IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-26 00:41:25 -06:00
Code Issues Packages Projects Releases Wiki Activity
75882516c4
freeipa/daemons/ipa-sam
History
Alexander Bokovoy 75882516c4 ipasam: allow search of users by user principal name (UPN) 
lookup_name() in Samba may call PASSDB API to search by a UPN (e.g.
username@suffix). Support this call by detecting '@' in the passed name
and setting up filter to be

  (&(objectClass=ipaNTUserAttrs)(objectClass=krbPrincipalAux)(krbPrincipalName:caseIgnoreIA5Match:=%s))

instead of

  (&(objectClass=ipaNTUserAttrs)(uid=%s))

The result of the search would still contain a proper user entry as we
always have krbPrincipalName in LDAP entries of IPA users. Note that the
match must be case-insensitive because otherwise krbPrincipalName is
matched with exact case in the schema. We use the same matching override
in KDB driver already.

Fixes: https://pagure.io/freeipa/issue/8661
Signed-of-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-01-22 12:21:33 -05:00
..
ipa_sam.c ipasam: allow search of users by user principal name (UPN) 2021-01-22 12:21:33 -05:00
ipa_sam.h Migrate from #ifndef guards to #pragma once 2016-05-29 14:04:45 +02:00
Makefile.am Use /run and /run/lock instead of /var 2020-04-15 18:48:50 +02:00
README Add ipasam samba passdb backend 2011-12-06 08:29:53 -05:00

README 

This is the ipa samba passdb backend.