ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina Simo Sorce <ssorce@redhat.com>
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina Copyright (C) 2008-2010 Red Hat
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina This program is free software; you can redistribute it and/or modify
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina it under the terms of the GNU General Public License as published by
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina the Free Software Foundation; either version 3 of the License, or
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina (at your option) any later version.
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina This program is distributed in the hope that it will be useful,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina but WITHOUT ANY WARRANTY; without even the implied warranty of
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina GNU General Public License for more details.
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina You should have received a copy of the GNU General Public License
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina along with this program. If not, see <http://www.gnu.org/licenses/>.
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina const int search_base_options[] = { SDAP_USER_SEARCH_BASE,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina opts = talloc_zero(memctx, struct sdap_options);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* Handle search bases */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina search_base = dp_opt_get_string(opts->basic, SDAP_SEARCH_BASE);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* set user/group/netgroup search bases if they are not */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina for (o = 0; search_base_options[o] != -1; o++) {
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina if (NULL == dp_opt_get_string(opts->basic, search_base_options[o])) {
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = dp_opt_set_string(opts->basic, search_base_options[o],
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "Search base not set, trying to discover it later when "
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "connecting to the LDAP server.\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* Default search */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = sdap_parse_search_base(opts, opts->basic,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* User search */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = sdap_parse_search_base(opts, opts->basic,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* Group search base */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = sdap_parse_search_base(opts, opts->basic,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* Netgroup search */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = sdap_parse_search_base(opts, opts->basic,
60a715a0dd79873d2d2607eab8fdfaf0ffd2e7d3Hristo Venev /* Netgroup search */
60a715a0dd79873d2d2607eab8fdfaf0ffd2e7d3Hristo Venev ret = sdap_parse_search_base(opts, opts->basic,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* Service search */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = sdap_parse_search_base(opts, opts->basic,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "Missing password policy, this may not happen.\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) != 0 &&
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) != 0 &&
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina strcasecmp(pwd_policy, PWD_POL_OPT_MIT) != 0) {
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "Unsupported password policy [%s].\n", pwd_policy);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* account_cache_expiration must be >= than offline_credentials_expiration */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get value of %s from confdb \n",
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina account_cache_expiration = dp_opt_get_int(opts->basic,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* account cache_expiration must not be smaller than
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina * offline_credentials_expiration to prevent deleting entries that
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina * still contain credentials valid for offline login.
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina * offline_credentials_expiration == 0 is a special case that says
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina * that the cached credentials are valid forever. Therefore, the cached
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina * entries must not be purged from cache.
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina if (!offline_credentials_expiration && account_cache_expiration) {
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "Conflicting values for options %s (unlimited) "
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "and %s (%d)\n",
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina if (offline_credentials_expiration && account_cache_expiration &&
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina offline_credentials_expiration > account_cache_expiration) {
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Value of %s (now %d) must be larger "
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "than value of %s (now %d)\n",
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ldap_deref = dp_opt_get_string(opts->basic, SDAP_DEREF);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = deref_string_to_val(ldap_deref, &ldap_deref_val);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Failed to verify ldap_deref option.\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ldap_referrals = dp_opt_get_bool(opts->basic, SDAP_REFERRALS);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "LDAP referrals are not supported, because the LDAP library "
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "is too old, see sssd-ldap(5) for details.\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = dp_opt_set_bool(opts->basic, SDAP_REFERRALS, false);
383840c0c9c440710352076f844a64745121d251Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* schema type */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina schema = dp_opt_get_string(opts->basic, SDAP_SCHEMA);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_FATAL_FAILURE, "Unrecognized schema type: %s\n", schema);
