sssd/0012-IPA-Change-the-default-of-ldap_user_certificate-to-u.patch

From 4c8af4a9bd8b0cdfa6820b3a39ae958869957dcb Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 10 Aug 2015 12:40:39 +0200
Subject: [PATCH 12/14] IPA: Change the default of ldap_user_certificate to
 userCertificate;binary
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is safe from ldb point of view, because ldb gurantees the data is
NULL-terminated. We must be careful before we save the data, though.

Resolves:
https://fedorahosted.org/sssd/ticket/2742

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
 src/man/sssd-ldap.5.xml      | 2 +-
 src/providers/ipa/ipa_opts.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index f14090843fd32141ad4f491b69868aa7b2412301..0239f656e4fab7d8d85a922fdd0978acd80a236b 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -821,7 +821,7 @@
                             certificate of the user.
                         </para>
                         <para>
-                            Default: no set in the general case, userCertificate
+                            Default: no set in the general case, userCertificate;binary
                             for IPA
                         </para>
                     </listitem>
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index 253c0715355536cc181c57beed5326a77e87e464..2f92ad765a1ca53611ed82e5e749c39d6f20a150 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -203,7 +203,7 @@ struct sdap_attr_map ipa_user_map[] = {
     { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL },
     { "ldap_user_ssh_public_key", "ipaSshPubKey", SYSDB_SSH_PUBKEY, NULL },
     { "ldap_user_auth_type", "ipaUserAuthType", SYSDB_AUTH_TYPE, NULL },
-    { "ldap_user_certificate", "userCertificate", SYSDB_USER_CERT, NULL },
+    { "ldap_user_certificate", "userCertificate;binary", SYSDB_USER_CERT, NULL },
     SDAP_ATTR_MAP_TERMINATOR
 };
 
-- 
2.5.0
Backport upstream patches required by FreeIPA 4.2.1 2015-09-07 16:37:40 +00:00			`From 4c8af4a9bd8b0cdfa6820b3a39ae958869957dcb Mon Sep 17 00:00:00 2001`
			`From: Jakub Hrozek <jhrozek@redhat.com>`
			`Date: Mon, 10 Aug 2015 12:40:39 +0200`
			`Subject: [PATCH 12/14] IPA: Change the default of ldap_user_certificate to`
			`userCertificate;binary`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`This is safe from ldb point of view, because ldb gurantees the data is`
			`NULL-terminated. We must be careful before we save the data, though.`

			`Resolves:`
			`https://fedorahosted.org/sssd/ticket/2742`

			`Reviewed-by: Pavel Březina <pbrezina@redhat.com>`
			`---`
			`src/man/sssd-ldap.5.xml \| 2 +-`
			`src/providers/ipa/ipa_opts.h \| 2 +-`
			`2 files changed, 2 insertions(+), 2 deletions(-)`

			`diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml`
			`index f14090843fd32141ad4f491b69868aa7b2412301..0239f656e4fab7d8d85a922fdd0978acd80a236b 100644`
			`--- a/src/man/sssd-ldap.5.xml`
			`+++ b/src/man/sssd-ldap.5.xml`
			`@@ -821,7 +821,7 @@`
			`certificate of the user.`
			`</para>`
			`<para>`
			`- Default: no set in the general case, userCertificate`
			`+ Default: no set in the general case, userCertificate;binary`
			`for IPA`
			`</para>`
			`</listitem>`
			`diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h`
			`index 253c0715355536cc181c57beed5326a77e87e464..2f92ad765a1ca53611ed82e5e749c39d6f20a150 100644`
			`--- a/src/providers/ipa/ipa_opts.h`
			`+++ b/src/providers/ipa/ipa_opts.h`
			`@@ -203,7 +203,7 @@ struct sdap_attr_map ipa_user_map[] = {`
			`{ "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL },`
			`{ "ldap_user_ssh_public_key", "ipaSshPubKey", SYSDB_SSH_PUBKEY, NULL },`
			`{ "ldap_user_auth_type", "ipaUserAuthType", SYSDB_AUTH_TYPE, NULL },`
			`- { "ldap_user_certificate", "userCertificate", SYSDB_USER_CERT, NULL },`
			`+ { "ldap_user_certificate", "userCertificate;binary", SYSDB_USER_CERT, NULL },`
			`SDAP_ATTR_MAP_TERMINATOR`
			`};`

			`--`
			`2.5.0`