diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-09-26 19:37:06 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-22 15:16:04 +0200 |
commit | 0cbd01a928aac58bf564277a0a5458f40a1ad96e (patch) | |
tree | 821148320d4b0ce07117581d3e1c271785c509c6 | |
parent | 66558156128105c1b1f246276c26b6111b0f514a (diff) | |
download | sssd-0cbd01a928aac58bf564277a0a5458f40a1ad96e.tar.gz sssd-0cbd01a928aac58bf564277a0a5458f40a1ad96e.tar.xz sssd-0cbd01a928aac58bf564277a0a5458f40a1ad96e.zip |
IPA: Do not enable IPA sites in server mode
When running in IPA server mode, the IPA sites should be ignored and the
SSSD should only connect to the local server.
-rw-r--r-- | src/providers/ipa/ipa_init.c | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index b1440da16..54293698b 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -242,24 +242,14 @@ int sssm_ipa_id_init(struct be_ctx *bectx, hostname = dp_opt_get_string(ipa_options->basic, IPA_HOSTNAME); server_mode = dp_opt_get_bool(ipa_options->basic, IPA_SERVER_MODE); - if (dp_opt_get_bool(ipa_options->basic, IPA_ENABLE_DNS_SITES)) { - /* use IPA plugin */ - ipa_domain = dp_opt_get_string(ipa_options->basic, IPA_DOMAIN); - srv_ctx = ipa_srv_plugin_ctx_init(bectx, bectx->be_res->resolv, - hostname, ipa_domain); - if (srv_ctx == NULL) { - DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory?\n")); - ret = ENOMEM; - goto done; - } - - be_fo_set_srv_lookup_plugin(bectx, ipa_srv_plugin_send, - ipa_srv_plugin_recv, srv_ctx, "IPA"); - } else if (server_mode == true) { + if (server_mode == true) { ipa_servers = dp_opt_get_string(ipa_options->basic, IPA_SERVER); - if (srv_in_server_list(ipa_servers) == true) { - DEBUG(SSSDBG_MINOR_FAILURE, ("SRV resolution enabled on the IPA server. " - "Site discovery of trusted AD servers might not work\n")); + if (srv_in_server_list(ipa_servers) == true + || dp_opt_get_bool(ipa_options->basic, + IPA_ENABLE_DNS_SITES) == true) { + DEBUG(SSSDBG_MINOR_FAILURE, ("SRV resolution or IPA sites enabled " + "on the IPA server. Site discovery of trusted AD servers " + "might not work\n")); /* If SRV discovery is enabled on the server and * dns_discovery_domain is set explicitly, then @@ -304,6 +294,19 @@ int sssm_ipa_id_init(struct be_ctx *bectx, "will be ignored in ipa_server_mode\n")); } } + } else if (dp_opt_get_bool(ipa_options->basic, IPA_ENABLE_DNS_SITES)) { + /* use IPA plugin */ + ipa_domain = dp_opt_get_string(ipa_options->basic, IPA_DOMAIN); + srv_ctx = ipa_srv_plugin_ctx_init(bectx, bectx->be_res->resolv, + hostname, ipa_domain); + if (srv_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory?\n")); + ret = ENOMEM; + goto done; + } + + be_fo_set_srv_lookup_plugin(bectx, ipa_srv_plugin_send, + ipa_srv_plugin_recv, srv_ctx, "IPA"); } else { /* fall back to standard plugin on clients. */ ret = be_fo_set_dns_srv_lookup_plugin(bectx, hostname); |