4dd38025efda88f123eac672f87d3cda12f050c8Jakub Hrozek ret = sdap_extend_map_with_list(opts, opts, SDAP_USER_EXTRA_ATTRS,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* If there is no KDC, try the deprecated krb5_kdcip option, too */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* FIXME - this can be removed in a future version */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = krb5_try_kdcip(cdb, conf_path, opts->basic, SDAP_KRB5_KDC);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina authtok_type = dp_opt_get_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina strcasecmp(authtok_type,"obfuscated_password") == 0) {
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_TRACE_ALL, "Found obfuscated password, "
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "trying to convert to cleartext.\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina authtok_blob = dp_opt_get_blob(opts->basic, SDAP_DEFAULT_AUTHTOK);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina if (authtok_blob.data == NULL || authtok_blob.length == 0) {
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Missing obfuscated password string.\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = sss_password_decrypt(memctx, (char *) authtok_blob.data,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Cannot convert the obfuscated "
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "password back to cleartext\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = dp_opt_set_blob(opts->basic, SDAP_DEFAULT_AUTHTOK, authtok_blob);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = dp_opt_set_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
8835ecb2ff5126629993a6b6d3fb0bb7baa3b765Pavel Reichlint ldap_get_sudo_options(struct confdb_ctx *cdb,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* search base */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina search_base = dp_opt_get_string(opts->basic, SDAP_SEARCH_BASE);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* set sudo search bases if they are not */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina if (dp_opt_get_string(opts->basic, SDAP_SUDO_SEARCH_BASE) == NULL) {
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = dp_opt_set_string(opts->basic, SDAP_SUDO_SEARCH_BASE,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Could not set SUDO search base"
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "to default value\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_FUNC_DATA, "Option %s set to %s\n",
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina dp_opt_get_string(opts->basic, SDAP_SUDO_SEARCH_BASE));
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Search base not set, trying to discover it later "
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "connecting to the LDAP server.\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = sdap_parse_search_base(opts, opts->basic,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Could not parse SUDO search base\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* attrs map */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Could not get SUDO attribute map\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* host filter */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina *use_host_filter = dp_opt_get_bool(opts->basic, SDAP_SUDO_USE_HOST_FILTER);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina *include_netgroups = dp_opt_get_bool(opts->basic, SDAP_SUDO_INCLUDE_NETGROUPS);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina *include_regexp = dp_opt_get_bool(opts->basic, SDAP_SUDO_INCLUDE_REGEXP);
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozekstatic bool has_defaults(struct confdb_ctx *cdb,
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek const char *attrs[])
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek return false;
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek ret = confdb_get_string(cdb, tmp_ctx, conf_path,
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek/* Return true if rfc2307 schema is used and all autofs options use
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek * defaults. Should be removed in future, see
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozekstatic bool ldap_rfc2307_autofs_defaults(struct confdb_ctx *cdb,
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek rfc2307_autofs_entry_map[SDAP_OC_AUTOFS_ENTRY].opt_name,
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek /* SDAP_AT_AUTOFS_ENTRY_KEY missing on purpose, its value was
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek * the same between the wrong and correct schema
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek rfc2307_autofs_entry_map[SDAP_AT_AUTOFS_ENTRY_VALUE].opt_name,
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek rfc2307_autofs_mobject_map[SDAP_OC_AUTOFS_MAP].opt_name,
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek rfc2307_autofs_mobject_map[SDAP_AT_AUTOFS_MAP_NAME].opt_name,
d9065da2a103fe88b548904bb215c9bb1f21afa2Lukas Slebodnik DEBUG(SSSDBG_FATAL_FAILURE, "Unable to read from confdb [%d]: %s\n",
d9065da2a103fe88b548904bb215c9bb1f21afa2Lukas Slebodnik if (string_in_list("autofs", services, true) == false) {
d9065da2a103fe88b548904bb215c9bb1f21afa2Lukas Slebodnik has_autofs_defaults = has_defaults(cdb, conf_path, attrs);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březinaint ldap_get_autofs_options(TALLOC_CTX *memctx,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* search base */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina search_base = dp_opt_get_string(opts->basic, SDAP_SEARCH_BASE);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* set autofs search bases if they are not */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina if (dp_opt_get_string(opts->basic, SDAP_AUTOFS_SEARCH_BASE) == NULL) {
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = dp_opt_set_string(opts->basic, SDAP_AUTOFS_SEARCH_BASE,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Could not set autofs search base"
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "to default value\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_FUNC_DATA, "Option %s set to %s\n",
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina opts->basic[SDAP_AUTOFS_SEARCH_BASE].opt_name,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina dp_opt_get_string(opts->basic, SDAP_AUTOFS_SEARCH_BASE));
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Search base not set, trying to discover it later "
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "connecting to the LDAP server.\n");
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek if (opts->schema_type == SDAP_SCHEMA_RFC2307 &&
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek ldap_rfc2307_autofs_defaults(cdb, conf_path) == true) {
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek "Your configuration uses the autofs provider "
