Since we remove the use of CoS for (in)active users, the ipa_winsync
plugin was broken when configured to synchronize (in)active user status
(the default).
Simo.
--
Simo Sorce * Red Hat, Inc * New York
>From 6d43c9d3b66ae95a4cd8ecf35d785ca4d239ef29 Mon Sep 17 00:00:00 2001
From: Simo Sorce
Date: Fri, 25 Feb 2011 16:56:15 -0500
Subject: [PATCH 5/8] Make activated/inactivated groups optional
directly change nsAccountLock on the entry if they are not used
Fixes: https://fedorahosted.org/freeipa/ticket/1021
---
.../ipa-winsync/ipa-winsync-conf.ldif |2 -
.../ipa-winsync/ipa-winsync-config.c | 68 +++-
.../ipa-slapi-plugins/ipa-winsync/ipa-winsync.c|4 +-
3 files changed, 40 insertions(+), 34 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
index 42026221d19133bba733114c388227635469ac90..b646c2b10db1eabda747d587a0d176b6afae63e7 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
@@ -23,8 +23,6 @@ ipaWinsyncLoginShellAttr: ipaDefaultLoginShell
ipaWinSyncDefaultGroupAttr: ipaDefaultPrimaryGroup
ipaWinSyncDefaultGroupFilter: (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
ipaWinSyncAcctDisable: both
-ipaWinSyncInactivatedFilter: (&(cn=inactivated)(objectclass=groupOfNames))
-ipaWinSyncActivatedFilter: (&(cn=activated)(objectclass=groupOfNames))
ipaWinSyncForceSync: true
ipaWinSyncUserAttr: uidNumber 999
ipaWinSyncUserAttr: gidNumber 999
diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c
index b089d3d1486e7d5420b204a8de3eb2118cf05af9..450375ddc0289a9df84361f3205e882a6dbd1a97 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c
@@ -339,19 +339,17 @@ ipa_winsync_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_E
&testattr) ||
(NULL == testattr)) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-"Error: no value given for %s - "
-"required for account disable sync",
+"No value given for %s - required for account "
+"disable sync, ignoring",
IPA_WINSYNC_INACTIVATED_FILTER);
-goto done2;
}
if (slapi_entry_attr_find(e, IPA_WINSYNC_ACTIVATED_FILTER,
&testattr) ||
(NULL == testattr)) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-"Error: no value given for %s - "
-"required for account disable sync",
+"No value given for %s - required for account "
+"disable sync, ignoring",
IPA_WINSYNC_ACTIVATED_FILTER);
-goto done2;
}
}
@@ -507,17 +505,17 @@ ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
if (!(inactivated_filter = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_INACTIVATED_FILTER))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-"Error: no value given for %s - required for account disable sync",
+"No value given for %s - required for account "
+"disable sync, ignoring",
IPA_WINSYNC_INACTIVATED_FILTER);
-goto done3;
}
/* get activated group filter */
if (!(activated_filter = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_ACTIVATED_FILTER))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-"Error: no value given for %s - required for account disable sync",
+"No value given for %s - required for account "
+"disable sync, ignoring",
IPA_WINSYNC_ACTIVATED_FILTER);
-goto done3;
}
}
@@ -808,8 +806,12 @@ ipa_winsync_config_refresh_domain(
default_group_filter = slapi_ch_strdup(theConfig.default_group_filter);
acct_disable = theConfig.acct_disable;
if (acct_disable != ACCT_DISABLE_NONE) {
-inactivated_filter = slapi_ch_strdup(theConfig.inactivated_filter);
-activated_filter = slapi_ch_strdup(theConfig.activated_filter);
+if (theConfig.inactivated_filter) {
+inactivated_filter = slapi_ch_strdup(theConfig.inactivated_filter);
+}
+if (theConfig.activated_filter) {
+activated_filter = slapi_ch_strdup(theConfig.activated_filter);
+}
}
slapi_unlock_mutex(theConfig.lock);
@@ -930,25 +932,29 @@ ipa_winsync_con
