Tidy up ipa options

Do not replicate every and each option we may want to set in ipa.
Just read out ldap and krb provider options (added reference in the manual too,
and removed mention of ipa specific timeout values, use ldap options for that)

Avoid calling auth module initialization twice, just pass the auth context to
the chpass module too.

Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be
used for both users and groups. the user and group search bases can still be set
separately if necessary but they are now optional and set to be identical to
SDAP_SEARCH_BASE if not explicitly specified in the configuration.

2 files changed, 29 insertions, 2 deletions

diff --git a/server/providers/ldap/ldap_common.c b/server/providers/ldap/ldap_common.c
index beb48a417..b117d022e 100644
--- a/server/providers/ldap/ldap_common.c
+++ b/server/providers/ldap/ldap_common.c
@@ -26,6 +26,7 @@
 
 struct dp_option default_basic_opts[] = {
     { "ldap_uri", DP_OPT_STRING, { "ldap://localhost" }, NULL_STRING },
+    { "ldap_search_base", DP_OPT_STRING, { "dc=example,dc=com" }, NULL_STRING },
     { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING},
     { "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB },
@@ -33,10 +34,10 @@ struct dp_option default_basic_opts[] = {
     { "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
     { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
     { "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING },
-    { "ldap_user_search_base", DP_OPT_STRING, { "ou=People,dc=example,dc=com" }, NULL_STRING },
+    { "ldap_user_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_user_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING },
     { "ldap_user_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING },
-    { "ldap_group_search_base", DP_OPT_STRING, { "ou=Group,dc=example,dc=com" }, NULL_STRING },
+    { "ldap_group_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_group_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING },
     { "ldap_group_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_schema", DP_OPT_STRING, { "rfc2307" }, NULL_STRING },
@@ -151,6 +152,31 @@ int ldap_get_options(TALLOC_CTX *memctx,
         goto done;
     }
 
+    /* set user/group search bases if they are not */
+    if (NULL == dp_opt_get_string(opts->basic, SDAP_USER_SEARCH_BASE)) {
+        ret = dp_opt_set_string(opts->basic, SDAP_USER_SEARCH_BASE,
+                                dp_opt_get_string(opts->basic,
+                                                  SDAP_SEARCH_BASE));
+        if (ret != EOK) {
+            goto done;
+        }
+        DEBUG(6, ("Option %s set to %s\n",
+                  opts->basic[SDAP_USER_SEARCH_BASE].opt_name,
+                  dp_opt_get_string(opts->basic, SDAP_USER_SEARCH_BASE)));
+    }
+
+    if (NULL == dp_opt_get_string(opts->basic, SDAP_GROUP_SEARCH_BASE)) {
+        ret = dp_opt_set_string(opts->basic, SDAP_GROUP_SEARCH_BASE,
+                                dp_opt_get_string(opts->basic,
+                                                  SDAP_SEARCH_BASE));
+        if (ret != EOK) {
+            goto done;
+        }
+        DEBUG(6, ("Option %s set to %s\n",
+                  opts->basic[SDAP_GROUP_SEARCH_BASE].opt_name,
+                  dp_opt_get_string(opts->basic, SDAP_GROUP_SEARCH_BASE)));
+    }
+
     /* schema type */
     schema = dp_opt_get_string(opts->basic, SDAP_SCHEMA);
     if (strcasecmp(schema, "rfc2307") == 0) {
diff --git a/server/providers/ldap/sdap.h b/server/providers/ldap/sdap.h
index 8ae9d0381..f4e5aac31 100644
--- a/server/providers/ldap/sdap.h
+++ b/server/providers/ldap/sdap.h
@@ -89,6 +89,7 @@ enum sdap_result {
 
 enum sdap_basic_opt {
     SDAP_URI = 0,
+    SDAP_SEARCH_BASE,
     SDAP_DEFAULT_BIND_DN,
     SDAP_DEFAULT_AUTHTOK_TYPE,
     SDAP_DEFAULT_AUTHTOK,