Use sssd for LDAP based automount maps

yast · Oct 23, 2013 · c02695b · c02695b
1 parent 6e78b05
commit c02695b
Show file tree

Hide file tree

Showing 14 changed files with 81 additions and 11 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-3.1.0
+3.1.1
diff --git a/package/yast2-ldap-client.changes b/package/yast2-ldap-client.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Oct 23 09:39:33 UTC 2013 - ckornacker@suse.de
+
+- Use sssd for LDAP based automount maps (fate#313275)
+- 3.1.1
+
 -------------------------------------------------------------------
 Thu Sep 19 07:02:15 UTC 2013 - lslezak@suse.cz
 

diff --git a/src/include/ldap/ui.rb b/src/include/ldap/ui.rb
@@ -929,7 +929,7 @@ def AdvancedConfigurationDialog
         :searching =>
           # help text 1/1
           _(
-            "<p>Specify the search bases to use for specific maps (users or groups) if they are different from the base DN. These values are\nset to the ldap_user_search_base and ldap_group_search_base attributes in /etc/sssd/sssd.conf file.</p>\n"
+            "<p>Specify the search bases to use for specific maps (users or groups) if they are different from the base DN. These values are\nset to the ldap_user_search_base, ldap_group_search_base and ldap_autofs_search_base attributes in /etc/sssd/sssd.conf file.</p>\n"
           )
       }
 
@@ -948,6 +948,7 @@ def AdvancedConfigurationDialog
       sssd_cache_credentials = Ldap.sssd_cache_credentials
       nss_base_passwd = Ldap.nss_base_passwd
       nss_base_group = Ldap.nss_base_group
+      nss_base_automount = Ldap.nss_base_automount
 
       member_attributes = [
         Item(Id("member"), "member", member_attribute == "member"),
@@ -995,7 +996,8 @@ def AdvancedConfigurationDialog
       br2entry = {
         :br        => :base_config_dn,
         :br_passwd => :nss_base_passwd,
-        :br_group  => :nss_base_group
+        :br_group  => :nss_base_group,
+        :br_autofs => :nss_base_automount
       }
 
       tabs = [
@@ -1061,6 +1063,20 @@ def AdvancedConfigurationDialog
                   PushButton(Id(:br_group), _("Bro&wse"))
                 )
               ),
+              HBox(
+                InputField(
+                  Id(:nss_base_automount),
+                  Opt(:hstretch),
+                  # textentry label
+                  _("&Autofs Map"),
+                  nss_base_automount
+                ),
+                VBox(
+                  Label(""),
+                  # button label
+                  PushButton(Id(:br_autofs), _("Bro&wse"))
+                )
+              ),
               VSpacing(0.4)
             ),
             HSpacing(4)
@@ -1280,6 +1296,9 @@ def AdvancedConfigurationDialog
           nss_base_group = Convert.to_string(
             UI.QueryWidget(Id(:nss_base_group), :Value)
           )
+          nss_base_automount = Convert.to_string(
+            UI.QueryWidget(Id(:nss_base_automount), :Value)
+          )
         end
         if current == :admin
           bind_dn = Convert.to_string(UI.QueryWidget(Id(:bind_dn), :Value))
@@ -1362,6 +1381,7 @@ def AdvancedConfigurationDialog
               Ldap.pam_password != pam_password ||
               Ldap.nss_base_passwd != nss_base_passwd ||
               Ldap.nss_base_group != nss_base_group ||
+              Ldap.nss_base_automount != nss_base_automount ||
               Ldap.krb5_realm != krb5_realm ||
               Ldap.krb5_kdcip != krb5_kdcip ||
               Ldap.sssd_cache_credentials != sssd_cache_credentials ||
@@ -1374,6 +1394,7 @@ def AdvancedConfigurationDialog
             Ldap.pam_password = pam_password
             Ldap.nss_base_passwd = nss_base_passwd
             Ldap.nss_base_group = nss_base_group
+            Ldap.nss_base_automount = nss_base_automount
             Ldap.krb5_realm = krb5_realm
             Ldap.krb5_kdcip = krb5_kdcip
             Ldap.sssd_with_krb = sssd_with_krb

diff --git a/src/modules/Ldap.rb b/src/modules/Ldap.rb
@@ -131,9 +131,11 @@ def main
       @nss_base_passwd = ""
       @nss_base_shadow = ""
       @nss_base_group = ""
+      @nss_base_automount = ""
       # settings from LDAP configuration objects
       @user_base = ""
       @group_base = ""
+      @autofs_base = ""
 
