[Freeipa-devel] [PATCH 200] slapi-nis: update configuration to allow external members

Mon, 22 Feb 2016 02:50:03 -0800 

Hi,

attached patch should update compat tree configuration if it exist to
follow slapi-nis 0.55 which has support for external members of IPA
groups.

However, the real work is done in SSSD. These patches are not upstreamed
yet. We'll need to bump SSSD dependency in future once they come to
distros.

--
/ Alexander Bokovoy

From b08234f61ce7c6286ca9109df11a4c469862c428 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <aboko...@redhat.com>
Date: Mon, 22 Feb 2016 12:40:03 +0200
Subject: [PATCH] slapi-nis: update configuration to allow external members of
 IPA groups

Currently in an environment with trust to AD the compat tree does not
show AD users as members of IPA groups. The reason is that IPA groups
are read directly from the IPA DS tree and external groups are not
handled.

slapi-nis project has added support for it in 0.55, make sure we update
configuration for the group map if it exists and depend on 0.55 version.

https://fedorahosted.org/freeipa/ticket/4403
---
 freeipa.spec.in                           | 2 +-
 install/updates/50-externalmembers.update | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 install/updates/50-externalmembers.update

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 54a11bf..0b14bdc 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -153,7 +153,7 @@ Requires(pre): systemd-units
 Requires(post): systemd-units
 Requires: selinux-policy >= %{selinux_policy_version}
 Requires(post): selinux-policy-base >= %{selinux_policy_version}
-Requires: slapi-nis >= 0.54.2-1
+Requires: slapi-nis >= 0.55-1
 Requires: pki-ca >= 10.2.6-13
 Requires: pki-kra >= 10.2.6-13
 Requires(preun): python systemd-units
diff --git a/install/updates/50-externalmembers.update 
b/install/updates/50-externalmembers.update
new file mode 100644
index 0000000..0831cd2
--- /dev/null
+++ b/install/updates/50-externalmembers.update
@@ -0,0 +1,4 @@
+dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
+addifexist: schema-compat-entry-attribute: 
ipaexternalmember=%deref_r("member","ipaexternalmember")
+addifexist: schema-compat-entry-attribute: objectclass=ipaexternalgroup
+
-- 
2.5.0


-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to