diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-17 09:32:07 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-28 22:22:20 +0200 |
| commit | 0249e8d37920f59fd70bdafa4f6706a05ae523c1 (patch) | |
| tree | ece7563cc8939b0c7948aa36812a52b70dbb06da | |
| parent | 9822d4d468ec74e4e173f5adf0db12d02974cd18 (diff) | |
| download | sssd-0249e8d37920f59fd70bdafa4f6706a05ae523c1.tar.gz sssd-0249e8d37920f59fd70bdafa4f6706a05ae523c1.tar.xz sssd-0249e8d37920f59fd70bdafa4f6706a05ae523c1.zip | |
IPA: Add a server mode option
https://fedorahosted.org/sssd/ticket/1993
SSSD needs to know that it is running on an IPA server and should not
look up trusted users and groups with the help of the extdom plugin
but do the lookups on its own. For this a new boolean configuration
option, is introduced which defaults to false but is set to true during
ipa-server-install or during updates of the FreeIPA server if it is not
already set.
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ipa.conf | 1 | ||||
| -rw-r--r-- | src/man/sssd-ipa.5.xml | 19 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_common.h | 1 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_opts.h | 1 |
4 files changed, 22 insertions, 0 deletions
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index 8a7e75f2a..bc14fbe3d 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -128,6 +128,7 @@ ldap_idmap_default_domain_sid = str, None, false ldap_groups_use_matching_rule_in_chain = bool, None, false ldap_initgroups_use_matching_rule_in_chain = bool, None, false ldap_rfc2307_fallback_to_local_users = bool, None, false +ipa_server_mode = bool, None, false [provider/ipa/auth] krb5_ccachedir = str, None, false diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index a0c2c3460..2eebe70ff 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -457,6 +457,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term>ipa_hbac_support_srchost (boolean)</term> <listitem> @@ -475,6 +476,24 @@ </listitem> </varlistentry> + <varlistentry> + <term>ipa_server_mode (boolean)</term> + <listitem> + <para> + This options should only be set by the IPA + installer. + </para> + <para> + The option denotes that the SSSD is running on + IPA server and should perform lookups of users + and groups from trusted domains differently. + </para> + <para> + Default: false + </para> + </listitem> + </varlistentry> + <varlistentry condition="with_autofs"> <term>ipa_automount_location (string)</term> <listitem> diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 8bf2d3e17..43ccb8e0a 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -50,6 +50,7 @@ enum ipa_basic_opt { IPA_AUTOMOUNT_LOCATION, IPA_RANGES_SEARCH_BASE, IPA_ENABLE_DNS_SITES, + IPA_SERVER_MODE, IPA_OPTS_BASIC /* opts counter */ }; diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index 139008b1a..9babca73f 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -48,6 +48,7 @@ struct dp_option ipa_basic_opts[] = { { "ipa_automount_location", DP_OPT_STRING, { "default" }, NULL_STRING }, { "ipa_ranges_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ipa_enable_dns_sites", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ipa_server_mode", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, DP_OPTION_TERMINATOR }; |