Handle the case that sambaSID doesn't exist for OpenLDAP posix schema, and I

jaqx0r · jaqx0r · commit 5752e4e62089 · 2019-11-11T14:42:56.000Z
think we're supposed to set use_rid to tell the difference.
diff --git a/nss_cache/sources/ldapsource_test.py b/nss_cache/sources/ldapsource_test.py
@@ -250,7 +250,7 @@ def testGetPasswdMap(self):
         config = dict(self.config)
         attrlist = [
             'uid', 'uidNumber', 'gidNumber', 'gecos', 'cn', 'homeDirectory',
-            'sambaSID', 'fullName', 'loginShell', 'modifyTimestamp'
+            'fullName', 'loginShell', 'modifyTimestamp'
         ]
 
         mock_rlo = self.mox.CreateMock(ldap.ldapobject.ReconnectLDAPObject)
@@ -302,7 +302,7 @@ def testGetPasswdMapWithUidAttr(self):
         config['uidattr'] = 'name'
         attrlist = [
             'uid', 'uidNumber', 'gidNumber', 'gecos', 'cn', 'homeDirectory',
-            'fullName', 'name', 'sambaSID', 'loginShell', 'modifyTimestamp'
+            'fullName', 'name', 'loginShell', 'modifyTimestamp'
         ]
 
         mock_rlo = self.mox.CreateMock(ldap.ldapobject.ReconnectLDAPObject)
@@ -353,7 +353,7 @@ def testGetPasswdMapWithShellOverride(self):
         config['override_shell'] = '/bin/false'
         attrlist = [
             'uid', 'uidNumber', 'gidNumber', 'gecos', 'cn', 'homeDirectory',
-            'fullName', 'sambaSID', 'loginShell', 'modifyTimestamp'
+            'fullName', 'loginShell', 'modifyTimestamp'
         ]
 
         mock_rlo = self.mox.CreateMock(ldap.ldapobject.ReconnectLDAPObject)
@@ -551,9 +551,7 @@ def testGetGroupMap(self):
         })
 
         config = dict(self.config)
-        attrlist = [
-            'cn', 'uid', 'gidNumber', 'memberUid', 'sambaSID', 'modifyTimestamp'
-        ]
+        attrlist = ['cn', 'uid', 'gidNumber', 'memberUid', 'modifyTimestamp']
 
         mock_rlo = self.mox.CreateMock(ldap.ldapobject.ReconnectLDAPObject)
         mock_rlo.simple_bind_s(cred='TEST_BIND_PASSWORD', who='TEST_BIND_DN')
@@ -747,9 +745,7 @@ def testGetGroupMapBis(self):
 
         config = dict(self.config)
         config['rfc2307bis'] = 1
-        attrlist = [
-            'cn', 'uid', 'gidNumber', 'member', 'sambaSID', 'modifyTimestamp'
-        ]
+        attrlist = ['cn', 'uid', 'gidNumber', 'member', 'modifyTimestamp']
 
         mock_rlo = self.mox.CreateMock(ldap.ldapobject.ReconnectLDAPObject)
         mock_rlo.simple_bind_s(cred='TEST_BIND_PASSWORD', who='TEST_BIND_DN')
@@ -810,9 +806,7 @@ def testGetGroupNestedNotConfigured(self):
 
         config = dict(self.config)
         config['rfc2307bis'] = 1
-        attrlist = [
-            'cn', 'uid', 'gidNumber', 'member', 'sambaSID', 'modifyTimestamp'
-        ]
+        attrlist = ['cn', 'uid', 'gidNumber', 'member', 'modifyTimestamp']
 
         mock_rlo = self.mox.CreateMock(ldap.ldapobject.ReconnectLDAPObject)
         mock_rlo.simple_bind_s(cred='TEST_BIND_PASSWORD', who='TEST_BIND_DN')
@@ -875,6 +869,7 @@ def testGetGroupNested(self):
         config = dict(self.config)
         config['rfc2307bis'] = 1
         config["nested_groups"] = 1
+        config['use_rid'] = 1
         attrlist = [
             'cn', 'uid', 'gidNumber', 'member', 'sambaSID', 'modifyTimestamp'
         ]
@@ -950,6 +945,7 @@ def testGetGroupLoop(self):
         config = dict(self.config)
         config['rfc2307bis'] = 1
         config["nested_groups"] = 1
+        config['use_rid'] = 1
         attrlist = [
             'cn', 'uid', 'gidNumber', 'member', 'sambaSID', 'modifyTimestamp'
         ]
@@ -1010,6 +1006,7 @@ def testGetGroupMapBisAlt(self):
 
