Run IPA subdomain provider if IPA ID provider is configured

To make configuration easier the IPA subdomain provider should be always loaded if the IPA ID provider is configured and the subdomain provider is not explicitly disabled. But to avoid the overhead of regular subdomain requests in setups where no subdomains are used the IPA subdomain provider should behave differently if configured explicit or implicit. If the IPA subdomain provider is configured explicitly, i.e. 'subdomains_provider = ipa' can be found in the domain section of sssd.conf subdomain request are always send to the server if needed. If it is configured implicitly and a request to the server fails with an indication that the server currently does not support subdomains at all, e.g. is not configured to handle trust relationships, a new request will be only send to the server after a long timeout or after a going-online event. To be able to make this distinction this patch save the configuration status to the subdomain context. Fixes https://fedorahosted.org/sssd/ticket/1613
author: Sumit Bose <sbose@redhat.com> 2012-11-09 21:31:23 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2012-11-14 10:48:59 +0100
commit: 6830f45b6586c97b87a58d520cd5c56e3e3f8d72 (patch)
tree: 6ace06fcb783d5cf17fe3f49de4cfd987a84c1cc /src/man
parent: 03b555b697caa64327398bddc6cda88b450e6b43 (diff)
download: sssd-6830f45b6586c97b87a58d520cd5c56e3e3f8d72.tar.gz
sssd-6830f45b6586c97b87a58d520cd5c56e3e3f8d72.tar.xz
sssd-6830f45b6586c97b87a58d520cd5c56e3e3f8d72.zip
2 files changed, 32 insertions, 5 deletions
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index c7abea975..4a3aed8ba 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -581,6 +581,29 @@
         </para>
     </refsect1>
 
+    <refsect1 id='subdomains_provider'>
+        <title>SUBDOMAINS PROVIDER</title>
+        <para>
+            The IPA subdomains provider behaves slightly differently
+            if it is configured explicitly or implicitly.
+        </para>
+        <para>
+            If the option 'subdomains_provider = ipa' is found in the
+            domain section of sssd.conf, the IPA subdomains provider is
+            configured explicitly, and all subdomain requests are sent to the
+            IPA server if necessary.
+        </para>
+        <para>
+            If the option 'subdomains_provider' is not set in the domain
+            section of sssd.conf but there is the option 'id_provider = ipa',
+            the IPA subdomains provider is configured implictly. In this case,
+            if a subdomain request fails and indicates that the server does not
+            support subdomains, i.e. is not configured for trusts, the IPA
+            subdomains provider is disabled. After an hour or after the IPA
+            provider goes online, the subdomains provider is enabled again.
+        </para>
+    </refsect1>
+
     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/failover.xml" />
 
     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/service_discovery.xml" />
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 33d99c758..9f487fafe 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -1411,8 +1411,9 @@ override_homedir = /home/%u
                     <term>subdomains_provider (string)</term>
                     <listitem>
                         <para>
-                            The provider which should handle fetching of subdomains.
-                            This value should be always the same as id_provider.
+                            The provider which should handle fetching of
+                            subdomains. This value should be always the same as
+                            id_provider.
                             Supported subdomain providers are:
                         </para>
                         <para>
@@ -1421,13 +1422,16 @@ override_homedir = /home/%u
                             <citerefentry>
                                 <refentrytitle>sssd-ipa</refentrytitle>
                                 <manvolnum>5</manvolnum>
-                            </citerefentry> for more information on configuring IPA.
+                            </citerefentry> for more information on configuring
+                            IPA.
                         </para>
                         <para>
-                            <quote>none</quote> disallows fetching subdomains explicitly.
+                            <quote>none</quote> disallows fetching subdomains
+                            explicitly.
                         </para>
                         <para>
-                            Default: none
+                            Default: The value of <quote>id_provider</quote> is
+                            used if it is set.
                         </para>
                     </listitem>
                 </varlistentry>
author	Sumit Bose <sbose@redhat.com>	2012-11-09 21:31:23 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2012-11-14 10:48:59 +0100
commit	6830f45b6586c97b87a58d520cd5c56e3e3f8d72 (patch)
tree	6ace06fcb783d5cf17fe3f49de4cfd987a84c1cc /src/man
parent	03b555b697caa64327398bddc6cda88b450e6b43 (diff)
download	sssd-6830f45b6586c97b87a58d520cd5c56e3e3f8d72.tar.gz sssd-6830f45b6586c97b87a58d520cd5c56e3e3f8d72.tar.xz sssd-6830f45b6586c97b87a58d520cd5c56e3e3f8d72.zip