diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2013-09-26 19:37:06 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-22 15:16:04 +0200 |
| commit | 0cbd01a928aac58bf564277a0a5458f40a1ad96e (patch) | |
| tree | 821148320d4b0ce07117581d3e1c271785c509c6 /src/providers/ipa/ipa_init.c | |
| parent | 66558156128105c1b1f246276c26b6111b0f514a (diff) | |
| download | sssd-0cbd01a928aac58bf564277a0a5458f40a1ad96e.tar.gz sssd-0cbd01a928aac58bf564277a0a5458f40a1ad96e.tar.xz sssd-0cbd01a928aac58bf564277a0a5458f40a1ad96e.zip | |
IPA: Do not enable IPA sites in server mode
When running in IPA server mode, the IPA sites should be ignored and the
SSSD should only connect to the local server.
Diffstat (limited to 'src/providers/ipa/ipa_init.c')
| -rw-r--r-- | src/providers/ipa/ipa_init.c | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index b1440da16..54293698b 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -242,24 +242,14 @@ int sssm_ipa_id_init(struct be_ctx *bectx, hostname = dp_opt_get_string(ipa_options->basic, IPA_HOSTNAME); server_mode = dp_opt_get_bool(ipa_options->basic, IPA_SERVER_MODE); - if (dp_opt_get_bool(ipa_options->basic, IPA_ENABLE_DNS_SITES)) { - /* use IPA plugin */ - ipa_domain = dp_opt_get_string(ipa_options->basic, IPA_DOMAIN); - srv_ctx = ipa_srv_plugin_ctx_init(bectx, bectx->be_res->resolv, - hostname, ipa_domain); - if (srv_ctx == NULL) { - DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory?\n")); - ret = ENOMEM; - goto done; - } - - be_fo_set_srv_lookup_plugin(bectx, ipa_srv_plugin_send, - ipa_srv_plugin_recv, srv_ctx, "IPA"); - } else if (server_mode == true) { + if (server_mode == true) { ipa_servers = dp_opt_get_string(ipa_options->basic, IPA_SERVER); - if (srv_in_server_list(ipa_servers) == true) { - DEBUG(SSSDBG_MINOR_FAILURE, ("SRV resolution enabled on the IPA server. " - "Site discovery of trusted AD servers might not work\n")); + if (srv_in_server_list(ipa_servers) == true + || dp_opt_get_bool(ipa_options->basic, + IPA_ENABLE_DNS_SITES) == true) { + DEBUG(SSSDBG_MINOR_FAILURE, ("SRV resolution or IPA sites enabled " + "on the IPA server. Site discovery of trusted AD servers " + "might not work\n")); /* If SRV discovery is enabled on the server and * dns_discovery_domain is set explicitly, then @@ -304,6 +294,19 @@ int sssm_ipa_id_init(struct be_ctx *bectx, "will be ignored in ipa_server_mode\n")); } } + } else if (dp_opt_get_bool(ipa_options->basic, IPA_ENABLE_DNS_SITES)) { + /* use IPA plugin */ + ipa_domain = dp_opt_get_string(ipa_options->basic, IPA_DOMAIN); + srv_ctx = ipa_srv_plugin_ctx_init(bectx, bectx->be_res->resolv, + hostname, ipa_domain); + if (srv_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory?\n")); + ret = ENOMEM; + goto done; + } + + be_fo_set_srv_lookup_plugin(bectx, ipa_srv_plugin_send, + ipa_srv_plugin_recv, srv_ctx, "IPA"); } else { /* fall back to standard plugin on clients. */ ret = be_fo_set_dns_srv_lookup_plugin(bectx, hostname); |