mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Set the loginShell attribute on winsynced entries if configured
Fixes: https://fedorahosted.org/freeipa/ticket/266
This commit is contained in:
parent
1eb3033311
commit
b3e9cac972
@ -19,6 +19,7 @@ ipaWinSyncNewEntryFilter: (cn=ipaConfig)
|
||||
ipaWinSyncNewUserOCAttr: ipauserobjectclasses
|
||||
ipaWinSyncUserFlatten: true
|
||||
ipaWinsyncHomeDirAttr: ipaHomesRootDir
|
||||
ipaWinsyncLoginShellAttr: ipaDefaultLoginShell
|
||||
ipaWinSyncDefaultGroupAttr: ipaDefaultPrimaryGroup
|
||||
ipaWinSyncDefaultGroupFilter: (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
|
||||
ipaWinSyncAcctDisable: both
|
||||
|
@ -238,6 +238,15 @@ ipa_winsync_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_E
|
||||
goto done2;
|
||||
}
|
||||
|
||||
/* get login_shell_attr */
|
||||
if (slapi_entry_attr_find(e, IPA_WINSYNC_LOGIN_SHELL_ATTR,
|
||||
&testattr) ||
|
||||
(NULL == testattr)) {
|
||||
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
|
||||
"Warning: no value given for %s",
|
||||
IPA_WINSYNC_LOGIN_SHELL_ATTR);
|
||||
}
|
||||
|
||||
/* get default_group_attr */
|
||||
if (slapi_entry_attr_find(e, IPA_WINSYNC_DEFAULTGROUP_ATTR,
|
||||
&testattr) ||
|
||||
@ -372,6 +381,7 @@ ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
|
||||
char *new_entry_filter = NULL;
|
||||
char *new_user_oc_attr = NULL; /* don't care about groups for now */
|
||||
char *homedir_prefix_attr = NULL;
|
||||
char *login_shell_attr = NULL;
|
||||
char *default_group_attr = NULL;
|
||||
char *default_group_filter = NULL;
|
||||
char *acct_disable = NULL;
|
||||
@ -436,6 +446,15 @@ ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
|
||||
goto done3;
|
||||
}
|
||||
|
||||
/* get login_shell_attr */
|
||||
login_shell_attr = slapi_entry_attr_get_charptr(e,
|
||||
IPA_WINSYNC_LOGIN_SHELL_ATTR);
|
||||
if (!login_shell_attr) {
|
||||
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
|
||||
"Warning: no value given for %s",
|
||||
IPA_WINSYNC_LOGIN_SHELL_ATTR);
|
||||
}
|
||||
|
||||
/* get default_group_attr */
|
||||
if (!(default_group_attr = slapi_entry_attr_get_charptr(
|
||||
e, IPA_WINSYNC_DEFAULTGROUP_ATTR))) {
|
||||
@ -567,6 +586,11 @@ ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
|
||||
slapi_ch_free_string(&theConfig.homedir_prefix_attr);
|
||||
theConfig.homedir_prefix_attr = homedir_prefix_attr;
|
||||
homedir_prefix_attr = NULL;
|
||||
if (login_shell_attr) {
|
||||
slapi_ch_free_string(&theConfig.login_shell_attr);
|
||||
theConfig.login_shell_attr = login_shell_attr;
|
||||
login_shell_attr = NULL;
|
||||
}
|
||||
slapi_ch_free_string(&theConfig.default_group_attr);
|
||||
theConfig.default_group_attr = default_group_attr;
|
||||
default_group_attr = NULL;
|
||||
@ -594,6 +618,7 @@ done3:
|
||||
slapi_ch_free_string(&new_entry_filter);
|
||||
slapi_ch_free_string(&new_user_oc_attr);
|
||||
slapi_ch_free_string(&homedir_prefix_attr);
|
||||
slapi_ch_free_string(&login_shell_attr);
|
||||
slapi_ch_free_string(&default_group_attr);
|
||||
slapi_ch_free_string(&default_group_filter);
|
||||
slapi_ch_array_free(attrsvals);
|
||||
@ -636,6 +661,7 @@ ipa_winsync_config_destroy_domain(
|
||||
iwdc->domain_e = NULL;
|
||||
slapi_ch_free_string(&iwdc->realm_name);
|
||||
slapi_ch_free_string(&iwdc->homedir_prefix);
|
||||
slapi_ch_free_string(&iwdc->login_shell);
|
||||
slapi_ch_free_string(&iwdc->inactivated_group_dn);
|
||||
slapi_ch_free_string(&iwdc->activated_group_dn);
|
||||
slapi_ch_free((void **)&iwdc);
|
||||
@ -752,6 +778,7 @@ ipa_winsync_config_refresh_domain(
|
||||
char *new_entry_filter = NULL;
|
||||
char *new_user_oc_attr = NULL; /* don't care about groups for now */
|
||||
char *homedir_prefix_attr = NULL;
|
||||
char *login_shell_attr = NULL;
|
||||
char *default_group_attr = NULL;
|
||||
char *default_group_filter = NULL;
|
||||
char *default_group_name = NULL;
|
||||
@ -774,6 +801,9 @@ ipa_winsync_config_refresh_domain(
|
||||
new_entry_filter = slapi_ch_strdup(theConfig.new_entry_filter);
|
||||
new_user_oc_attr = slapi_ch_strdup(theConfig.new_user_oc_attr);
|
||||
homedir_prefix_attr = slapi_ch_strdup(theConfig.homedir_prefix_attr);
|
||||
if (theConfig.login_shell_attr) {
