb |
the new created user account, which should be the user's
|
|
|
f441eb |
NIS domain is the NIS/YP service of Active Directory's Services for Unix (SFU)
|
|
|
f441eb |
are used. This is needed to let the 'UNIX attributes' tab of older Active
|
|
|
f441eb |
- Directoy versions show the set UNIX specific attributes.</para></listitem>
|
|
|
f441eb |
+ Directoy versions show the set UNIX specific attributes. If not specified
|
|
|
f441eb |
+ adcli will try to determine the NIS domain automatically if needed.
|
|
|
f441eb |
+ </para></listitem>
|
|
|
f441eb |
</varlistentry>
|
|
|
f441eb |
</variablelist>
|
|
|
f441eb |
|
|
|
f441eb |
diff --git a/library/adentry.c b/library/adentry.c
|
|
|
f441eb |
index 9b9e1c6..1cc0518 100644
|
|
|
f441eb |
--- a/library/adentry.c
|
|
|
f441eb |
+++ b/library/adentry.c
|
|
|
f441eb |
@@ -484,3 +484,47 @@ adcli_entry_new_group (adcli_conn *conn,
|
|
|
f441eb |
return_val_if_fail (sam_name != NULL, NULL);
|
|
|
f441eb |
return entry_new (conn, "group", group_entry_builder, sam_name);
|
|
|
f441eb |
}
|
|
|
f441eb |
+
|
|
|
f441eb |
+adcli_result
|
|
|
f441eb |
+adcli_get_nis_domain (adcli_entry *entry,
|
|
|
f441eb |
+ adcli_attrs *attrs)
|
|
|
f441eb |
+{
|
|
|
f441eb |
+ LDAP *ldap;
|
|
|
f441eb |
+ const char *ldap_attrs[] = { "cn", NULL };
|
|
|
f441eb |
+ LDAPMessage *results;
|
|
|
f441eb |
+ LDAPMessage *ldap_entry;
|
|
|
f441eb |
+ char *base;
|
|
|
f441eb |
+ const char *filter = "objectClass=msSFU30DomainInfo";
|
|
|
f441eb |
+ char *cn;
|
|
|
f441eb |
+ int ret;
|
|
|
f441eb |
+
|
|
|
f441eb |
+ ldap = adcli_conn_get_ldap_connection (entry->conn);
|
|
|
f441eb |
+ return_unexpected_if_fail (ldap != NULL);
|
|
|
f441eb |
+
|
|
|
f441eb |
+ if (asprintf (&base, "CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,%s",
|
|
|
f441eb |
+ adcli_conn_get_default_naming_context (entry->conn)) < 0) {
|
|
|
f441eb |
+ return_unexpected_if_reached ();
|
|
|
f441eb |
+ }
|
|
|
f441eb |
+
|
|
|
f441eb |
+ ret = ldap_search_ext_s (ldap, base, LDAP_SCOPE_SUB, filter, (char **)ldap_attrs,
|
|
|
f441eb |
+ 0, NULL, NULL, NULL, -1, &results);
|
|
|
f441eb |
+
|
|
|
f441eb |
+ free (base);
|
|
|
f441eb |
+
|
|
|
f441eb |
+ if (ret != LDAP_SUCCESS) {
|
|
|
f441eb |
+ /* No NIS domain available */
|
|
|
f441eb |
+ ldap_msgfree (results);
|
|
|
f441eb |
+ return ADCLI_SUCCESS;
|
|
|
f441eb |
+ }
|
|
|
f441eb |
+
|
|
|
f441eb |
+ ldap_entry = ldap_first_entry (ldap, results);
|
|
|
f441eb |
+ if (ldap_entry != NULL) {
|
|
|
f441eb |
+ cn = _adcli_ldap_parse_value (ldap, ldap_entry, "cn");
|
|
|
f441eb |
+ return_unexpected_if_fail (cn != NULL);
|
|
|
f441eb |
+
|
|
|
f441eb |
+ adcli_attrs_add (attrs, "msSFU30NisDomain", cn, NULL);
|
|
|
f441eb |
+ }
|
|
|
f441eb |
+ ldap_msgfree (results);
|
|
|
f441eb |
+
|
|
|
f441eb |
+ return ADCLI_SUCCESS;
|
|
|
f441eb |
+}
