From b493cee9976b8dd62bea3d8f09b88ce809a40980 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Thu, 19 Nov 2015 10:40:39 +0100 Subject: [PATCH] LDAP: Change the default rfc2307 autofs attribute mappings Resolves: https://fedorahosted.org/sssd/ticket/2858 The default attribute mappings we used to have: ldap_autofs_map_object_class automountMap ldap_autofs_map_name ou ldap_autofs_entry_object_class automount ldap_autofs_entry_key cn ldap_autofs_entry_value automountInformation Was wrong. Instead, this patch switches to: ldap_autofs_map_object_class nisMap ldap_autofs_map_name nisMapName ldap_autofs_entry_object_class nisObject ldap_autofs_entry_key cn ldap_autofs_entry_value nisMapEntry Which are attributes that are available with servers running the default rfc2307 schema. In addition, this patch adds a syslog and DEBUG message that warns administrators to double-check their configuration. We don't warn when the autofs provider is set to AD, because that one is already correct. --- src/man/sssd-ldap.5.xml | 17 ++++---- src/providers/ldap/ldap_common.h | 6 +++ src/providers/ldap/ldap_options.c | 83 ++++++++++++++++++++++++++++++++++++++- src/providers/ldap/ldap_opts.c | 8 ++-- src/providers/ldap/sdap_autofs.c | 17 ++++++++ 5 files changed, 119 insertions(+), 12 deletions(-) diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index a30100408c6e77f9156878cb6ff63dfbf7b041d1..118d096a358b11a25b3389b86f72b4c674adb7b8 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -2505,7 +2505,8 @@ ldap_access_filter = (employeeType=admin) The object class of an automount map entry in LDAP. - Default: automountMap + Default: nisMap (rfc2307, ad), automountMap + (rfc2307bis, ipa) @@ -2518,8 +2519,8 @@ ldap_access_filter = (employeeType=admin) The name of an automount map entry in LDAP. - Default: ou (rfc2307), automountMapName - (rfc2307bis, ipa, ad) + Default: nisMapName (rfc2307, ad), automountMapName + (rfc2307bis, ipa) @@ -2534,7 +2535,8 @@ ldap_access_filter = (employeeType=admin) point. - Default: automount + Default: nisObject (rfc2307, ad), automount + (rfc2307bis, ipa) @@ -2548,8 +2550,8 @@ ldap_access_filter = (employeeType=admin) entry usually corresponds to a mount point. - Default: cn (rfc2307), automountKey (rfc2307bis, - ipa, ad) + Default: cn (rfc2307, ad), automountKey + (rfc2307bis, ipa) @@ -2563,7 +2565,8 @@ ldap_access_filter = (employeeType=admin) entry usually corresponds to a mount point. - Default: automountInformation + Default: nisMapEntry (rfc2307, ad), + automountInformation (rfc2307bis, ipa) diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index b39f6789275cf49dd69068ae3de0628b582e4cc5..f51fd36247fb38257643d20354737aa37cfcb3f7 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -207,6 +207,12 @@ int ldap_get_autofs_options(TALLOC_CTX *memctx, const char *conf_path, struct sdap_options *opts); +/* Returns true if LDAP provider runs with autofs default + * mappings. See upstream ticket #2858. + */ +bool ldap_ad_autofs_schema_defaults(struct confdb_ctx *cdb, + const char *conf_path); + /* Calling ldap_setup_enumeration will set up a periodic task * that would periodically call send_fn/recv_fn request. The * send_fn's pvt parameter will be a pointer to ldap_enum_ctx diff --git a/src/providers/ldap/ldap_options.c b/src/providers/ldap/ldap_options.c index 1180925d67a415c2f84c1b4f2fd067da3d6eec84..5ce30bd06e963a0cc47f3f6682185618db06b662 100644 --- a/src/providers/ldap/ldap_options.c +++ b/src/providers/ldap/ldap_options.c @@ -406,6 +406,73 @@ int ldap_get_sudo_options(struct confdb_ctx *cdb, return EOK; } +static bool has_defaults(struct confdb_ctx *cdb, + const char *conf_path, + const char *attrs[]) +{ + errno_t ret; + TALLOC_CTX *tmp_ctx; + char *val; + bool found_default = false; + tmp_ctx = talloc_new(NULL); + + if (tmp_ctx == NULL) { + return false; + } + + for (size_t i = 0; attrs[i] != NULL; i++) { + ret = confdb_get_string(cdb, tmp_ctx, conf_path, + attrs[i], NULL, &val); + if (ret != EOK) { + continue; + } + + if (val == NULL) { + found_default = true; + break; + } + } + + talloc_free(tmp_ctx); + return found_default; +} + +/* Return true if rfc2307 schema is used and all autofs options use + * defaults. Should be removed in future, see + * https://fedorahosted.org/sssd/ticket/2858 + */ +static bool ldap_rfc2307_autofs_defaults(struct confdb_ctx *cdb, + const char *conf_path) +{ + const char *attrs[] = { + rfc2307_autofs_entry_map[SDAP_OC_AUTOFS_ENTRY].opt_name, + /* SDAP_AT_AUTOFS_ENTRY_KEY missing on purpose, its value was + * the same between the wrong