diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-19 10:51:19 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-28 22:22:20 +0200 |
| commit | 3d28e0e560b787b5c57ed7327d184310342a7e38 (patch) | |
| tree | d51191a9d6daec9e9d7842241946b386d52f5d1a /src/providers/ipa/ipa_id.c | |
| parent | 418e6ccd116eced7ccc75aca999a4c37c67289ba (diff) | |
| download | sssd-3d28e0e560b787b5c57ed7327d184310342a7e38.tar.gz sssd-3d28e0e560b787b5c57ed7327d184310342a7e38.tar.xz sssd-3d28e0e560b787b5c57ed7327d184310342a7e38.zip | |
IPA: Look up AD users directly if IPA server mode is on
https://fedorahosted.org/sssd/ticket/1962
If the ipa_server_mode is selected IPA subdomain user and group lookups
are not done with the help of the extdom plugin but directly against AD
using the AD ID code.
Diffstat (limited to 'src/providers/ipa/ipa_id.c')
| -rw-r--r-- | src/providers/ipa/ipa_id.c | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index b11abaa7d..6e0964400 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -83,9 +83,15 @@ void ipa_account_info_handler(struct be_req *breq) ar = talloc_get_type(be_req_get_data(breq), struct be_acct_req); if (strcasecmp(ar->domain, be_ctx->domain->name) != 0) { - /* if domain names do not match, this is a subdomain case */ - req = ipa_get_subdom_acct_send(breq, be_ctx->ev, ctx, ar); - + /* if domain names do not match, this is a subdomain case + * subdomain lookups are handled differently on the server + * and the client + */ + if (dp_opt_get_bool(ipa_ctx->ipa_options->basic, IPA_SERVER_MODE)) { + req = ipa_get_ad_acct_send(breq, be_ctx->ev, ipa_ctx, breq, ar); + } else { + req = ipa_get_subdom_acct_send(breq, be_ctx->ev, ctx, ar); + } } else if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_NETGROUP) { /* netgroups are handled by a separate request function */ if (ar->filter_type != BE_FILTER_NAME) { @@ -110,15 +116,24 @@ void ipa_account_info_handler(struct be_req *breq) static void ipa_account_info_done(struct tevent_req *req) { struct be_req *breq = tevent_req_callback_data(req, struct be_req); + struct be_ctx *be_ctx = be_req_get_be_ctx(breq); + struct ipa_id_ctx *ipa_ctx; struct be_acct_req *ar = talloc_get_type(be_req_get_data(breq), struct be_acct_req); const char *error_text; int ret, dp_error; + ipa_ctx = talloc_get_type(be_ctx->bet_info[BET_ID].pvt_bet_data, + struct ipa_id_ctx); + if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_NETGROUP) { ret = ipa_id_get_netgroup_recv(req, &dp_error); } else { - ret = ipa_get_subdom_acct_recv(req, &dp_error); + if (dp_opt_get_bool(ipa_ctx->ipa_options->basic, IPA_SERVER_MODE)) { + ret = ipa_get_ad_acct_recv(req, &dp_error); + } else { + ret = ipa_get_subdom_acct_recv(req, &dp_error); + } } talloc_zfree(req); |