From 408880a11879b1a57a450e25c77ef2e310bdffd5 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 18 Mar 2019 16:45:54 +0100 Subject: [PATCH 2/2] create-user: try to find NIS domain if needed Related to https://gitlab.freedesktop.org/realmd/adcli/issues/2 --- doc/adcli.xml | 4 +++- library/adentry.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ library/adentry.h | 2 ++ tools/entry.c | 16 ++++++++++++++++ 4 files changed, 65 insertions(+), 1 deletion(-) diff --git a/doc/adcli.xml b/doc/adcli.xml index 18620c0..af73433 100644 --- a/doc/adcli.xml +++ b/doc/adcli.xml @@ -537,7 +537,9 @@ $ adcli create-user Fry --domain=domain.example.com \ the new created user account, which should be the user's NIS domain is the NIS/YP service of Active Directory's Services for Unix (SFU) are used. This is needed to let the 'UNIX attributes' tab of older Active - Directoy versions show the set UNIX specific attributes. + Directoy versions show the set UNIX specific attributes. If not specified + adcli will try to determine the NIS domain automatically if needed. + diff --git a/library/adentry.c b/library/adentry.c index 9b9e1c6..1cc0518 100644 --- a/library/adentry.c +++ b/library/adentry.c @@ -484,3 +484,47 @@ adcli_entry_new_group (adcli_conn *conn, return_val_if_fail (sam_name != NULL, NULL); return entry_new (conn, "group", group_entry_builder, sam_name); } + +adcli_result +adcli_get_nis_domain (adcli_entry *entry, + adcli_attrs *attrs) +{ + LDAP *ldap; + const char *ldap_attrs[] = { "cn", NULL }; + LDAPMessage *results; + LDAPMessage *ldap_entry; + char *base; + const char *filter = "objectClass=msSFU30DomainInfo"; + char *cn; + int ret; + + ldap = adcli_conn_get_ldap_connection (entry->conn); + return_unexpected_if_fail (ldap != NULL); + + if (asprintf (&base, "CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,%s", + adcli_conn_get_default_naming_context (entry->conn)) < 0) { + return_unexpected_if_reached (); + } + + ret = ldap_search_ext_s (ldap, base, LDAP_SCOPE_SUB, filter, (char **)ldap_attrs, + 0, NULL, NULL, NULL, -1, &results); + + free (base); + + if (ret != LDAP_SUCCESS) { + /* No NIS domain available */ + ldap_msgfree (results); + return ADCLI_SUCCESS; + } + + ldap_entry = ldap_first_entry (ldap, results); + if (ldap_entry != NULL) { + cn = _adcli_ldap_parse_value (ldap, ldap_entry, "cn"); + return_unexpected_if_fail (cn != NULL); + + adcli_attrs_add (attrs, "msSFU30NisDomain", cn, NULL); + } + ldap_msgfree (results); + + return ADCLI_SUCCESS; +} diff --git a/library/adentry.h b/library/adentry.h index eb8bc00..ae90689 100644 --- a/library/adentry.h +++ b/library/adentry.h @@ -58,4 +58,6 @@ const char * adcli_entry_get_sam_name (adcli_entry *entry); const char * adcli_entry_get_dn (adcli_entry *entry); +adcli_result adcli_get_nis_domain (adcli_entry *entry, + adcli_attrs *attrs); #endif /* ADENTRY_H_ */ diff --git a/tools/entry.c b/tools/entry.c index 69ce62c..de56586 100644 --- a/tools/entry.c +++ b/tools/entry.c @@ -153,6 +153,8 @@ adcli_tool_user_create (adcli_conn *conn, adcli_attrs *attrs; const char *ou = NULL; int opt; + bool has_unix_attr = false; + bool has_nis_domain = false; struct option options[] = { { "display-name", required_argument, NULL, opt_display_name }, @@ -193,18 +195,23 @@ adcli_tool_user_create (adcli_conn *conn, break; case opt_unix_home: adcli_attrs_add (attrs, "unixHomeDirectory", optarg, NULL); + has_unix_attr = true; break; case opt_unix_uid: adcli_attrs_add (attrs, "uidNumber", optarg, NULL); + has_unix_attr = true; break; case opt_unix_gid: adcli_attrs_add (attrs, "gidNumber", optarg, NULL); + has_unix_attr = true; break; case opt_unix_shell: adcli_attrs_add (attrs, "loginShell", optarg, NULL); + has_unix_attr = true; break; case opt_nis_domain: adcli_attrs_add (attrs, "msSFU30NisDomain", optarg, NULL); + has_nis_domain = true; break; case opt_domain_ou: ou = optarg; @@ -242,6 +249,15 @@ adcli_tool_user_create (adcli_conn *conn, adcli_get_last_error ()); } + if (has_unix_attr && !has_nis_domain) { + res = adcli_get_nis_domain (entry, attrs); + if (res != ADCLI_SUCCESS) { + adcli_entry_unref (entry); + adcli_attrs_free (attrs); + errx (-res, "couldn't get NIS domain"); + } + } + res = adcli_entry_create (entry, attrs); if (res != ADCLI_SUCCESS) { errx (-res, "creating user %s in domain %s failed: %s", -- 2.20.1