From 5363682fb2f4ed7fd0112ac46bb603424179acb7 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Mar 14 2012 17:53:34 +0000
Subject: LDAP: Add AD 2008r2 schema


https://fedorahosted.org/sssd/ticket/1031

---

diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 4fd4841..46ee837 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -164,10 +164,11 @@
                             attribute names retrieved from the servers may vary.
                             The way that some attributes are handled may also differ.
 
-                            Three schema types are currently supported:
+                            Four schema types are currently supported:
                             rfc2307
                             rfc2307bis
                             IPA
+                            AD
 
                             The main difference between these schema types is
                             how group memberships are recorded in the server.
@@ -175,6 +176,8 @@
                             <emphasis>memberUid</emphasis> attribute.
                             With rfc2307bis and IPA, group members are listed by DN
                             and stored in the <emphasis>member</emphasis> attribute.
+                            The AD schema type sets the attributes to correspond with
+                            Active Directory 2008r2 values.
                         </para>
                         <para>
                             Default: rfc2307
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 69d1bc2..22d3755 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -215,6 +215,53 @@ struct sdap_attr_map rfc2307bis_group_map[] = {
     { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL }
 };
 
+struct sdap_attr_map ad2008r2_user_map[] = {
+    { "ldap_user_object_class", "user", SYSDB_USER_CLASS, NULL },
+    { "ldap_user_name", "sAMAccountName", SYSDB_NAME, NULL },
+    { "ldap_user_pwd", "unixUserPassword", SYSDB_PWD, NULL },
+    { "ldap_user_uid_number", "uidNumber", SYSDB_UIDNUM, NULL },
+    { "ldap_user_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
+    { "ldap_user_gecos", "gecos", SYSDB_GECOS, NULL },
+    { "ldap_user_home_directory", "unixHomeDirectory", SYSDB_HOMEDIR, NULL },
+    { "ldap_user_shell", "loginShell", SYSDB_SHELL, NULL },
+    { "ldap_user_principal", "userPrincipalName", SYSDB_UPN, NULL },
+    { "ldap_user_fullname", "name", SYSDB_FULLNAME, NULL },
+    { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL },
+    { "ldap_user_uuid", "objectGUID", SYSDB_UUID, NULL },
+    { "ldap_user_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL },
+    { "ldap_user_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL },
+    { "ldap_user_shadow_last_change", NULL, SYSDB_SHADOWPW_LASTCHANGE, NULL },
+    { "ldap_user_shadow_min", NULL, SYSDB_SHADOWPW_MIN, NULL },
+    { "ldap_user_shadow_max", NULL, SYSDB_SHADOWPW_MAX, NULL },
+    { "ldap_user_shadow_warning", NULL, SYSDB_SHADOWPW_WARNING, NULL },
+    { "ldap_user_shadow_inactive", NULL, SYSDB_SHADOWPW_INACTIVE, NULL },
+    { "ldap_user_shadow_expire", NULL, SYSDB_SHADOWPW_EXPIRE, NULL },
+    { "ldap_user_shadow_flag", NULL, SYSDB_SHADOWPW_FLAG, NULL },
+    { "ldap_user_krb_last_pwd_change", NULL, SYSDB_KRBPW_LASTCHANGE, NULL },
+    { "ldap_user_krb_password_expiration", NULL, SYSDB_KRBPW_EXPIRATION, NULL },
+    { "ldap_pwd_attribute", NULL, SYSDB_PWD_ATTRIBUTE, NULL },
+    { "ldap_user_authorized_service", NULL, SYSDB_AUTHORIZED_SERVICE, NULL },
+    { "ldap_user_ad_account_expires", "accountExpires", SYSDB_AD_ACCOUNT_EXPIRES, NULL},
+    { "ldap_user_ad_user_account_control", "userAccountControl", SYSDB_AD_USER_ACCOUNT_CONTROL, NULL},
+    { "ldap_ns_account_lock", NULL, SYSDB_NS_ACCOUNT_LOCK, NULL},
+    { "ldap_user_authorized_host", NULL, SYSDB_AUTHORIZED_HOST, NULL },
+    { "ldap_user_nds_login_disabled", NULL, SYSDB_NDS_LOGIN_DISABLED, NULL },
+    { "ldap_user_nds_login_expiration_time", NULL, SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL },
+    { "ldap_user_nds_login_allowed_time_map", NULL, SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL },
+    { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL }
+};
+
+struct sdap_attr_map ad2008r2_group_map[] = {
+    { "ldap_group_object_class", "group", SYSDB_GROUP_CLASS, NULL },
+    { "ldap_group_name", "name", SYSDB_NAME, NULL },
+    { "ldap_group_pwd", NULL, SYSDB_PWD, NULL },
+    { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL },
+    { "ldap_group_member", "member", SYSDB_MEMBER, NULL },
+    { "ldap_group_uuid", "objectGUID", SYSDB_UUID, NULL },
+    { "ldap_group_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL },
+    { "ldap_group_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL }
+};
+
 struct sdap_attr_map netgroup_map[] = {
     { "ldap_netgroup_object_class", "nisNetgroup", SYSDB_NETGROUP_CLASS, NULL },
     { "ldap_netgroup_name", "cn", SYSDB_NAME, NULL },
@@ -466,8 +513,8 @@ int ldap_get_options(TALLOC_CTX *memctx,
     if (strcasecmp(schema, "AD") == 0) {
         opts->schema_type = SDAP_SCHEMA_AD;
         default_attr_map = gen_ad_attr_map;
-        default_user_map = rfc2307bis_user_map;
-        default_group_map = rfc2307bis_group_map;
+        default_user_map = ad2008r2_user_map;
+        default_group_map = ad2008r2_group_map;
         default_netgroup_map = netgroup_map;
         default_service_map = service_map;
     } else {