On (29/06/16 13:12), Jakub Hrozek wrote: >On Wed, Jun 29, 2016 at 12:48:36PM +0200, Lukas Slebodnik wrote: >> On (28/06/16 11:50), Jakub Hrozek wrote: >> >From b493cee9976b8dd62bea3d8f09b88ce809a40980 Mon Sep 17 00:00:00 2001 >> >From: Jakub Hrozek <jhro...@redhat.com> >> >Date: Thu, 19 Nov 2015 10:40:39 +0100 >> >Subject: [PATCH] LDAP: Change the default rfc2307 autofs attribute mappings >> > >> >Resolves: >> > https://fedorahosted.org/sssd/ticket/2858 >> > >> >The default attribute mappings we used to have: >> > ldap_autofs_map_object_class automountMap >> > ldap_autofs_map_name ou >> > ldap_autofs_entry_object_class automount >> > ldap_autofs_entry_key cn >> > ldap_autofs_entry_value automountInformation >> > >> >Was wrong. Instead, this patch switches to: >> > ldap_autofs_map_object_class nisMap >> > ldap_autofs_map_name nisMapName >> > ldap_autofs_entry_object_class nisObject >> > ldap_autofs_entry_key cn >> > ldap_autofs_entry_value nisMapEntry >> > >> >Which are attributes that are available with servers running the default >> >rfc2307 schema. In addition, this patch adds a syslog and DEBUG message >> >that warns administrators to double-check their configuration. >> > >> >We don't warn when the autofs provider is set to AD, because that one >> >is already correct. >> >--- >> > src/man/sssd-ldap.5.xml | 17 ++++---- >> > src/providers/ldap/ldap_common.h | 6 +++ >> > src/providers/ldap/ldap_options.c | 83 >> > ++++++++++++++++++++++++++++++++++++++- >> > src/providers/ldap/ldap_opts.c | 8 ++-- >> > src/providers/ldap/sdap_autofs.c | 17 ++++++++ >> > 5 files changed, 119 insertions(+), 12 deletions(-) >> > >> >diff --git a/src/providers/ldap/ldap_opts.c b/src/providers/ldap/ldap_opts.c >> >index >> >ff9bf0d8b6d4a8f677e08219e5105e3750b7a4a8..524579d4fcd478f20678bebf2c3ce18f61ed0cb9 >> > 100644 >> >--- a/src/providers/ldap/ldap_opts.c >> >+++ b/src/providers/ldap/ldap_opts.c >> >@@ -349,15 +349,15 @@ struct sdap_attr_map service_map[] = { >> > }; >> > >> > struct sdap_attr_map rfc2307_autofs_mobject_map[] = { >> >- { "ldap_autofs_map_object_class", "automountMap", SYSDB_AUTOFS_MAP_OC, >> >NULL }, >> >- { "ldap_autofs_map_name", "ou", SYSDB_AUTOFS_MAP_NAME, NULL }, >> >+ { "ldap_autofs_map_object_class", "nisMap", SYSDB_AUTOFS_MAP_OC, NULL >> >}, >> >+ { "ldap_autofs_map_name", "nisMapName", SYSDB_AUTOFS_MAP_NAME, NULL }, >> > SDAP_ATTR_MAP_TERMINATOR >> > }; >> > >> > struct sdap_attr_map rfc2307_autofs_entry_map[] = { >> >- { "ldap_autofs_entry_object_class", "automount", >> >SYSDB_AUTOFS_ENTRY_OC, NULL }, >> >+ { "ldap_autofs_entry_object_class", "nisObject", >> >SYSDB_AUTOFS_ENTRY_OC, NULL }, >> > { "ldap_autofs_entry_key", "cn", SYSDB_AUTOFS_ENTRY_KEY, NULL }, >> >- { "ldap_autofs_entry_value", "automountInformation", >> >SYSDB_AUTOFS_ENTRY_VALUE, NULL }, >> >+ { "ldap_autofs_entry_value", "nisMapEntry", SYSDB_AUTOFS_ENTRY_VALUE, >> >NULL }, >> > SDAP_ATTR_MAP_TERMINATOR >> > }; >> > >> >diff --git a/src/providers/ldap/sdap_autofs.c >> >b/src/providers/ldap/sdap_autofs.c >> >index >> >c02c04d5ca5addbfd1552176cac5f74fdd592503..db41b650ddcda99e6c221e856c259fcc43a10436 >> > 100644 >> >--- a/src/providers/ldap/sdap_autofs.c >> >+++ b/src/providers/ldap/sdap_autofs.c >> >@@ -313,6 +313,23 @@ errno_t sdap_autofs_init(TALLOC_CTX *mem_ctx, >> > return ret; >> > } >> > >> >+ if (id_ctx->opts->schema_type == SDAP_SCHEMA_AD) { >> >+ if (ldap_ad_autofs_schema_defaults(be_ctx->cdb, >> >+ be_ctx->conf_path)) { >> >+ DEBUG(SSSDBG_IMPORTANT_INFO, >> >+ "Your configuration uses the ldap autofs provider " >> >+ "with schema set to \"ad\" and default autofs attribute " >> >+ "mappings. The default map changed in this release, " >> >+ "please make sure the sssd configuration explicitly matches " >> >+ "the server attributes."); >> >+ sss_log(SSS_LOG_NOTICE, >> >+ _("Your configuration uses the ldap autofs provider " >> >+ "with schema set to \"ad\" and default autofs attribute " >> >+ "mappings. The default map changed in this release, " >> >+ "please make sure the sssd configuration explicitly >> >matches " >> >+ "the server attributes.")); >> Do we really need to log message for ad schema? >> I thought we will log message about change just for rfc2307. > >I tried to catch this scenario: > id_provider=ldap > autofs_provider=ldap > ldap_schema=ad > >With the previous versions, the attributes pointed to automountMap etc. >And there is a chance (unlikely) the admin extended the schema to keep >the config using defaults. > >> >> IIRC AD does not have by default schema for autofs. > >Right, that's the reason we should to change the defaults. AD only has >the most basic rfc2307 and our previous defaults forced the AD SSSD >admins to either change the mappings in the config file or extend the >schema.
The patch should fix ticket #2858; and this ticket says: autofs_provider = ldap ldap_schema = rfc2307 and the 4th comment says: The beauty of using older schema (rfc2307) to store automount information is, that we do not need to extend AD schema - which is in many cases quite troublesome action. So the warning should be logged for rfc2307 and not for AD. BTW it looks like we needn't change defaults for AD. LS _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
