Resolves: upstream#3726 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 163543f40b)
(cherry picked from commit 681d87c2ae)
This commit is contained in:
Fabiano Fidêncio 2018-05-14 09:03:15 +02:00
parent b6d54af437
commit b23bb96b5d
2 changed files with 54 additions and 0 deletions

View File

@ -0,0 +1,50 @@
From 1ff0edffde5b86e73c20c485236b9b20f22f6f7a Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 30 Apr 2018 15:31:49 +0200
Subject: [PATCH] AD: Warn if the LDAP schema is overriden with the AD provider
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Resolves:
https://pagure.io/SSSD/sssd/issue/3726
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 3cff2c5e563d967366d534bd3fc8c410f6467ea6)
---
src/providers/ad/ad_common.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
index d92c68e6f..c39dcfad6 100644
--- a/src/providers/ad/ad_common.c
+++ b/src/providers/ad/ad_common.c
@@ -1000,6 +1000,7 @@ ad_set_sdap_options(struct ad_options *ad_opts,
errno_t ret;
char *krb5_realm;
char *keytab_path;
+ const char *schema;
/* We only support Kerberos password policy with AD, so
* force that on.
@@ -1050,6 +1051,17 @@ ad_set_sdap_options(struct ad_options *ad_opts,
goto done;
}
+ /* Warn if the user is doing something silly like overriding the schema
+ * with the AD provider
+ */
+ schema = dp_opt_get_string(id_opts->basic, SDAP_SCHEMA);
+ if (schema != NULL && strcasecmp(schema, "ad") != 0) {
+ DEBUG(SSSDBG_IMPORTANT_INFO,
+ "The AD provider only supports the AD LDAP schema. "
+ "SSSD will ignore the ldap_schema option value and proceed "
+ "with ldap_schema=ad\n");
+ }
+
/* fix schema to AD */
id_opts->schema_type = SDAP_SCHEMA_AD;
--
2.17.0

View File

@ -99,6 +99,7 @@ Patch0053: 0053-TESTS-simple-CA-to-generate-certificates-for-test.patch
Patch0054: 0054-TESTS-replace-hardcoded-certificates.patch
Patch0055: 0055-DYNDNS-Move-the-retry-logic-into-a-separate-function.patch
Patch0056: 0056-DYNDNS-Retry-also-on-timeouts.patch
Patch0057: 0057-AD-Warn-if-the-LDAP-schema-is-overriden-with-the-AD-.patch
Patch0502: 0502-SYSTEMD-Use-capabilities.patch
Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch
@ -1304,6 +1305,9 @@ fi
lifetime
- Resolves: upstream#3725 - sssd not honoring dyndns_server if the DNS update
process is terminated with a signal
- Resolves: upstream#3726 - SSSD with ID provider 'ad' should give a warning
in case the ldap schema is manually changed to
something different than 'ad'.
* Sat May 05 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-4
- Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa