IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

adtrust: support GSSAPI authentication to LDAP as Active Directory user

Browse Source 
In case an ID override was created for an Active Directory user in the
default trust view, allow mapping the incoming GSSAPI authenticated
connection to the ID override for this user.

This allows to self-manage ID override parameters from the CLI, for
example, SSH public keys or certificates. Admins can define what can be
changed by the users via self-service permissions.

Part of https://fedorahosted.org/freeipa/ticket/2149
Part of https://fedorahosted.org/freeipa/ticket/3242

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Alexander Bokovoy 2016-06-06 11:51:05 +03:00 committed by Petr Vobornik
parent a0f953e0ff
commit b506fd178e
3 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
install/updates/20-idoverride_index.update Normal file
View File

@ -0,0 +1,19 @@
#
# Make sure ID override attributes have the correct indexing
#
dn: cn=ipaOriginalUid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: ipaOriginalUid
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only: nsIndexType: eq
only: nsIndexType: pres
dn: cn=ipaAnchorUUID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
default:cn: ipaOriginalUid
default:ObjectClass: top
default:ObjectClass: nsIndex
default:nsSystemIndex: false
only: nsIndexType: eq
only: nsIndexType: pres

8
install/updates/71-idviews-sasl-mapping.update Normal file
View File

@ -0,0 +1,8 @@
dn: cn=ID Overridden Principal,cn=mapping,cn=sasl,cn=config
default:cn: ID Overridden Principal
default:nsSaslMapBaseDNTemplate: cn=default trust view,cn=views,cn=accounts,$SUFFIX
default:nsSaslMapFilterTemplate: (&(ipaoriginaluid=\1@\2)(objectclass=ipaUserOverride))
default:nsSaslMapPriority: 20
default:nsSaslMapRegexString: \(.*\)@\(.*\)
default:objectClass: top
default:objectClass: nsSaslMapping

2
install/updates/Makefile.am
View File

@ -21,6 +21,7 @@ app_DATA = \
20-syncrepl.update \
20-user_private_groups.update \
20-winsync_index.update \
20-idoverride_index.update \
20-uuid.update \
21-replicas_container.update \
21-ca_renewal_container.update \
@ -53,6 +54,7 @@ app_DATA = \
61-trusts-s4u2proxy.update \
62-ranges.update \
71-idviews.update \
71-idviews-sasl-mapping.update \
72-domainlevels.update \
73-custodia.update \
73-winsync.update \