diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2011-08-03 19:54:53 +0000 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2011-08-03 19:54:53 +0000 |
| commit | d76bfc4731e425096679ce248f559de14f75a6bd (patch) | |
| tree | b50b2f08e87bdb4aabd2c3ebc8ac48b0634fb42f | |
| parent | c85da1930153a849f48b3dca0236610d528f730c (diff) | |
switch to using the member attribute by default instead of uniqueMember
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1484 ef36b2f9-881f-0410-afb5-c4e39611909c
| -rw-r--r-- | README | 9 | ||||
| -rw-r--r-- | nslcd.conf | 10 | ||||
| -rw-r--r-- | nslcd/attmap.c | 2 | ||||
| -rw-r--r-- | nslcd/attmap.h | 2 | ||||
| -rw-r--r-- | nslcd/group.c | 14 | ||||
| -rw-r--r-- | pynslcd/group.py | 12 | ||||
| -rw-r--r-- | tests/test_myldap.c | 4 |
7 files changed, 23 insertions, 30 deletions
@@ -299,7 +299,7 @@ group (objectClass=posixGroup) userPassword - password gidNumber - gid memberUid - members (user names) - uniqueMember - members (DN values) + member - members (DN values) hosts (objectClass=ipHost) cn - host name (and aliases) ipHostNumber - addresses @@ -355,7 +355,7 @@ by using the memberUid attribute, is the simplest and by far the fastest (takes the least number of lookups). This attribute maps to user names with the same values as the uid attribute would hold for posixAccount entries. -The second method is to use DN values in the uniqueMember attribute (attribute +The second method is to use DN values in the member attribute (attribute names can be changed by using the attribute mapping options as described in the manual page). This is potentially a lot slower because in the worst case every DN has to be looked up in the LDAP server to find the proper value for @@ -368,9 +368,8 @@ maintained that saves the DN to uid translations for 15 minutes. In all cases, users that are specified as member multiple times are returned only once. -Currently, having nested groups by uniqueMember values pointing to other -groups, as well as the memberOf attribute in posixAccount entries are -unsupported. +Currently, having nested groups by member values pointing to other groups, +as well as the memberOf attribute in posixAccount entries are unsupported. case sensitivity ---------------- @@ -78,9 +78,6 @@ base dc=example,dc=com #tls_cert #tls_key -# NDS mappings -#map group uniqueMember member - # Mappings for Services for UNIX 3.5 #filter passwd (objectClass=User) #map passwd uid msSFU30Name @@ -91,7 +88,7 @@ base dc=example,dc=com #map shadow uid msSFU30Name #map shadow userPassword msSFU30Password #filter group (objectClass=Group) -#map group uniqueMember msSFU30PosixMember +#map group member msSFU30PosixMember # Mappings for Services for UNIX 2.0 #filter passwd (objectClass=User) @@ -104,7 +101,7 @@ base dc=example,dc=com #map shadow userPassword msSFUPassword #map shadow shadowLastChange pwdLastSet #filter group (objectClass=Group) -#map group uniqueMember posixMember +#map group member posixMember # Mappings for Active Directory #pagesize 1000 @@ -118,7 +115,6 @@ base dc=example,dc=com #map shadow uid sAMAccountName #map shadow shadowLastChange pwdLastSet #filter group (objectClass=group) -#map group uniqueMember member # Alternative mappings for Active Directory # (replace the SIDs in the objectSid mappings with the value for your domain) @@ -134,7 +130,6 @@ base dc=example,dc=com #map passwd loginShell "/bin/bash" #filter group (|(objectClass=group)(objectClass=person)) #map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 -#map group uniqueMember member # Mappings for AIX SecureWay #filter passwd (objectClass=aixAccount) @@ -144,5 +139,4 @@ base dc=example,dc=com #map passwd gidNumber gid #filter group (objectClass=aixAccessGroup) #map group cn groupName -#map group uniqueMember member #map group gidNumber gid diff --git a/nslcd/attmap.c b/nslcd/attmap.c index 888dda3..d4eb3ba 100644 --- a/nslcd/attmap.c +++ b/nslcd/attmap.c @@ -146,7 +146,7 @@ const char **attmap_get_var(enum ldap_map_selector map,const char *name) if (strcasecmp(name,"userPassword")==0) return &attmap_group_userPassword; if (strcasecmp(name,"gidNumber")==0) return &attmap_group_gidNumber; if (strcasecmp(name,"memberUid")==0) return &attmap_group_memberUid; - if (strcasecmp(name,"uniqueMember")==0) return &attmap_group_uniqueMember; + if (strcasecmp(name,"member")==0) return &attmap_group_member; } else if (map==LM_HOSTS) { diff --git a/nslcd/attmap.h b/nslcd/attmap.h index 8c3e5ee..83d3489 100644 --- a/nslcd/attmap.h +++ b/nslcd/attmap.h @@ -36,7 +36,7 @@ extern const char *attmap_group_cn; extern const char *attmap_group_userPassword; extern const char *attmap_group_gidNumber; extern const char *attmap_group_memberUid; -extern const char *attmap_group_uniqueMember; +extern const char *attmap_group_member; extern const char *attmap_host_cn; extern const char *attmap_host_ipHostNumber; extern const char *attmap_netgroup_cn; diff --git a/nslcd/group.c b/nslcd/group.c index dc45eed..ce3c5c4 100644 --- a/nslcd/group.c +++ b/nslcd/group.c @@ -44,7 +44,7 @@ * MUST ( cn $ gidNumber ) * MAY ( userPassword $ memberUid $ description ) ) * - * apart from the above a uniqueMember attribute is also supported that + * apart from the above a member attribute is also supported that * may contains a DN of a user * * nested groups (groups that are member of a group) are currently @@ -65,7 +65,7 @@ const char *attmap_group_cn = "cn"; const char *attmap_group_userPassword = "\"*\""; const char *attmap_group_gidNumber = "gidNumber"; const char *attmap_group_memberUid = "memberUid"; -const char *attmap_group_uniqueMember = "uniqueMember"; +const char *attmap_group_member = "member"; /* special property for objectSid-based searches (these are already LDAP-escaped strings) */ @@ -142,7 +142,7 @@ static int mkfilter_group_bymember(MYLDAP_SESSION *session, "(&%s(|(%s=%s)(%s=%s)))", group_filter, attmap_group_memberUid,safeuid, - attmap_group_uniqueMember,safedn); + attmap_group_member,safedn); } void group_init(void) @@ -168,7 +168,7 @@ void group_init(void) attmap_add_attributes(set,attmap_group_userPassword); attmap_add_attributes(set,attmap_group_memberUid); attmap_add_attributes(set,attmap_group_gidNumber); - attmap_add_attributes(set,attmap_group_uniqueMember); + attmap_add_attributes(set,attmap_group_member); group_attrs=set_tolist(set); set_free(set); } @@ -221,8 +221,8 @@ static const char **getmembers(MYLDAP_ENTRY *entry,MYLDAP_SESSION *session) if (isvalidname(values[i])) set_add(set,values[i]); } - /* add the uniqueMember values */ - values=myldap_get_values(entry,attmap_group_uniqueMember); + /* add the member values */ + values=myldap_get_values(entry,attmap_group_member); if (values!=NULL) for (i=0;values[i]!=NULL;i++) { @@ -294,7 +294,7 @@ static int write_group(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname, passwd=get_userpassword(entry,attmap_group_userPassword,passbuffer,sizeof(passbuffer)); if (passwd==NULL) passwd=default_group_userPassword; - /* get group memebers (memberUid&uniqueMember) */ + /* get group memebers (memberUid&member) */ if (wantmembers) members=getmembers(entry,session); else diff --git a/pynslcd/group.py b/pynslcd/group.py index f4519e2..6fd19d3 100644 --- a/pynslcd/group.py +++ b/pynslcd/group.py @@ -36,7 +36,7 @@ attmap = common.Attributes(cn='cn', userPassword='"*"', gidNumber='gidNumber', memberUid='memberUid', - uniqueMember='uniqueMember') + member='member') filter = '(|(objectClass=posixGroup)(objectClass=groupOfUniqueNames))' @@ -63,8 +63,8 @@ class GroupRequest(common.Request): for member in clean(attributes['memberUid']): if common.isvalidname(member): members.add(member) - # translate and add the uniqueMember values - for memberdn in clean(attributes['uniqueMember']): + # translate and add the member values + for memberdn in clean(attributes['member']): member = dn2uid(self.conn, memberdn) if member and common.isvalidname(member): members.add(member) @@ -109,7 +109,7 @@ class GroupByMemberRequest(GroupRequest): # set up our own attributes that leave out membership attributes self.attmap = common.Attributes(attmap) del self.attmap['memberUid'] - del self.attmap['uniqueMember'] + del self.attmap['member'] def read_parameters(self, fp): memberuid = fp.read_string() @@ -122,12 +122,12 @@ class GroupByMemberRequest(GroupRequest): def mk_filter(self, parameters): # we still need a custom mk_filter because this is an | query memberuid = parameters['memberUid'] - if attmap['uniqueMember']: + if attmap['member']: dn = uid2dn(self.conn, memberuid) if dn: return '(&%s(|(%s=%s)(%s=%s)))' % ( self.filter, attmap['memberUid'], ldap.filter.escape_filter_chars(memberuid), - attmap['uniqueMember'], ldap.filter.escape_filter_chars(dn) ) + attmap['member'], ldap.filter.escape_filter_chars(dn) ) return '(&%s(%s=%s))' % ( self.filter, attmap['memberUid'], ldap.filter.escape_filter_chars(memberuid) ) diff --git a/tests/test_myldap.c b/tests/test_myldap.c index 6465538..ec2937a 100644 --- a/tests/test_myldap.c +++ b/tests/test_myldap.c @@ -102,7 +102,7 @@ static void test_get(void) MYLDAP_SESSION *session; MYLDAP_SEARCH *search1,*search2; MYLDAP_ENTRY *entry; - const char *attrs1[] = { "cn", "userPassword", "memberUid", "gidNumber", "uniqueMember", NULL }; + const char *attrs1[] = { "cn", "userPassword", "memberUid", "gidNumber", "member", NULL }; const char *attrs2[] = { "uid", NULL }; int rc; /* initialize session */ @@ -124,7 +124,7 @@ static void test_get(void) (void)myldap_get_values(entry,"gidNumber"); (void)myldap_get_values(entry,"userPassword"); (void)myldap_get_values(entry,"memberUid"); - (void)myldap_get_values(entry,"uniqueMember"); + (void)myldap_get_values(entry,"member"); /* perform another search */ printf("test_myldap: test_get(): doing get...\n"); search2=myldap_search(session,"cn=Test User2,ou=people,dc=test,dc=tld", |