SUDO Integration - LDAP configuration options

author: Pavel Březina <pbrezina@redhat.com> 2011-12-07 17:20:47 +0100
committer: Stephen Gallagher <sgallagh@redhat.com> 2011-12-16 14:46:17 -0500
commit: 10b6b1fc57bb7c2edb4cfd0a0038303bd33722bc (patch)
tree: 3c5d97cdebe0a8b7e53e60d65d32dd4d0a0f1735 /src/providers/ipa/ipa_common.c
parent: 88c5d362804244a5a74785b94018ddf887094553 (diff)
download: sssd-10b6b1fc57bb7c2edb4cfd0a0038303bd33722bc.tar.gz
sssd-10b6b1fc57bb7c2edb4cfd0a0038303bd33722bc.tar.xz
sssd-10b6b1fc57bb7c2edb4cfd0a0038303bd33722bc.zip
1 files changed, 39 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index f437580a7..4f90b1853 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -60,6 +60,7 @@ struct dp_option ipa_def_ldap_opts[] = {
     { "ldap_group_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_group_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING },
     { "ldap_group_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+    { "ldap_sudo_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_schema", DP_OPT_STRING, { "ipa_v1" }, NULL_STRING },
     { "ldap_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER },
     { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
@@ -465,6 +466,44 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
     if (ret != EOK) goto done;
 
     if (NULL == dp_opt_get_string(ipa_opts->id->basic,
+                                  SDAP_SUDO_SEARCH_BASE)) {
+#if 0
+        ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE,
+                                dp_opt_get_string(ipa_opts->id->basic,
+                                                  SDAP_SEARCH_BASE));
+        if (ret != EOK) {
+            goto done;
+        }
+#else
+        /* We don't yet have support for the native representation
+         * of sudo in IPA. For now, we need to point at the
+         * compat tree
+         */
+        value = talloc_asprintf(tmpctx, "ou=SUDOers,%s", basedn);
+        if (!value) {
+            ret = ENOMEM;
+            goto done;
+        }
+
+        ret = dp_opt_set_string(ipa_opts->id->basic,
+                                SDAP_SUDO_SEARCH_BASE,
+                                 value);
+        if (ret != EOK) {
+            goto done;
+        }
+#endif
+
+        DEBUG(6, ("Option %s set to %s\n",
+                  ipa_opts->id->basic[SDAP_SUDO_SEARCH_BASE].opt_name,
+                  dp_opt_get_string(ipa_opts->id->basic,
+                                    SDAP_SUDO_SEARCH_BASE)));
+    }
+    ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
+                                 SDAP_SUDO_SEARCH_BASE,
+                                 &ipa_opts->id->sudo_search_bases);
+    if (ret != EOK) goto done;
+
+    if (NULL == dp_opt_get_string(ipa_opts->id->basic,
                                   SDAP_NETGROUP_SEARCH_BASE)) {
         value = talloc_asprintf(tmpctx, "cn=ng,cn=alt,%s", basedn);
         if (!value) {
author	Pavel Březina <pbrezina@redhat.com>	2011-12-07 17:20:47 +0100
committer	Stephen Gallagher <sgallagh@redhat.com>	2011-12-16 14:46:17 -0500
commit	10b6b1fc57bb7c2edb4cfd0a0038303bd33722bc (patch)
tree	3c5d97cdebe0a8b7e53e60d65d32dd4d0a0f1735 /src/providers/ipa/ipa_common.c
parent	88c5d362804244a5a74785b94018ddf887094553 (diff)
download	sssd-10b6b1fc57bb7c2edb4cfd0a0038303bd33722bc.tar.gz sssd-10b6b1fc57bb7c2edb4cfd0a0038303bd33722bc.tar.xz sssd-10b6b1fc57bb7c2edb4cfd0a0038303bd33722bc.zip