diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-04-29 19:41:14 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-06-08 13:27:06 +0200 |
commit | ee8b34f7a5c885b228678bf205dbc0c84be1afe2 (patch) | |
tree | 26afa0d7b657b464d0320461021667aba8adee66 | |
parent | 798cc692b5452b1711fb25f801ee9b3541a57a3c (diff) | |
download | sssd-ee8b34f7a5c885b228678bf205dbc0c84be1afe2.tar.gz sssd-ee8b34f7a5c885b228678bf205dbc0c84be1afe2.tar.xz sssd-ee8b34f7a5c885b228678bf205dbc0c84be1afe2.zip |
confdb: Add new option subdomain_inherit
Adds a new option subdomain_inherit that would allow administrators to pick
and choose which option to pass to subdomains.
This option is required for:
https://fedorahosted.org/sssd/ticket/2644
as a short-term fix.
The proper solution is described in:
https://fedorahosted.org/sssd/ticket/2599
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 1711cbfd2e36d44af1ae50e3a2beeec3a1f0b5e8)
(cherry picked from commit da2d33f81746a9bf8abd97becaf17005e4f89d2c)
-rw-r--r-- | src/confdb/confdb.c | 13 | ||||
-rw-r--r-- | src/confdb/confdb.h | 2 | ||||
-rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 1 | ||||
-rwxr-xr-x | src/config/SSSDConfigTest.py | 6 | ||||
-rw-r--r-- | src/config/etc/sssd.api.conf | 1 | ||||
-rw-r--r-- | src/man/sssd.conf.5.xml | 20 |
6 files changed, 40 insertions, 3 deletions
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index dd93410cf..9ce7b1311 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1216,6 +1216,19 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } } + tmp = ldb_msg_find_attr_as_string(res->msgs[0], + CONFDB_DOMAIN_SUBDOMAIN_INHERIT, + NULL); + if (tmp != NULL) { + ret = split_on_separator(domain, tmp, ',', true, true, + &domain->sd_inherit, NULL); + if (ret != 0) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Cannot parse %s\n", CONFDB_SUBDOMAIN_ENUMERATE); + goto done; + } + } + ret = get_entry_as_uint32(res->msgs[0], &domain->subdomain_refresh_interval, CONFDB_DOMAIN_SUBDOMAIN_REFRESH, 14400); if (ret != EOK || domain->subdomain_refresh_interval == 0) { diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 19c564020..e97c46b34 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -184,6 +184,7 @@ #define CONFDB_DOMAIN_PWD_EXPIRATION_WARNING "pwd_expiration_warning" #define CONFDB_DOMAIN_REFRESH_EXPIRED_INTERVAL "refresh_expired_interval" #define CONFDB_DOMAIN_OFFLINE_TIMEOUT "offline_timeout" +#define CONFDB_DOMAIN_SUBDOMAIN_INHERIT "subdomain_inherit" /* Local Provider */ #define CONFDB_LOCAL_DEFAULT_SHELL "default_shell" @@ -264,6 +265,7 @@ struct sss_domain_info { struct sss_domain_info *next; bool disabled; + char **sd_inherit; }; /** diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index dbbffebf3..51354eb52 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -148,6 +148,7 @@ option_strings = { 'dyndns_auth' : _("What kind of authentication should be used to perform the DNS update"), 'subdomain_enumerate' : _('Control enumeration of trusted domains'), 'subdomain_refresh_interval' : _('How often should subdomains list be refreshed'), + 'subdomain_inherit' : _('List of options that should be inherited into a subdomain'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 3a5312ea9..f94b79b25 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -538,7 +538,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'hostid_provider', 'subdomains_provider', 'realmd_tags', - 'subdomain_refresh_interval'] + 'subdomain_refresh_interval', + 'subdomain_inherit'] self.assertTrue(type(options) == dict, "Options should be a dictionary") @@ -897,7 +898,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'hostid_provider', 'subdomains_provider', 'realmd_tags', - 'subdomain_refresh_interval'] + 'subdomain_refresh_interval', + 'subdomain_inherit'] self.assertTrue(type(options) == dict, "Options should be a dictionary") diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 4fa542704..59d755c26 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -131,6 +131,7 @@ default_shell = str, None, false description = str, None, false realmd_tags = str, None, false subdomain_refresh_interval = int, None, false +subdomain_inherit = str, None, false #Entry cache timeouts entry_cache_user_timeout = int, None, false diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 5325e422c..4786b02cc 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -476,7 +476,25 @@ </para> </listitem> </varlistentry> - + <varlistentry> + <term>subdomain_inherit (string)</term> + <listitem> + <para> + Specifies a list of configuration parameters that + should be inherited by a subdomain. Please note + that only selected parameters can be inherited. + </para> + <para> + Example: + <programlisting> +subdomain_inherit = ldap_purge_cache_timeout + </programlisting> + </para> + <para> + Default: none + </para> + </listitem> + </varlistentry> </variablelist> </refsect2> |