       # stored values of /etc/nsswitch.conf
       @nsswitch = {
@@ -416,6 +418,7 @@ def Set(settings)
       @nss_base_passwd = Ops.get_string(settings, "nss_base_passwd", "")
       @nss_base_shadow = Ops.get_string(settings, "nss_base_passwd", "")
       @nss_base_group = Ops.get_string(settings, "nss_base_group", "")
+      @nss_base_automount = Ops.get_string(settings, "nss_base_automount", "")
       @member_attribute = Ops.get_string(settings, "member_attribute", "member")
       @create_ldap = Ops.get_boolean(settings, "create_ldap", false)
       @login_enabled = Ops.get_boolean(settings, "login_enabled", true)
@@ -505,6 +508,9 @@ def Export
       if @nss_base_group != @base_dn
         Ops.set(e, "nss_base_group", @nss_base_group)
       end
+      if @nss_base_automount != @base_dn
+        Ops.set(e, "nss_base_automount", @nss_base_automount)
+      end
       Ops.set(e, "start_autofs", @_start_autofs) if @_autofs_allowed
       Ops.set(e, "krb5_realm", @krb5_realm) if @krb5_realm != ""
       Ops.set(e, "krb5_kdcip", @krb5_kdcip) if @krb5_kdcip != ""
@@ -891,6 +897,7 @@ def Read
       @nss_base_passwd = ReadLdapConfEntry("nss_base_passwd", @base_dn)
       @nss_base_shadow = ReadLdapConfEntry("nss_base_shadow", @base_dn)
       @nss_base_group = ReadLdapConfEntry("nss_base_group", @base_dn)
+      @nss_base_automount = ReadLdapConfEntry("nss_base_automount", @base_dn)
 
       @pam_password = ReadLdapConfEntry("pam_password", "exop")
       # check if Password Modify extenstion is supported (bnc#546398, c#6)
@@ -1014,6 +1021,10 @@ def Read
           SCR.Read(Builtins.add(domain, "ldap_group_search_base"))
         )
         @nss_base_group = group_base if group_base != nil
+        autofs_base = Convert.to_string(
+          SCR.Read(Builtins.add(domain, "ldap_autofs_search_base"))
+        )
+        @nss_base_automount = autofs_base if autofs_base != nil
       end
       @sssd_with_krb = true if @krb5_realm != "" && @krb5_kdcip != ""
 
@@ -2315,9 +2326,16 @@ def WriteSSSDConfig
 
       SCR.Write(path(".etc.sssd_conf.v.sssd.domains"), "default")
 
+      # Create autofs section if autofs is enabled
+      if @_start_autofs
+        SCR.Write(
+          Builtins.add(path(".etc.sssd_conf.section_comment"), "autofs"),
+          "\n# Section created by YaST\n"
+        )
+      end
 
-      # "The "services" setting should have the value "nss, pam"
-      SCR.Write(path(".etc.sssd_conf.v.sssd.services"), "nss,pam")
+      # "The "services" setting should have the value "nss, pam" and "autofs" if autofs is enabled
+      SCR.Write(path(".etc.sssd_conf.v.sssd.services"), @_start_autofs ? "nss,pam,autofs" : "nss,pam")
 
       # " Make sure that "filter_groups" and "filter_users" in the "[nss]" section contains "root".
       f_g = Convert.to_string(
@@ -2393,6 +2411,10 @@ def WriteSSSDConfig
         Builtins.add(domain, "ldap_group_search_base"),
         @nss_base_group != @base_dn && @nss_base_group != "" ? @nss_base_group : nil
       )
+      SCR.Write(
+        Builtins.add(domain, "ldap_autofs_search_base"),
+        @nss_base_automount != @base_dn && @nss_base_automount != "" ? @nss_base_automount : nil
+      )
 
       if !Builtins.contains(sections, "domain/default")
         SCR.Write(
@@ -2414,7 +2436,7 @@ def WriteSSSDConfig
       end
 
       if !SCR.Write(path(".etc.sssd_conf"), nil)
-        Builtins.y2error("error writing ldap.conf file")
+        Builtins.y2error("error writing sssd.conf file")
       end
       true
     end
@@ -2931,7 +2953,7 @@ def Write(abort)
         )
         WriteNscdCache(@start && @sssd)
       end
-      if @start # ldap used for authentocation
+      if @start # ldap used for authentication
         # ---------- correct pam_password value for Novell eDirectory
         if @pam_password != "nds" && @expert_ui
           CheckNDS() if !@nds_checked && !Mode.autoinst
@@ -3110,7 +3132,7 @@ def Write(abort)
       end
 
       if @_autofs_allowed
-        if Nsswitch.WriteAutofs(@start && @_start_autofs, "ldap")
+        if Nsswitch.WriteAutofs(@start && @_start_autofs, @sssd ? "sss" : "ldap")
           if @_start_autofs
             Service.Adjust("autofs", "enable")
           else
@@ -3261,6 +3283,7 @@ def WriteNow
         @nss_base_passwd = @base_dn
         @nss_base_shadow = @base_dn
         @nss_base_group = @base_dn
+        @nss_base_automount = @base_dn
       end
 
