diff options
| author | Jonathan Matthew <jmatthew@cvs.openbsd.org> | 2012-04-30 11:28:26 +0000 |
|---|---|---|
| committer | Jonathan Matthew <jmatthew@cvs.openbsd.org> | 2012-04-30 11:28:26 +0000 |
| commit | 0941408420bc522f027416ef3b5c9120a442d8e0 (patch) | |
| tree | 9b71862113c7093c155ebd17338297cf19e4c238 /usr.sbin/ypldap | |
| parent | 3ddae7a5382ca3c38b605afad9991af78d4f9233 (diff) | |
add 'groupdn' option for specifying a separate base DN for group searches.
from Jim Smith, ok dlg@
Diffstat (limited to 'usr.sbin/ypldap')
| -rw-r--r-- | usr.sbin/ypldap/ldapclient.c | 9 | ||||
| -rw-r--r-- | usr.sbin/ypldap/parse.y | 15 | ||||
| -rw-r--r-- | usr.sbin/ypldap/ypldap.conf.5 | 8 | ||||
| -rw-r--r-- | usr.sbin/ypldap/ypldap.h | 3 |
4 files changed, 28 insertions, 7 deletions
diff --git a/usr.sbin/ypldap/ldapclient.c b/usr.sbin/ypldap/ldapclient.c index b24066a668e..3c9fc1440de 100644 --- a/usr.sbin/ypldap/ldapclient.c +++ b/usr.sbin/ypldap/ldapclient.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldapclient.c,v 1.24 2012/03/15 03:44:46 jmatthew Exp $ */ +/* $OpenBSD: ldapclient.c,v 1.25 2012/04/30 11:28:25 jmatthew Exp $ */ /* * Copyright (c) 2008 Alexander Schrijver <aschrijver@openbsd.org> @@ -513,8 +513,13 @@ client_search_idm(struct env *env, struct idm *idm, struct aldap *al, struct idm_req ir; struct aldap_message *m; const char *errstr; + char *dn; - if (aldap_search(al, idm->idm_basedn, LDAP_SCOPE_SUBTREE, + dn = idm->idm_basedn; + if (type == IMSG_GRP_ENTRY && idm->idm_groupdn[0] != '\0') + dn = idm->idm_groupdn; + + if (aldap_search(al, dn, LDAP_SCOPE_SUBTREE, filter, attrs, 0, 0, 0) == -1) { aldap_get_errno(al, &errstr); log_debug("%s", errstr); diff --git a/usr.sbin/ypldap/parse.y b/usr.sbin/ypldap/parse.y index ae55fda5873..24091d7e234 100644 --- a/usr.sbin/ypldap/parse.y +++ b/usr.sbin/ypldap/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.10 2011/08/28 11:53:16 aschrijver Exp $ */ +/* $OpenBSD: parse.y,v 1.11 2012/04/30 11:28:25 jmatthew Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -96,7 +96,7 @@ typedef struct { %} -%token SERVER FILTER ATTRIBUTE BASEDN BINDDN BINDCRED MAPS CHANGE DOMAIN PROVIDE +%token SERVER FILTER ATTRIBUTE BASEDN BINDDN GROUPDN BINDCRED MAPS CHANGE DOMAIN PROVIDE %token USER GROUP TO EXPIRE HOME SHELL GECOS UID GID INTERVAL %token PASSWD NAME FIXED LIST GROUPNAME GROUPPASSWD GROUPGID MAP %token INCLUDE DIRECTORY CLASS PORT ERROR GROUPMEMBERS @@ -203,6 +203,16 @@ diropt : BINDDN STRING { YYERROR; } free($2); + } + | GROUPDN STRING { + if(strlcpy(idm->idm_groupdn, $2, + sizeof(idm->idm_groupdn)) >= + sizeof(idm->idm_groupdn)) { + yyerror("directory groupdn truncated"); + free($2); + YYERROR; + } + free($2); } | opcode FILTER STRING { if (strlcpy(idm->idm_filters[$1], $3, @@ -356,6 +366,7 @@ lookup(char *s) { "gecos", GECOS }, { "gid", GID }, { "group", GROUP }, + { "groupdn", GROUPDN }, { "groupgid", GROUPGID }, { "groupmembers", GROUPMEMBERS }, { "groupname", GROUPNAME }, diff --git a/usr.sbin/ypldap/ypldap.conf.5 b/usr.sbin/ypldap/ypldap.conf.5 index 9dff42f4cf6..386368bfa36 100644 --- a/usr.sbin/ypldap/ypldap.conf.5 +++ b/usr.sbin/ypldap/ypldap.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ypldap.conf.5,v 1.18 2012/04/24 14:56:09 jmc Exp $ +.\" $OpenBSD: ypldap.conf.5,v 1.19 2012/04/30 11:28:25 jmatthew Exp $ .\" .\" Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: April 24 2012 $ +.Dd $Mdocdate: April 30 2012 $ .Dt YPLDAP.CONF 5 .Os .Sh NAME @@ -103,6 +103,10 @@ or attribute to the LDAP attribute name supplied. .It Ic basedn Ar string Use the supplied search base as starting point for the directory search. +.It Ic groupdn Ar string +Use the supplied search base as starting point for the directory search for +groups. +If not supplied, the basedn value will be used. .It Ic bindcred Ar string Use the supplied credentials for simple authentication against the directory. .It Ic binddn Ar string diff --git a/usr.sbin/ypldap/ypldap.h b/usr.sbin/ypldap/ypldap.h index 3818fe93f22..e7933e75cd7 100644 --- a/usr.sbin/ypldap/ypldap.h +++ b/usr.sbin/ypldap/ypldap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ypldap.h,v 1.12 2011/08/28 11:53:16 aschrijver Exp $ */ +/* $OpenBSD: ypldap.h,v 1.13 2012/04/30 11:28:25 jmatthew Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -95,6 +95,7 @@ struct idm { char idm_binddn[LINE_WIDTH]; char idm_bindcred[LINE_WIDTH]; char idm_basedn[LINE_WIDTH]; + char idm_groupdn[LINE_WIDTH]; #define FILTER_USER 1 #define FILTER_GROUP 0 char idm_filters[2][FILTER_WIDTH]; |