Add dns_discovery_domain option

The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
author: Jakub Hrozek <jhrozek@redhat.com> 2010-06-01 15:36:56 +0200
committer: Stephen Gallagher <sgallagh@redhat.com> 2010-06-30 07:35:31 -0400
commit: 780ffc9f6d5e1fcd4df3d390b56cb98878223cc0 (patch)
tree: e0d94ce0260b4435f5ea882f356adeac41c8fee7 /src/config
parent: 2dd3faebcd3cfd00efda38ffd2585d675e696b12 (diff)
download: sssd-780ffc9f6d5e1fcd4df3d390b56cb98878223cc0.tar.gz
sssd-780ffc9f6d5e1fcd4df3d390b56cb98878223cc0.tar.xz
sssd-780ffc9f6d5e1fcd4df3d390b56cb98878223cc0.zip
4 files changed, 29 insertions, 1 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index f1ff02aaa..22013eebb 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -82,6 +82,7 @@ option_strings = {
     'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'),
     'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'),
     'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'),
+    'dns_discovery_domain' : _('The domain part of service discovery DNS query'),
 
     # [provider/ipa]
     'ipa_domain' : _('IPA domain'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 63d1ad11f..e99a7876f 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -478,6 +478,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'lookup_family_order',
             'account_cache_expiration',
             'dns_resolver_timeout',
+            'dns_discovery_domain',
             'id_provider',
             'auth_provider',
             'access_provider',
@@ -795,6 +796,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'account_cache_expiration',
             'lookup_family_order',
             'dns_resolver_timeout',
+            'dns_discovery_domain',
             'id_provider',
             'auth_provider',
             'access_provider',
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index f0ef41149..ca85ed709 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -59,6 +59,7 @@ account_cache_expiration = int, None, false
 filter_users = list, str, false
 filter_groups = list, str, false
 dns_resolver_timeout = int, None, false
+dns_discovery_domain = str, None, false
 
 # Special providers
 [provider/permit]
diff --git a/src/config/upgrade_config.py b/src/config/upgrade_config.py
index d47fcd38c..ff22b489b 100644
--- a/src/config/upgrade_config.py
+++ b/src/config/upgrade_config.py
@@ -59,6 +59,28 @@ class SSSDConfigFile(SSSDChangeConf):
             if item:
                 item['name'] = new_name
 
+    def _add_dns_domain_name(self, domain):
+        id_provider = self.findOpts(domain['value'], 'option', 'id_provider')[1]
+        dns_domain_name = { 'type' : 'option',
+                            'name' : 'dns_discovery_domain',
+                            'value' : domain['name'].lstrip('domain/') }
+        if id_provider['value'] == 'ldap':
+            server = self.findOpts(domain['value'], 'option', 'ldap_uri')[1]
+            if not server or "__srv__" in server['value']:
+                domain['value'].insert(0, dns_domain_name)
+                return
+        elif id_provider['value'] == 'ipa':
+            server = self.findOpts(domain['value'], 'option', 'ipa_server')[1]
+            if not server or "__srv__" in server['value']:
+                domain['value'].insert(0, dns_domain_name)
+                return
+
+        auth_provider = self.findOpts(domain['value'], 'option', 'auth_provider')[1]
+        if auth_provider and auth_provider['value'] == 'krb5':
+            server = self.findOpts(domain['value'], 'option', 'krb5_kdcip')[1]
+            if not server or "__srv__" in server['value']:
+                domain['value'].insert(0, dns_domain_name)
+
     def _do_v2_changes(self):
         # remove Data Provider
         srvlist = self.get_option_index('sssd', 'services')[1]
@@ -69,9 +91,11 @@ class SSSDConfigFile(SSSDChangeConf):
             srvlist['value'] = ", ".join([srv for srv in services])
         self.delete_option('section', 'dp')
 
-        # remove magic_private_groups from all domains
         for domain in [ s for s in self.sections() if s['name'].startswith("domain/") ]:
+            # remove magic_private_groups from all domains
             self.delete_option_subtree(domain['value'], 'option', 'magic_private_groups')
+            # check if we need to add dns_domain
+            self._add_dns_domain_name(domain)
 
     def _update_option(self, to_section_name, from_section_name, opts):
         to_section = [ s for s in self.sections() if s['name'].strip() == to_section_name ]
author	Jakub Hrozek <jhrozek@redhat.com>	2010-06-01 15:36:56 +0200
committer	Stephen Gallagher <sgallagh@redhat.com>	2010-06-30 07:35:31 -0400
commit	780ffc9f6d5e1fcd4df3d390b56cb98878223cc0 (patch)
tree	e0d94ce0260b4435f5ea882f356adeac41c8fee7 /src/config
parent	2dd3faebcd3cfd00efda38ffd2585d675e696b12 (diff)
download	sssd-780ffc9f6d5e1fcd4df3d390b56cb98878223cc0.tar.gz sssd-780ffc9f6d5e1fcd4df3d390b56cb98878223cc0.tar.xz sssd-780ffc9f6d5e1fcd4df3d390b56cb98878223cc0.zip