From 163543f40b83d9ec21c06a5dc05a2cd749f4f5c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Mon, 14 May 2018 09:03:15 +0200 Subject: [PATCH] Resolves: upstream#3726 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabiano FidĂȘncio --- ...DAP-schema-is-overriden-with-the-AD-.patch | 50 +++++++++++++++++++ sssd.spec | 4 ++ 2 files changed, 54 insertions(+) create mode 100644 0057-AD-Warn-if-the-LDAP-schema-is-overriden-with-the-AD-.patch diff --git a/0057-AD-Warn-if-the-LDAP-schema-is-overriden-with-the-AD-.patch b/0057-AD-Warn-if-the-LDAP-schema-is-overriden-with-the-AD-.patch new file mode 100644 index 0000000..a787a96 --- /dev/null +++ b/0057-AD-Warn-if-the-LDAP-schema-is-overriden-with-the-AD-.patch @@ -0,0 +1,50 @@ +From 1ff0edffde5b86e73c20c485236b9b20f22f6f7a Mon Sep 17 00:00:00 2001 +From: Jakub Hrozek +Date: Mon, 30 Apr 2018 15:31:49 +0200 +Subject: [PATCH] AD: Warn if the LDAP schema is overriden with the AD provider +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Resolves: +https://pagure.io/SSSD/sssd/issue/3726 + +Reviewed-by: Fabiano FidĂȘncio +(cherry picked from commit 3cff2c5e563d967366d534bd3fc8c410f6467ea6) +--- + src/providers/ad/ad_common.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c +index d92c68e6f..c39dcfad6 100644 +--- a/src/providers/ad/ad_common.c ++++ b/src/providers/ad/ad_common.c +@@ -1000,6 +1000,7 @@ ad_set_sdap_options(struct ad_options *ad_opts, + errno_t ret; + char *krb5_realm; + char *keytab_path; ++ const char *schema; + + /* We only support Kerberos password policy with AD, so + * force that on. +@@ -1050,6 +1051,17 @@ ad_set_sdap_options(struct ad_options *ad_opts, + goto done; + } + ++ /* Warn if the user is doing something silly like overriding the schema ++ * with the AD provider ++ */ ++ schema = dp_opt_get_string(id_opts->basic, SDAP_SCHEMA); ++ if (schema != NULL && strcasecmp(schema, "ad") != 0) { ++ DEBUG(SSSDBG_IMPORTANT_INFO, ++ "The AD provider only supports the AD LDAP schema. " ++ "SSSD will ignore the ldap_schema option value and proceed " ++ "with ldap_schema=ad\n"); ++ } ++ + /* fix schema to AD */ + id_opts->schema_type = SDAP_SCHEMA_AD; + +-- +2.17.0 + diff --git a/sssd.spec b/sssd.spec index ce8fcdb..03f0e20 100644 --- a/sssd.spec +++ b/sssd.spec @@ -98,6 +98,7 @@ Patch0053: 0053-TESTS-simple-CA-to-generate-certificates-for-test.patch Patch0054: 0054-TESTS-replace-hardcoded-certificates.patch Patch0055: 0055-DYNDNS-Move-the-retry-logic-into-a-separate-function.patch Patch0056: 0056-DYNDNS-Retry-also-on-timeouts.patch +Patch0057: 0057-AD-Warn-if-the-LDAP-schema-is-overriden-with-the-AD-.patch Patch0502: 0502-SYSTEMD-Use-capabilities.patch Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch @@ -1304,6 +1305,9 @@ fi lifetime - Resolves: upstream#3725 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal +- Resolves: upstream#3726 - SSSD with ID provider 'ad' should give a warning + in case the ldap schema is manually changed to + something different than 'ad'. * Sat May 05 2018 Fabiano FidĂȘncio - 1.16.1-4 - Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa