>From 88f2e35b3ef9cbf0655093d80c297ada0da47e09 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 25 Sep 2013 23:05:48 +0200
Subject: [PATCH 4/5] AD: Add new option map ad_2008r2_sfu_user_map

Resolves: https://fedorahosted.org/sssd/ticket/2070

By default, the Active Directory SFU configures different attributes for
POSIX memberships that the ones used when ID mapping. This patch adds a
new map that is autoselected when the AD provider is configured not to
perform ID mapping.
---
 src/providers/ad/ad_common.c  | 12 ++++++++--
 src/providers/ad/ad_opts.h    | 52 +++++++++++++++++++++++++++++++++++++++++++
 src/tests/ad_ldap_opt-tests.c | 10 +++++++++
 3 files changed, 72 insertions(+), 2 deletions(-)

diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
index 700ac033f42ac700b4e255a74350d774a3340358..1849549726fda3fa7eb62c752738d0a833f866b2 100644
--- a/src/providers/ad/ad_common.c
+++ b/src/providers/ad/ad_common.c
@@ -164,6 +164,7 @@ ad_create_sdap_options(TALLOC_CTX *mem_ctx,
 {
     struct sdap_options *id_opts;
     errno_t ret;
+    struct sdap_attr_map *user_map, *group_map;
 
     id_opts = talloc_zero(mem_ctx, struct sdap_options);
     if (!id_opts) {
@@ -180,6 +181,13 @@ ad_create_sdap_options(TALLOC_CTX *mem_ctx,
     }
 
     /* Get sdap option maps */
+    if (dp_opt_get_bool(id_opts->basic, SDAP_ID_MAPPING)) {
+        user_map = ad_2008r2_user_map;
+        group_map = ad_2008r2_group_map;
+    } else {
+        user_map = ad_2008r2_sfu_user_map;
+        group_map = ad_2008r2_sfu_group_map;
+    }
 
     /* General Attribute Map */
     ret = sdap_get_map(id_opts,
@@ -194,7 +202,7 @@ ad_create_sdap_options(TALLOC_CTX *mem_ctx,
     /* User map */
     ret = sdap_get_map(id_opts,
                        cdb, conf_path,
-                       ad_2008r2_user_map,
+                       user_map,
                        SDAP_OPTS_USER,
                        &id_opts->user_map);
     if (ret != EOK) {
@@ -204,7 +212,7 @@ ad_create_sdap_options(TALLOC_CTX *mem_ctx,
     /* Group map */
     ret = sdap_get_map(id_opts,
                        cdb, conf_path,
-                       ad_2008r2_group_map,
+                       group_map,
                        SDAP_OPTS_GROUP,
                        &id_opts->group_map);
     if (ret != EOK) {
diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h
index f3b6cd61632601ec92a408a6a73cff6446fd48bf..f3c3c9cc3c3037fe2a41602893151b81a9664147 100644
--- a/src/providers/ad/ad_opts.h
+++ b/src/providers/ad/ad_opts.h
@@ -210,6 +210,58 @@ struct sdap_attr_map ad_2008r2_group_map[] = {
     SDAP_ATTR_MAP_TERMINATOR
 };
 
