abbra / slapi-nis

Forked from slapi-nis 6 years ago
Clone

e6f9e2c back-sch-nss: for users with aliases, return alias as uid

Authored and Committed by abbra 7 years ago
    back-sch-nss: for users with aliases, return alias as uid
    
    When SSSD resolves AD users on behalf of slapi-nis, it can accept
    any user identifier, including user principal name (UPN) which
    may be different than the canonical user name which SSSD returns.
    
    As result, the entry created by slapi-nis will be using canonical user
    name but the filter for search will refer to the original (aliased)
    name. The search will not match the newly created entry.
    
    Fix this issue by returning two values for 'uid' attribute: the
    canonical one and the aliased one. This way search will match.
    
    Verified that SSSD with id_provider=ldap happily consumes such entries.
    By LDAP schema, 'uid' attribute can have multiple values.
    
    Fixes https://fedorahosted.org/slapi-nis/ticket/12
    
        
file modified
+14 -0