On Mon, 22 Feb 2016, Tomas Babej wrote:


On 02/22/2016 11:48 AM, Alexander Bokovoy wrote:
Hi,

attached patch should update compat tree configuration if it exist to
follow slapi-nis 0.55 which has support for external members of IPA
groups.

However, the real work is done in SSSD. These patches are not upstreamed
yet. We'll need to bump SSSD dependency in future once they come to
distros.




This looks good.

However, the new update file needs to be added to Makefile.am.
Additionally, patch adds a whitespace error.
Updated patch is attached.

--
/ Alexander Bokovoy
From 6d50894c6ac2cf7f32b152bd09c16cde2fc327fb Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <aboko...@redhat.com>
Date: Mon, 22 Feb 2016 12:40:03 +0200
Subject: [PATCH] slapi-nis: update configuration to allow external members of
 IPA groups

Currently in an environment with trust to AD the compat tree does not
show AD users as members of IPA groups. The reason is that IPA groups
are read directly from the IPA DS tree and external groups are not
handled.

slapi-nis project has added support for it in 0.55, make sure we update
configuration for the group map if it exists and depend on 0.55 version.

https://fedorahosted.org/freeipa/ticket/4403
---
 freeipa.spec.in                           | 2 +-
 install/updates/50-externalmembers.update | 3 +++
 install/updates/Makefile.am               | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 install/updates/50-externalmembers.update

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 54a11bf..0b14bdc 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -153,7 +153,7 @@ Requires(pre): systemd-units
 Requires(post): systemd-units
 Requires: selinux-policy >= %{selinux_policy_version}
 Requires(post): selinux-policy-base >= %{selinux_policy_version}
-Requires: slapi-nis >= 0.54.2-1
+Requires: slapi-nis >= 0.55-1
 Requires: pki-ca >= 10.2.6-13
 Requires: pki-kra >= 10.2.6-13
 Requires(preun): python systemd-units
diff --git a/install/updates/50-externalmembers.update 
b/install/updates/50-externalmembers.update
new file mode 100644
index 0000000..6b9c5dd
--- /dev/null
+++ b/install/updates/50-externalmembers.update
@@ -0,0 +1,3 @@
+dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
+addifexist: schema-compat-entry-attribute: 
ipaexternalmember=%deref_r("member","ipaexternalmember")
+addifexist: schema-compat-entry-attribute: objectclass=ipaexternalgroup
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index b04ab48..3edc214 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -45,6 +45,7 @@ app_DATA =                            \
        50-krbenctypes.update           \
        50-nis.update                   \
        50-ipaconfig.update             \
+       50-externalmembers.update       \
        55-pbacmemberof.update          \
        59-trusts-sysacount.update      \
        60-trusts.update                \
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to