and correct schema + */ + rfc2307_autofs_entry_map[SDAP_AT_AUTOFS_ENTRY_VALUE].opt_name, + rfc2307_autofs_mobject_map[SDAP_OC_AUTOFS_MAP].opt_name, + rfc2307_autofs_mobject_map[SDAP_AT_AUTOFS_MAP_NAME].opt_name, + NULL, + }; + + return has_defaults(cdb, conf_path, attrs); +} + +bool ldap_ad_autofs_schema_defaults(struct confdb_ctx *cdb, + const char *conf_path) +{ + const char *attrs[] = { + rfc2307_autofs_entry_map[SDAP_OC_AUTOFS_ENTRY].opt_name, + rfc2307_autofs_entry_map[SDAP_AT_AUTOFS_ENTRY_KEY].opt_name, + rfc2307_autofs_entry_map[SDAP_AT_AUTOFS_ENTRY_VALUE].opt_name, + rfc2307_autofs_mobject_map[SDAP_OC_AUTOFS_MAP].opt_name, + rfc2307_autofs_mobject_map[SDAP_AT_AUTOFS_MAP_NAME].opt_name, + NULL, + }; + + return has_defaults(cdb, conf_path, attrs); +} + int ldap_get_autofs_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, @@ -438,6 +505,20 @@ int ldap_get_autofs_options(TALLOC_CTX *memctx, "connecting to the LDAP server.\n"); } + if (opts->schema_type == SDAP_SCHEMA_RFC2307 && + ldap_rfc2307_autofs_defaults(cdb, conf_path) == true) { + DEBUG(SSSDBG_IMPORTANT_INFO, + "Your configuration uses the autofs provider " + "with schema set to rfc2307 and default attribute mappings. " + "The default map has changed in this release, please make " + "sure the configuration matches the server attributes."); + sss_log(SSS_LOG_NOTICE, + _("Your configuration uses the autofs provider " + "with schema set to rfc2307 and default attribute mappings. " + "The default map has changed in this release, please make " + "sure the configuration matches the server attributes.")); + } + ret = sdap_parse_search_base(opts, opts->basic, SDAP_AUTOFS_SEARCH_BASE, &opts->sdom->autofs_search_bases); @@ -448,13 +529,13 @@ int ldap_get_autofs_options(TALLOC_CTX *memctx, /* attribute maps */ switch (opts->schema_type) { + case SDAP_SCHEMA_AD: case SDAP_SCHEMA_RFC2307: default_mobject_map = rfc2307_autofs_mobject_map; default_entry_map = rfc2307_autofs_entry_map; break; case SDAP_SCHEMA_RFC2307BIS: case SDAP_SCHEMA_IPA_V1: - case SDAP_SCHEMA_AD: default_mobject_map = rfc2307bis_autofs_mobject_map; default_entry_map = rfc2307bis_autofs_entry_map; break; diff --git a/src/providers/ldap/ldap_opts.c b/src/providers/ldap/ldap_opts.c index ff9bf0d8b6d4a8f677e08219e5105e3750b7a4a8..524579d4fcd478f20678bebf2c3ce18f61ed0cb9 100644 --- a/src/providers/ldap/ldap_opts.c +++ b/src/providers/ldap/ldap_opts.c @@ -349,15 +349,15 @@ struct sdap_attr_map service_map[] = { }; struct sdap_attr_map rfc2307_autofs_mobject_map[] = { - { "ldap_autofs_map_object_class", "automountMap", SYSDB_AUTOFS_MAP_OC, NULL }, - { "ldap_autofs_map_name", "ou", SYSDB_AUTOFS_MAP_NAME, NULL }, + { "ldap_autofs_map_object_class", "nisMap", SYSDB_AUTOFS_MAP_OC, NULL }, + { "ldap_autofs_map_name", "nisMapName", SYSDB_AUTOFS_MAP_NAME, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map rfc2307_autofs_entry_map[] = { - { "ldap_autofs_entry_object_class", "automount", SYSDB_AUTOFS_ENTRY_OC, NULL }, + { "ldap_autofs_entry_object_class", "nisObject", SYSDB_AUTOFS_ENTRY_OC, NULL }, { "ldap_autofs_entry_key", "cn", SYSDB_AUTOFS_ENTRY_KEY, NULL }, - { "ldap_autofs_entry_value", "automountInformation", SYSDB_AUTOFS_ENTRY_VALUE, NULL }, + { "ldap_autofs_entry_value", "nisMapEntry", SYSDB_AUTOFS_ENTRY_VALUE, NULL }, SDAP_ATTR_MAP_TERMINATOR }; diff --git a/src/providers/ldap/sdap_autofs.c b/src/providers/ldap/sdap_autofs.c index c02c04d5ca5addbfd1552176cac5f74fdd592503..db41b650ddcda99e6c221e856c259fcc43a10436 100644 --- a/src/providers/ldap/sdap_autofs.c +++ b/src/providers/ldap/sdap_autofs.c @@ -313,6 +313,23 @@ errno_t sdap_autofs_init(TALLOC_CTX *mem_ctx, return ret; } + if (id_ctx->opts->schema_type == SDAP_SCHEMA_AD) { + if (ldap_ad_autofs_schema_defaults(be_ctx->cdb, + be_ctx->conf_path)) { + DEBUG(SSSDBG_IMPORTANT_INFO, + "Your configuration uses the ldap autofs provider " + "with schema set to \"ad\" and default autofs attribute " + "mappings. The default map changed in this release, " + "please make sure the sssd configuration explicitly matches " + "the server attributes."); + sss_log(SSS_LOG_NOTICE, + _("Your configuration uses the ldap autofs provider " + "with schema set to \"ad\" and default autofs attribute " + "mappings. The default map changed in this release, " + "please make sure the sssd configuration explicitly matches " + "the server attributes.")); + } + } dp_set_method(dp_methods, DPM_AUTOFS_HANDLER, sdap_autofs_handler_send, sdap_autofs_handler_recv, id_ctx, struct sdap_id_ctx, struct dp_autofs_data, struct dp_reply_std); -- 2.4.11