         config = dict(self.config)
         config['rfc2307bis_alt'] = 1
+        config['use_rid'] = 1
         attrlist = [
             'cn', 'gidNumber', 'uniqueMember', 'uid', 'sambaSID',
             'modifyTimestamp'
@@ -1366,7 +1363,7 @@ def testGetAutomountMasterMap(self):
     def testVerify(self):
         attrlist = [
             'uid', 'uidNumber', 'gidNumber', 'gecos', 'cn', 'homeDirectory',
-            'fullName', 'sambaSID', 'loginShell', 'modifyTimestamp'
+            'fullName', 'loginShell', 'modifyTimestamp'
         ]
         filterstr = '(&TEST_FILTER(modifyTimestamp>=19700101000001Z))'
 
@@ -1391,6 +1388,36 @@ def testVerify(self):
         source = ldapsource.LdapSource(self.config)
         self.assertEqual(0, source.Verify(0))
 
+    def testVerifyRID(self):
+        attrlist = [
+            'uid', 'uidNumber', 'gidNumber', 'gecos', 'cn', 'homeDirectory',
+            'fullName', 'loginShell', 'modifyTimestamp', 'sambaSID'
+        ]
+        filterstr = '(&TEST_FILTER(modifyTimestamp>=19700101000001Z))'
+
+        mock_rlo = self.mox.CreateMock(ldap.ldapobject.ReconnectLDAPObject)
+        mock_rlo.simple_bind_s(cred='TEST_BIND_PASSWORD', who='TEST_BIND_DN')
+        mock_rlo.search_ext(base='TEST_BASE',
+                            filterstr=filterstr,
+                            scope=ldap.SCOPE_ONELEVEL,
+                            attrlist=mox.SameElementsAs(attrlist),
+                            serverctrls=mox.Func(
+                                self.compareSPRC())).AndReturn('TEST_RES')
+
+        mock_rlo.result3('TEST_RES', all=0, timeout='TEST_TIMELIMIT').AndReturn(
+            (ldap.RES_SEARCH_RESULT, None, None, []))
+        self.mox.StubOutWithMock(ldap, 'ldapobject')
+        ldap.ldapobject.ReconnectLDAPObject(
+            uri='TEST_URI',
+            retry_max=TEST_RETRY_MAX,
+            retry_delay=TEST_RETRY_DELAY).AndReturn(mock_rlo)
+
+        config = dict(self.config)
+        config['use_rid'] = 1
+        self.mox.ReplayAll()
+        source = ldapsource.LdapSource(config)
+        self.assertEqual(0, source.Verify(0))
+
 
 class TestUpdateGetter(unittest.TestCase):
 
diff --git a/nsscache.conf b/nsscache.conf
@@ -89,6 +89,7 @@ ldap_filter = (objectclass=posixAccount)
 # If connecting to openldap, uidNumber and gidNumber
 # will be used for mapping. If enabled (set to 1),
 # the relative identifier (RID) will be used instead.
+# Consider using this for Samba4 AD.
 #ldap_use_rid = 0
 
 # Default Offset option to map uidNumber and gidNumber to higher number.
diff --git a/nsscache.conf.5 b/nsscache.conf.5
@@ -159,7 +159,7 @@ is the default).  See \fBldap.conf\fP(5) for more information.
 
 .TP
 .B ldap_tls_cacertdir
-Directory for trusted CA certificates.  By default, the system's
+Directory for trusted CA certificates.  By default, the system\'s
 default CA certificate directory will be used.
 
 .TP
@@ -188,7 +188,8 @@ The uid-like attribute in your directory. Defaults to uid.
 .TP
 .B ldap_use_rid
 If enabled (set to 1) the relative identifier (RID) wll be used for mapping. 
-By default uidNumber and gidNumber will be mapped when connectin to OpenLdap.
+By default \fBuidNumber\fP and \fBgidNumber\fP will be mapped when connecting to OpenLDAP with a POSIX-like schema.
+When using Samba4 AD, these attributes won\'t exist.
 Leave disabled for default.
 It has no effect if the option \fBldap_ad\fP is enabled.
 