|
||||
login_shell_attr = slapi_ch_strdup(theConfig.login_shell_attr);
|
||||
}
|
||||
default_group_attr = slapi_ch_strdup(theConfig.default_group_attr);
|
||||
default_group_filter = slapi_ch_strdup(theConfig.default_group_filter);
|
||||
acct_disable = theConfig.acct_disable;
|
||||
@ -840,6 +870,27 @@ ipa_winsync_config_refresh_domain(
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* get the login shell value */
|
||||
/* note - this is in the same entry as the new entry template, so
|
||||
use the same filter */
|
||||
slapi_ch_free_string(&iwdc->login_shell);
|
||||
if (login_shell_attr) {
|
||||
ret = internal_find_entry_get_attr_val(config_dn, search_scope,
|
||||
new_entry_filter,
|
||||
login_shell_attr,
|
||||
NULL, &iwdc->login_shell);
|
||||
if (!iwdc->login_shell) {
|
||||
LOG("Warning: could not find the entry containing the login shell "
|
||||
"attribute for ds subtree [%s] filter [%s] attr [%s]\n",
|
||||
slapi_sdn_get_dn(ds_subtree), new_entry_filter,
|
||||
login_shell_attr);
|
||||
}
|
||||
}
|
||||
if (!iwdc->login_shell) {
|
||||
/* could not find the login shell or was not configured */
|
||||
LOG("Warning: no login shell configured!");
|
||||
}
|
||||
|
||||
/* find the default group - the entry above contains the group name, but
|
||||
we need the gidNumber for posixAccount - so first find the entry
|
||||
and attr value which has the group name, then lookup the group
|
||||
@ -939,6 +990,7 @@ out:
|
||||
slapi_ch_free_string(&new_entry_filter);
|
||||
slapi_ch_free_string(&new_user_oc_attr);
|
||||
slapi_ch_free_string(&homedir_prefix_attr);
|
||||
slapi_ch_free_string(&login_shell_attr);
|
||||
slapi_ch_free_string(&default_group_attr);
|
||||
slapi_ch_free_string(&default_group_filter);
|
||||
slapi_ch_free_string(&default_group_name);
|
||||
@ -952,6 +1004,7 @@ out:
|
||||
if (LDAP_SUCCESS != ret) {
|
||||
slapi_ch_free_string(&iwdc->realm_name);
|
||||
slapi_ch_free_string(&iwdc->homedir_prefix);
|
||||
slapi_ch_free_string(&iwdc->login_shell);
|
||||
slapi_entry_free(iwdc->domain_e);
|
||||
iwdc->domain_e = NULL;
|
||||
}
|
||||
|
@ -350,6 +350,12 @@ ipa_winsync_pre_ds_add_user_cb(void *cbdata, const Slapi_Entry *rawentry,
|
||||
}
|
||||
}
|
||||
|
||||
/* add a loginShell if we have a default */
|
||||
if (ipaconfig->login_shell) {
|
||||
slapi_entry_attr_set_charptr(ds_entry, "loginShell",
|
||||
ipaconfig->login_shell);
|
||||
}
|
||||
|
||||
sync_acct_disable(cbdata, rawentry, ds_entry, ACCT_DISABLE_TO_DS,
|
||||
ds_entry, NULL, NULL);
|
||||
LOG("<-- ipa_winsync_pre_ds_add_user_cb -- end\n");
|
||||
|
@ -68,6 +68,7 @@ typedef struct ipa_winsync_config_struct {
|
||||
char *new_entry_filter;
|
||||
char *new_user_oc_attr; /* don't care about groups for now */
|
||||
char *homedir_prefix_attr;
|
||||
char *login_shell_attr;
|
||||
char *default_group_attr;
|
||||
char *default_group_filter;
|
||||
int acct_disable; /* see below for possible values */
|
||||
@ -84,6 +85,7 @@ typedef struct ipa_winsync_domain_config {
|
||||
Slapi_Entry *domain_e; /* info is stored in this entry */
|
||||
char *realm_name; /* realm name */
|
||||
char *homedir_prefix;
|
||||
char *login_shell;
|
||||
char *inactivated_group_dn; /* DN of inactivated group */
|
||||
char *activated_group_dn; /* DN of activated group */
|
||||
} IPA_WinSync_Domain_Config;
|
||||
@ -124,7 +126,10 @@ void ipa_winsync_config_destroy_domain(void *cbdata, const Slapi_DN *ds_subtree,
|
||||
#define IPA_WINSYNC_NEW_USER_ATTRS_VALS "ipaWinSyncUserAttr"
|
||||
/* name of attribute holding the name of the attribute which
|
||||
has the homeDirectory prefix - suffix is the uid */
|
||||
#define IPA_WINSYNC_HOMEDIR_PREFIX_ATTR "ipaWinsyncHomeDirAttr"
|
||||
#define IPA_WINSYNC_HOMEDIR_PREFIX_ATTR "ipaWinSyncHomeDirAttr"
|
||||
/* name of attribute holding the name of the attribute which
|
||||
has the loginShell value */
|
||||
#define IPA_WINSYNC_LOGIN_SHELL_ATTR "ipaWinSyncLoginShellAttr"
|
||||
/* name of attribute holding the name of the attribute which is
|
||||
used to get the default posix gidNumber */
|
||||
#define IPA_WINSYNC_DEFAULTGROUP_ATTR "ipaWinSyncDefaultGroupAttr"
|
||||
|
Loading…
Reference in New Issue
Block a user