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek "with schema set to rfc2307 and default attribute mappings. "
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek "The default map has changed in this release, please make "
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek "sure the configuration matches the server attributes.\n");
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek _("Your configuration uses the autofs provider "
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek "with schema set to rfc2307 and default attribute mappings. "
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek "The default map has changed in this release, please make "
999d6066c7a96f102b692d31435d76114478e874Jakub Hrozek "sure the configuration matches the server attributes.\n"));
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = sdap_parse_search_base(opts, opts->basic,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Could not parse autofs search base\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* attribute maps */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina default_mobject_map = rfc2307_autofs_mobject_map;
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina default_mobject_map = rfc2307bis_autofs_mobject_map;
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina default_entry_map = rfc2307bis_autofs_entry_map;
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unknown LDAP schema!\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "Could not get autofs map object attribute map\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "Could not get autofs entry object attribute map\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březinaerrno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina old_filter = dp_opt_get_string(opts, SDAP_USER_SEARCH_FILTER);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina old_filter = dp_opt_get_string(opts, SDAP_GROUP_SEARCH_FILTER);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* Non-fatal */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina unparsed_base = dp_opt_get_string(opts, class);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina if (!unparsed_base || unparsed_base[0] == '\0') return ENOENT;
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina return common_parse_search_base(mem_ctx, unparsed_base,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březinaerrno_t common_parse_search_base(TALLOC_CTX *mem_ctx,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* Create a throwaway LDB context for validating the DN */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = split_on_separator(tmp_ctx, unparsed_base, '?', false, false,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* The split must be either exactly one value or a multiple of
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina * three in order to be valid.
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina * One value: just a base, backwards-compatible with pre-1.7.0 versions
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina * Multiple: search_base?scope?filter[?search_base?scope?filter]*
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "Unparseable search base: [%s][%d]\n", unparsed_base, count);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina search_bases = talloc_array(tmp_ctx, struct sdap_search_base *, 2);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* Using a deprecated ldap_{user,group}_search_filter */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_IMPORTANT_INFO, "WARNING: Using a deprecated filter "
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "option for %s. Please see the documentation on LDAP search "
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "bases to see how the obsolete option can be migrated\n",
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina sss_log(SSS_LOG_NOTICE, "WARNING: Using a deprecated filter option"
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "for %s. Please see the documentation on LDAP search bases "
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "to see how the obsolete option can be migrated\n",
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ret = sdap_create_search_base(search_bases, unparsed_base,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Cannot create new sdap search base\n");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "Search base added: [%s][%s][%s][%s]\n",
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina search_bases[0]->filter ? search_bases[0]->filter : "");
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina search_bases = talloc_array(tmp_ctx, struct sdap_search_base *,
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "Zero-length search base: [%s]\n", unparsed_base);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* Validate the basedn */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina ldn = ldb_dn_new(tmp_ctx, ldb, split_bases[c]);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "Invalid base DN [%s]\n",
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* Set the search base DN */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina search_bases[i]->basedn = talloc_strdup(search_bases[i],
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* Set the search scope for this base DN */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina || strcasecmp(split_bases[c+1], "subtree") == 0) {
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* If unspecified, default to subtree */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina } else if (strcasecmp(split_bases[c+1], "one") == 0
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina || strcasecmp(split_bases[c+1], "onelevel") == 0) {
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina } else if (strcasecmp(split_bases[c+1], "base") == 0) {
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "Unknown search scope: [%s]\n", split_bases[c+1]);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* Get a specialized filter if provided */
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina /* Filters need to be enclosed in parentheses
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina * to be validated properly by ldb_parse_tree()
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina filter = talloc_strdup(tmp_ctx, split_bases[c+2]);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina search_bases[i]->filter = talloc_steal(search_bases[i],
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina "Search base added: [%s][%s][%s][%s]\n",
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina split_bases[c+1][0] ? split_bases[c+1] : "SUBTREE",
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina search_bases[i]->filter ? search_bases[i]->filter : "");