diff options
| author | Sumit Bose <sbose@redhat.com> | 2013-08-19 17:15:47 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-28 17:30:07 +0200 |
| commit | caee9828ee30609e9f433957dbb3d0163390a207 (patch) | |
| tree | 323dc74055327b86a47e2e32ffb14a66b25a5971 /src/providers/ipa/ipa_subdomains.h | |
| parent | b8d0374cd23db90fce203292ff547641f62e338a (diff) | |
| download | sssd-caee9828ee30609e9f433957dbb3d0163390a207.tar.gz sssd-caee9828ee30609e9f433957dbb3d0163390a207.tar.xz sssd-caee9828ee30609e9f433957dbb3d0163390a207.zip | |
ipa-server-mode: add IPA group memberships to AD users
When IPA trusts an AD domain the AD user or groups can be placed into
IPA groups e.g. to put AD users under the control of HBAC. Since IPA
group can only have members from the IPA directory tree and the AD users
and groups are not stored there a special IPA object called external
group was introduced. SIDs of users and groups can be added to the
external group and since the external groups are in the IPA directory
tree they can be member of IPA groups.
To speed things up and to remove some load from the IPA servers SSSD
reads all external groups and stores them in memory for some time before
rereading the data.
Enhances https://fedorahosted.org/sssd/ticket/1962
Diffstat (limited to 'src/providers/ipa/ipa_subdomains.h')
| -rw-r--r-- | src/providers/ipa/ipa_subdomains.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_subdomains.h b/src/providers/ipa/ipa_subdomains.h index 315ce9e06..ceb862226 100644 --- a/src/providers/ipa/ipa_subdomains.h +++ b/src/providers/ipa/ipa_subdomains.h @@ -46,11 +46,16 @@ struct ipa_ad_server_ctx { struct ipa_ad_server_ctx *next, *prev; }; +/* struct for external group memberships, defined in + * ipa_subdomains_ext_groups.c */ +struct ipa_ext_groups; + struct ipa_server_mode_ctx { const char *realm; const char *hostname; struct ipa_ad_server_ctx *trusts; + struct ipa_ext_groups *ext_groups; }; int ipa_ad_subdom_init(struct be_ctx *be_ctx, @@ -70,4 +75,14 @@ struct req_input { const char *secid; } inp; }; + +struct tevent_req *ipa_get_ad_memberships_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct be_acct_req *ar, + struct ipa_server_mode_ctx *server_mode, + struct sss_domain_info *user_dom, + struct sdap_id_ctx *sdap_id_ctx, + const char *domain); + +errno_t ipa_get_ad_memberships_recv(struct tevent_req *req, int *dp_error_out); #endif /* _IPA_SUBDOMAINS_H_ */ |