       Write(abort) == :next
@@ -3372,8 +3395,10 @@ def RestartSSHD(restart)
     publish :variable => :nss_base_passwd, :type => "string"
     publish :variable => :nss_base_shadow, :type => "string"
     publish :variable => :nss_base_group, :type => "string"
+    publish :variable => :nss_base_automount, :type => "string"
     publish :variable => :user_base, :type => "string"
     publish :variable => :group_base, :type => "string"
+    publish :variable => :autofs_base, :type => "string"
     publish :variable => :nsswitch, :type => "map", :private => true
     publish :variable => :anonymous, :type => "boolean"
     publish :variable => :bind_pass, :type => "string"

diff --git a/testsuite/tests/Export.out b/testsuite/tests/Export.out
@@ -9,6 +9,7 @@ Read	.etc.ldap_conf.v."/etc/ldap.conf"."tls_checkpeer" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_passwd" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_shadow" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_group" "ou=group,dc=suse,dc=cz"
+Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_automount" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."pam_password" "crypt"
 Read	.sysconfig.ldap.BASE_CONFIG_DN nil
 Read	.sysconfig.ldap.FILE_SERVER "no"

diff --git a/testsuite/tests/Export.rb b/testsuite/tests/Export.rb
@@ -26,6 +26,7 @@ def main
                 "nss_base_passwd" => nil,
                 "nss_base_shadow" => nil,
                 "nss_base_group"  => "ou=group,dc=suse,dc=cz",
+                "nss_base_automount" => nil,
                 "ldap_version"    => nil,
                 "ssl"             => nil,
                 "pam_password"    => "crypt",

diff --git a/testsuite/tests/Export2.out b/testsuite/tests/Export2.out
@@ -8,6 +8,7 @@ Read	.etc.ldap_conf.v."/etc/ldap.conf"."tls_checkpeer" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_passwd" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_shadow" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_group" "ou=group,dc=suse,dc=cz"
+Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_automount" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."pam_password" "crypt"
 Read	.sysconfig.ldap.BASE_CONFIG_DN nil
 Read	.sysconfig.ldap.FILE_SERVER "no"
@@ -25,5 +26,6 @@ Read	.etc.sssd_conf.v."domain/default"."enumerate" "true"
 Read	.etc.sssd_conf.v."domain/default"."ldap_id_use_start_tls" nil
 Read	.etc.sssd_conf.v."domain/default"."ldap_user_search_base" "ou=users,dc=suse,dc=cz"
 Read	.etc.sssd_conf.v."domain/default"."ldap_group_search_base" nil
+Read	.etc.sssd_conf.v."domain/default"."ldap_autofs_search_base" nil
 Return	true
 Return	$["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_kdcip":"kdc.suse.cz", "krb5_realm":"SUSE.CZ", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":true, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "nss_base_passwd":"ou=users,dc=suse,dc=cz", "pam_password":"crypt", "sssd":true, "sssd_cache_credentials":true, "sssd_enumerate":true, "sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
diff --git a/testsuite/tests/Export2.rb b/testsuite/tests/Export2.rb
@@ -26,6 +26,7 @@ def main
                 "nss_base_passwd" => nil,
                 "nss_base_shadow" => nil,
                 "nss_base_group"  => "ou=group,dc=suse,dc=cz",
+                "nss_base_automount"  => nil,
                 "ldap_version"    => nil,
                 "ssl"             => nil,
                 "pam_password"    => "crypt",
@@ -58,7 +59,8 @@ def main
                 "ldap_id_use_start_tls"  => nil,
                 # will lead to ldap_tls true
                 "ldap_user_search_base"  => "ou=users,dc=suse,dc=cz",
-                "ldap_group_search_base" => nil
+                "ldap_group_search_base" => nil,
+                "ldap_autofs_search_base" => nil
               }
             }
           }