|
|
|
f441eb |
diff --git a/library/adentry.h b/library/adentry.h
|
|
|
f441eb |
index eb8bc00..ae90689 100644
|
|
|
f441eb |
--- a/library/adentry.h
|
|
|
f441eb |
+++ b/library/adentry.h
|
|
|
f441eb |
@@ -58,4 +58,6 @@ const char * adcli_entry_get_sam_name (adcli_entry *entry);
|
|
|
f441eb |
|
|
|
f441eb |
const char * adcli_entry_get_dn (adcli_entry *entry);
|
|
|
f441eb |
|
|
|
f441eb |
+adcli_result adcli_get_nis_domain (adcli_entry *entry,
|
|
|
f441eb |
+ adcli_attrs *attrs);
|
|
|
f441eb |
#endif /* ADENTRY_H_ */
|
|
|
f441eb |
diff --git a/tools/entry.c b/tools/entry.c
|
|
|
f441eb |
index 69ce62c..de56586 100644
|
|
|
f441eb |
--- a/tools/entry.c
|
|
|
f441eb |
+++ b/tools/entry.c
|
|
|
f441eb |
@@ -153,6 +153,8 @@ adcli_tool_user_create (adcli_conn *conn,
|
|
|
f441eb |
adcli_attrs *attrs;
|
|
|
f441eb |
const char *ou = NULL;
|
|
|
f441eb |
int opt;
|
|
|
f441eb |
+ bool has_unix_attr = false;
|
|
|
f441eb |
+ bool has_nis_domain = false;
|
|
|
f441eb |
|
|
|
f441eb |
struct option options[] = {
|
|
|
f441eb |
{ "display-name", required_argument, NULL, opt_display_name },
|
|
|
f441eb |
@@ -193,18 +195,23 @@ adcli_tool_user_create (adcli_conn *conn,
|
|
|
f441eb |
break;
|
|
|
f441eb |
case opt_unix_home:
|
|
|
f441eb |
adcli_attrs_add (attrs, "unixHomeDirectory", optarg, NULL);
|
|
|
f441eb |
+ has_unix_attr = true;
|
|
|
f441eb |
break;
|
|
|
f441eb |
case opt_unix_uid:
|
|
|
f441eb |
adcli_attrs_add (attrs, "uidNumber", optarg, NULL);
|
|
|
f441eb |
+ has_unix_attr = true;
|
|
|
f441eb |
break;
|
|
|
f441eb |
case opt_unix_gid:
|
|
|
f441eb |
adcli_attrs_add (attrs, "gidNumber", optarg, NULL);
|
|
|
f441eb |
+ has_unix_attr = true;
|
|
|
f441eb |
break;
|
|
|
f441eb |
case opt_unix_shell:
|
|
|
f441eb |
adcli_attrs_add (attrs, "loginShell", optarg, NULL);
|
|
|
f441eb |
+ has_unix_attr = true;
|
|
|
f441eb |
break;
|
|
|
f441eb |
case opt_nis_domain:
|
|
|
f441eb |
adcli_attrs_add (attrs, "msSFU30NisDomain", optarg, NULL);
|
|
|
f441eb |
+ has_nis_domain = true;
|
|
|
f441eb |
break;
|
|
|
f441eb |
case opt_domain_ou:
|
|
|
f441eb |
ou = optarg;
|
|
|
f441eb |
@@ -242,6 +249,15 @@ adcli_tool_user_create (adcli_conn *conn,
|
|
|
f441eb |
adcli_get_last_error ());
|
|
|
f441eb |
}
|
|
|
f441eb |
|
|
|
f441eb |
+ if (has_unix_attr && !has_nis_domain) {
|
|
|
f441eb |
+ res = adcli_get_nis_domain (entry, attrs);
|
|
|
f441eb |
+ if (res != ADCLI_SUCCESS) {
|
|
|
f441eb |
+ adcli_entry_unref (entry);
|
|
|
f441eb |
+ adcli_attrs_free (attrs);
|
|
|
f441eb |
+ errx (-res, "couldn't get NIS domain");
|
|
|
f441eb |
+ }
|
|
|
f441eb |
+ }
|
|
|
f441eb |
+
|
|
|
f441eb |
res = adcli_entry_create (entry, attrs);
|
|
|
f441eb |
if (res != ADCLI_SUCCESS) {
|
|
|
f441eb |
errx (-res, "creating user %s in domain %s failed: %s",
|
|
|
f441eb |
--
|
|
|
f441eb |
2.20.1
|
|
|
f441eb |
|