Add POSIX gidNumber for IPA groups in Global Catalog

Since groups in FreeIPA may be non-POSIX, only add gidNumber and the corresponding object class if the group is POSIX one. Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
abbra · Jun 13, 2023 · fd81beb · fd81beb
1 parent 3886123
commit fd81beb
Showing 1 changed file with 16 additions and 6 deletions.
diff --git a/ipaserver/globalcatalog/templates/gc_group_template.tmpl b/ipaserver/globalcatalog/templates/gc_group_template.tmpl
@@ -1,10 +1,16 @@
+{% set objectclasses = ['top', 'ad-top', 'group', 'securityprincipal', 'nsmemberof', 'gcobject'] -%}
+{% macro first_val(attr) -%}
+    {{ entry[attr][0] }}
+{%- endmacro %}
+{% macro add_element(attr, objectclass) -%}
+{%- if attr in entry -%}
+{{ attr }}: {{ entry[attr][0] }}
+{%- if objectclass not in objectclasses -%}
+{%- set objectclasses = objectclasses + [objectclass] -%}
+{%- endif %}
+{%- endif %}
+{%- endmacro %}
 dn: cn={{ pkey }},cn=users,{{ suffix }}
-objectClass: top
-objectClass: ad-top
-objectClass: group
-objectClass: securityprincipal
-objectClass: nsmemberof
-objectClass: gcobject
 cn: {{ pkey }}
 instanceType: 4
 name: {{ pkey }}
@@ -20,5 +26,9 @@ member: {{ member }}
 {%- for group in entry['memberof'] %}
 memberof: {{ group }}
 {%- endfor %}
+{{ add_element('gidnumber', 'posixgroup') }}
 groupType: {{ groupType }}
 gcuuid: {{ entryuuid }}
+{%- for objectclass in objectclasses %}
+objectclass: {{ objectclass }}
+{%- endfor -%}