+struct sdap_attr_map ad_2008r2_sfu_user_map[] = {
+    { "ldap_user_object_class", "user", SYSDB_USER_CLASS, NULL },
+    { "ldap_user_name", "msSFU30Name", SYSDB_NAME, NULL },
+    { "ldap_user_pwd", "unixUserPassword", SYSDB_PWD, NULL },
+    { "ldap_user_uid_number", "uidNumber", SYSDB_UIDNUM, NULL },
+    { "ldap_user_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
+    { "ldap_user_gecos", "gecos", SYSDB_GECOS, NULL },
+    { "ldap_user_home_directory", "unixHomeDirectory", SYSDB_HOMEDIR, NULL },
+    { "ldap_user_shell", "loginShell", SYSDB_SHELL, NULL },
+    { "ldap_user_principal", "userPrincipalName", SYSDB_UPN, NULL },
+    { "ldap_user_fullname", "name", SYSDB_FULLNAME, NULL },
+    { "ldap_user_member_of", "msSFU30PosixMemberOf", SYSDB_MEMBEROF, NULL },
+    { "ldap_user_uuid", "objectGUID", SYSDB_UUID, NULL },
+    { "ldap_user_objectsid", "objectSID", SYSDB_SID, NULL },
+    { "ldap_user_primary_group", "primaryGroupID", SYSDB_PRIMARY_GROUP, NULL },
+    { "ldap_user_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL },
+    { "ldap_user_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL },
+    { "ldap_user_shadow_last_change", NULL, SYSDB_SHADOWPW_LASTCHANGE, NULL },
+    { "ldap_user_shadow_min", NULL, SYSDB_SHADOWPW_MIN, NULL },
+    { "ldap_user_shadow_max", NULL, SYSDB_SHADOWPW_MAX, NULL },
+    { "ldap_user_shadow_warning", NULL, SYSDB_SHADOWPW_WARNING, NULL },
+    { "ldap_user_shadow_inactive", NULL, SYSDB_SHADOWPW_INACTIVE, NULL },
+    { "ldap_user_shadow_expire", NULL, SYSDB_SHADOWPW_EXPIRE, NULL },
+    { "ldap_user_shadow_flag", NULL, SYSDB_SHADOWPW_FLAG, NULL },
+    { "ldap_user_krb_last_pwd_change", NULL, SYSDB_KRBPW_LASTCHANGE, NULL },
+    { "ldap_user_krb_password_expiration", NULL, SYSDB_KRBPW_EXPIRATION, NULL },
+    { "ldap_pwd_attribute", NULL, SYSDB_PWD_ATTRIBUTE, NULL },
+    { "ldap_user_authorized_service", NULL, SYSDB_AUTHORIZED_SERVICE, NULL },
+    { "ldap_user_ad_account_expires", "accountExpires", SYSDB_AD_ACCOUNT_EXPIRES, NULL},
+    { "ldap_user_ad_user_account_control", "userAccountControl", SYSDB_AD_USER_ACCOUNT_CONTROL, NULL},
+    { "ldap_ns_account_lock", NULL, SYSDB_NS_ACCOUNT_LOCK, NULL},
+    { "ldap_user_authorized_host", NULL, SYSDB_AUTHORIZED_HOST, NULL },
+    { "ldap_user_nds_login_disabled", NULL, SYSDB_NDS_LOGIN_DISABLED, NULL },
+    { "ldap_user_nds_login_expiration_time", NULL, SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL },
+    { "ldap_user_nds_login_allowed_time_map", NULL, SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL },
+    { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL },
+    SDAP_ATTR_MAP_TERMINATOR
+};
+
+struct sdap_attr_map ad_2008r2_sfu_group_map[] = {
+    { "ldap_group_object_class", "group", SYSDB_GROUP_CLASS, NULL },
+    { "ldap_group_name", "msSFU30Name", SYSDB_NAME, NULL },
+    { "ldap_group_pwd", NULL, SYSDB_PWD, NULL },
+    { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
+    { "ldap_group_member", "msSFU30PosixMember", SYSDB_MEMBER, NULL },
+    { "ldap_group_uuid", "objectGUID", SYSDB_UUID, NULL },
+    { "ldap_group_objectsid", "objectSID", SYSDB_SID, NULL },
+    { "ldap_group_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL },
+    { "ldap_group_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL },
+    SDAP_ATTR_MAP_TERMINATOR
+};
+
 struct sdap_attr_map ad_netgroup_map[] = {
     { "ldap_netgroup_object_class", "nisNetgroup", SYSDB_NETGROUP_CLASS, NULL },
     { "ldap_netgroup_name", "cn", SYSDB_NAME, NULL },
diff --git a/src/tests/ad_ldap_opt-tests.c b/src/tests/ad_ldap_opt-tests.c
index e9ce9d02bd10eb9c8abb8dd3f33b2853e699be22..61b9c549e7ddad24c1f9e58b447c46e55572db6a 100644
--- a/src/tests/ad_ldap_opt-tests.c
+++ b/src/tests/ad_ldap_opt-tests.c
@@ -63,11 +63,21 @@ START_TEST(test_compare_sdap_attrs)
                                  ad_2008r2_user_map);
     fail_unless(ret == EOK, "[%s]", strerror(ret));
 
+    /* User Attributes - SFU */
+    ret = compare_sdap_attr_maps(rfc2307_user_map, SDAP_OPTS_USER,
+                                 ad_2008r2_sfu_user_map);
+    fail_unless(ret == EOK, "[%s]", strerror(ret));
+
     /* Group Attributes */
     ret = compare_sdap_attr_maps(rfc2307_group_map, SDAP_OPTS_GROUP,
                                  ad_2008r2_group_map);
     fail_unless(ret == EOK, "[%s]", strerror(ret));
 
+    /* Group Attributes - SFU */
+    ret = compare_sdap_attr_maps(rfc2307_group_map, SDAP_OPTS_GROUP,
+                                 ad_2008r2_sfu_group_map);
+    fail_unless(ret == EOK, "[%s]", strerror(ret));
+
     /* Netgroup Attributes */
     ret = compare_sdap_attr_maps(netgroup_map, SDAP_OPTS_NETGROUP,
                                  ad_netgroup_map);
-- 
1.8.3.1