LDAP: Augment the sdap_opts structure with a data provider pointer In order to be able to use the Data Provider methods from the SDAP code to e.g. invalidate memcache when needed, add a new field to the sdap_options structure with the data_provider structure pointer. Fill the pointer value for all LDAP-based providers. Related: https://pagure.io/SSSD/sssd/issue/2653 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

providers: Move hostid from ipa to sdap, v2 In the ldap provider, all option names are renamed to ldap_host_*. In the ipa provider the names haven't been changed. Host lookups for both ipa and ldap are handled in the ldap provider. sss_ssh_knownhostsproxy works but hostgroups are still only available in the ipa provider. I've also added some documentation for the ldap provider. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SDAP: Fix handling of search bases We were rewriting the sdap_domain's search bases for only the first sdap_domain in the list, which does not work for subdomains. Also when search bases were already initialized in sdap_domain_subdom_add, we should only rewrite them when they were explicitly set in sssd.conf. Resolves: https://pagure.io/SSSD/sssd/issue/3351 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

LDAP: Log autofs rfc2307 config changes only with enabled responder grep -nE "0x0040" /var/log/sssd/sssd_example.com.log 361:(Tue Aug 16 13:04:04 2016) [sssd[be[example.com]]] [ldap_get_autofs_options] (0x0040): Your configuration uses the autofs provider with schema set to rfc2307 and default attribute mappings. The default map has changed in this release, please make sure the configuration matches the server attributes. Reviewed-by: Petr Čech <pcech@redhat.com>

LDAP: Change the default rfc2307 autofs attribute mappings Resolves: https://fedorahosted.org/sssd/ticket/2858 The default attribute mappings we used to have: ldap_autofs_map_object_class automountMap ldap_autofs_map_name ou ldap_autofs_entry_object_class automount ldap_autofs_entry_key cn ldap_autofs_entry_value automountInformation Was wrong. Instead, this patch switches to: ldap_autofs_map_object_class nisMap ldap_autofs_map_name nisMapName ldap_autofs_entry_object_class nisObject ldap_autofs_entry_key cn ldap_autofs_entry_value nisMapEntry Which are attributes that are available with servers running the default rfc2307 schema. In addition, this patch adds a syslog and DEBUG message that warns administrators to double-check their configuration. We don't warn when the autofs provider is set to AD, because that one is already correct. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

SDAP: handle ret properly in ldap_get_options() Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

sudo: remove unused param. in ldap_get_sudo_options Remove unused talloc memory context. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

LDAP: Move sdap_create_search_base from ldap to sdap code The function shouldn't be placed in the LDAP tree, but in the SDAP tree to make it usable from tests without linking to libraries that are normally linked from LDAP provider (such as confdb) Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

Make LDAP extra attributes available to IPA and AD https://fedorahosted.org/sssd/ticket/2073 Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>

LDAP: Make it possible to extend an attribute map https://fedorahosted.org/sssd/ticket/2073 This commit adds a new option ldap_user_extra_attrs that is unset by default. When set, the option contains a list of LDAP attributes the LDAP provider would download and store in addition to the usual set. The list can either contain LDAP attribute names only, or colon-separated tuples of LDAP attribute and SSSD cache attribute name. In case only LDAP attribute name is specified, the attribute is saved to the cache verbatim. Using a custom SSSD attribute name might be required by environments that configure several SSSD domains with different LDAP schemas. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>

ldap: move options related content from ldap_common.c to ldap_options.c Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>