diff --git a/testsuite/tests/Export3.out b/testsuite/tests/Export3.out
@@ -8,6 +8,7 @@ Read	.etc.ldap_conf.v."/etc/ldap.conf"."tls_checkpeer" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_passwd" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_shadow" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_group" "ou=group,dc=suse,dc=cz"
+Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_automount" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."pam_password" "crypt"
 Read	.sysconfig.ldap.BASE_CONFIG_DN nil
 Read	.sysconfig.ldap.FILE_SERVER "no"
@@ -25,5 +26,6 @@ Read	.etc.sssd_conf.v."domain/default"."enumerate" "true"
 Read	.etc.sssd_conf.v."domain/default"."ldap_id_use_start_tls" "False"
 Read	.etc.sssd_conf.v."domain/default"."ldap_user_search_base" nil
 Read	.etc.sssd_conf.v."domain/default"."ldap_group_search_base" "ou=group,dc=suse,dc=cz"
+Read	.etc.sssd_conf.v."domain/default"."ldap_autofs_search_base" nil
 Return	true
 Return	$["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_kdcip":"kdc.suse.cz,kdc.suse.de", "krb5_realm":"SUSE.CZ", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":true, "sssd_cache_credentials":true, "sssd_enumerate":true, "sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
diff --git a/testsuite/tests/Export3.rb b/testsuite/tests/Export3.rb
@@ -26,6 +26,7 @@ def main
                 "nss_base_passwd" => nil,
                 "nss_base_shadow" => nil,
                 "nss_base_group"  => "ou=group,dc=suse,dc=cz",
+                "nss_base_automount" => nil,
                 "ldap_version"    => nil,
                 "ssl"             => nil,
                 "pam_password"    => "crypt",
@@ -58,7 +59,8 @@ def main
                 "enumerate"              => "true",
                 "ldap_id_use_start_tls"  => "False",
                 "ldap_user_search_base"  => nil,
-                "ldap_group_search_base" => "ou=group,dc=suse,dc=cz"
+                "ldap_group_search_base" => "ou=group,dc=suse,dc=cz",
+                "ldap_autofs_search_base" => nil
               }
             }
           }

diff --git a/testsuite/tests/Read.out b/testsuite/tests/Read.out
@@ -8,6 +8,7 @@ Read	.etc.ldap_conf.v."/etc/ldap.conf"."tls_checkpeer" "no"
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_passwd" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_shadow" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_group" nil
+Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_automount" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."pam_password" "crypt"
 Read	.sysconfig.ldap.BASE_CONFIG_DN nil
 Read	.sysconfig.ldap.FILE_SERVER "no"

diff --git a/testsuite/tests/Read.rb b/testsuite/tests/Read.rb
@@ -26,6 +26,7 @@ def main
                 "nss_base_passwd" => nil,
                 "nss_base_shadow" => nil,
                 "nss_base_group"  => nil,
+                "nss_base_automount"  => nil,
                 "ldap_version"    => nil,
                 "ssl"             => nil,
                 "pam_password"    => "crypt",

diff --git a/testsuite/tests/Read2.out b/testsuite/tests/Read2.out
@@ -7,6 +7,7 @@ Read	.etc.ldap_conf.v."/etc/ldap.conf"."tls_checkpeer" "no"
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_passwd" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_shadow" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_group" nil
+Read	.etc.ldap_conf.v."/etc/ldap.conf"."nss_base_automount" nil
 Read	.etc.ldap_conf.v."/etc/ldap.conf"."pam_password" "crypt"
 Read	.sysconfig.ldap.BASE_CONFIG_DN nil
 Read	.sysconfig.ldap.FILE_SERVER "no"
@@ -22,8 +23,10 @@ Read	.etc.sssd_conf.v."domain/default"."enumerate" nil
 Read	.etc.sssd_conf.v."domain/default"."ldap_id_use_start_tls" nil
 Read	.etc.sssd_conf.v."domain/default"."ldap_user_search_base" nil
 Read	.etc.sssd_conf.v."domain/default"."ldap_group_search_base" "ou=group,dc=suse,dc=cz"
+Read	.etc.sssd_conf.v."domain/default"."ldap_autofs_search_base" nil
 Return	true
 Dump	ldap: -true-
 Dump	sssd: -true-
 Dump	nss: -dc=suse,dc=cz-
 Dump	nss: -ou=group,dc=suse,dc=cz-
+Dump	nss: -dc=suse,dc=cz-
diff --git a/testsuite/tests/Read2.rb b/testsuite/tests/Read2.rb
@@ -28,6 +28,7 @@ def main
                 "nss_base_passwd" => nil,
                 "nss_base_shadow" => nil,
                 "nss_base_group"  => nil,
+                "nss_base_automount" => nil,
                 "ldap_version"    => nil,
                 "ssl"             => nil,
                 "pam_password"    => "crypt",
@@ -59,7 +60,8 @@ def main
                 "enumerate"              => nil,
                 "ldap_id_use_start_tls"  => nil,
                 "ldap_user_search_base"  => nil,
-                "ldap_group_search_base" => "ou=group,dc=suse,dc=cz"
+                "ldap_group_search_base" => "ou=group,dc=suse,dc=cz",
+                "ldap_autofs_search_base" => nil
               }
             }
           }
@@ -94,6 +96,7 @@ def main
 
       Testsuite.Dump(Builtins.sformat("nss: -%1-", Ldap.nss_base_passwd))
       Testsuite.Dump(Builtins.sformat("nss: -%1-", Ldap.nss_base_group))
+      Testsuite.Dump(Builtins.sformat("nss: -%1-", Ldap.nss_base_automount))
 
       nil
     end