Resolves: upstream#3726 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
This commit is contained in:
Fabiano Fidêncio
parent
510134aa02
commit
163543f40b
@ -0,0 +1,50 @@
|
||||
From 1ff0edffde5b86e73c20c485236b9b20f22f6f7a Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Hrozek <jhrozek@redhat.com>
|
||||
Date: Mon, 30 Apr 2018 15:31:49 +0200
|
||||
Subject: [PATCH] AD: Warn if the LDAP schema is overriden with the AD provider
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Resolves:
|
||||
https://pagure.io/SSSD/sssd/issue/3726
|
||||
|
||||
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
||||
(cherry picked from commit 3cff2c5e563d967366d534bd3fc8c410f6467ea6)
|
||||
---
|
||||
src/providers/ad/ad_common.c | 12 ++++++++++++
|
||||
1 file changed, 12 insertions(+)
|
||||
|
||||
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
|
||||
index d92c68e6f..c39dcfad6 100644
|
||||
--- a/src/providers/ad/ad_common.c
|
||||
+++ b/src/providers/ad/ad_common.c
|
||||
@@ -1000,6 +1000,7 @@ ad_set_sdap_options(struct ad_options *ad_opts,
|
||||
errno_t ret;
|
||||
char *krb5_realm;
|
||||
char *keytab_path;
|
||||
+ const char *schema;
|
||||
|
||||
/* We only support Kerberos password policy with AD, so
|
||||
* force that on.
|
||||
@@ -1050,6 +1051,17 @@ ad_set_sdap_options(struct ad_options *ad_opts,
|
||||
goto done;
|
||||
}
|
||||
|
||||
+ /* Warn if the user is doing something silly like overriding the schema
|
||||
+ * with the AD provider
|
||||
+ */
|
||||
+ schema = dp_opt_get_string(id_opts->basic, SDAP_SCHEMA);
|
||||
+ if (schema != NULL && strcasecmp(schema, "ad") != 0) {
|
||||
+ DEBUG(SSSDBG_IMPORTANT_INFO,
|
||||
+ "The AD provider only supports the AD LDAP schema. "
|
||||
+ "SSSD will ignore the ldap_schema option value and proceed "
|
||||
+ "with ldap_schema=ad\n");
|
||||
+ }
|
||||
+
|
||||
/* fix schema to AD */
|
||||
id_opts->schema_type = SDAP_SCHEMA_AD;
|
||||
|
||||
--
|
||||
2.17.0
|
||||
|
||||
@ -98,6 +98,7 @@ Patch0053: 0053-TESTS-simple-CA-to-generate-certificates-for-test.patch
|
||||
Patch0054: 0054-TESTS-replace-hardcoded-certificates.patch
|
||||
Patch0055: 0055-DYNDNS-Move-the-retry-logic-into-a-separate-function.patch
|
||||
Patch0056: 0056-DYNDNS-Retry-also-on-timeouts.patch
|
||||
Patch0057: 0057-AD-Warn-if-the-LDAP-schema-is-overriden-with-the-AD-.patch
|
||||
|
||||
Patch0502: 0502-SYSTEMD-Use-capabilities.patch
|
||||
Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch
|
||||
@ -1304,6 +1305,9 @@ fi
|
||||
lifetime
|
||||
- Resolves: upstream#3725 - sssd not honoring dyndns_server if the DNS update
|
||||
process is terminated with a signal
|
||||
- Resolves: upstream#3726 - SSSD with ID provider 'ad' should give a warning
|
||||
in case the ldap schema is manually changed to
|
||||
something different than 'ad'.
|
||||
|
||||
* Sat May 05 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-4
|
||||
- Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa
|
||||
|
||||
Loading…
Reference in New Issue
Block a user