diff options
| -rw-r--r-- | src/man/include/service_discovery.xml | 36 | ||||
| -rw-r--r-- | src/man/sssd-ipa.5.xml | 4 | ||||
| -rw-r--r-- | src/man/sssd-krb5.5.xml | 5 | ||||
| -rw-r--r-- | src/man/sssd-ldap.5.xml | 20 | ||||
| -rw-r--r-- | src/providers/data_provider_fo.c | 32 | ||||
| -rw-r--r-- | src/providers/dp_backend.h | 9 | ||||
| -rw-r--r-- | src/providers/fail_over.h | 2 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_common.c | 24 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_common.h | 2 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_init.c | 3 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_common.c | 21 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_common.h | 4 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_init.c | 8 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_common.c | 57 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_common.h | 8 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_init.c | 24 | ||||
| -rw-r--r-- | src/providers/ldap/sdap.h | 1 |
17 files changed, 224 insertions, 36 deletions
diff --git a/src/man/include/service_discovery.xml b/src/man/include/service_discovery.xml new file mode 100644 index 000000000..16d016eaf --- /dev/null +++ b/src/man/include/service_discovery.xml @@ -0,0 +1,36 @@ +<refsect1 id='service_discovery'> + <title>SERVICE DISCOVERY</title> + <para> + The service discovery feature allows back ends to automatically + find the appropriate servers to connect to using a special DNS + query. + </para> + <refsect2 id='configuration'> + <title>Configuration</title> + <para> + If no servers are specified, the back end automatically + uses service discovery to try to find a server. Optionally, + the user may choose to use both fixed server addresses + and service discovery by inserting a special keyword, + <quote>_srv_</quote>, in the list of servers. The order + of preference is maintained. This feature is useful if, for + example, the user prefers to use service discovery whenever + possible, and fall back to a specific server when no servers + can be discovered using DNS. + </para> + </refsect2> + <refsect2 id='domain_name'> + <title>The domain name</title> + <para> + The name of the SSSD domain is used as the domain part of the + service discovery DNS query. + </para> + </refsect2> + <refsect2 id='reference'> + <title>See Also</title> + <para> + For more information on the service discovery mechanism, + refer to RFC 2782. + </para> + </refsect2> +</refsect1> diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index d1ba1c526..103558b04 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -82,6 +82,8 @@ on failover and server redundancy, see the <quote>FAILOVER</quote> section. This is optional if autodiscovery is enabled. + For more information on service discovery, refer + to the the <quote>SERVICE DISCOVERY</quote> section. </para> </listitem> </varlistentry> @@ -120,6 +122,8 @@ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/failover.xml" /> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/service_discovery.xml" /> + <refsect1 id='example'> <title>EXAMPLE</title> <para> diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml index c291eca79..01f212d2a 100644 --- a/src/man/sssd-krb5.5.xml +++ b/src/man/sssd-krb5.5.xml @@ -72,6 +72,9 @@ see the <quote>FAILOVER</quote> section. An optional port number (preceded by a colon) may be appended to the addresses or hostnames. + If empty, service discovery is enabled - + for more information, refer to the + <quote>SERVICE DISCOVERY</quote> section. </para> </listitem> </varlistentry> @@ -244,6 +247,8 @@ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/failover.xml" /> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/service_discovery.xml" /> + <refsect1 id='example'> <title>EXAMPLE</title> <para> diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index b79cbbc9a..c119e7f3f 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -61,9 +61,8 @@ Specifies the list of URIs of the LDAP servers to which SSSD should connect in the order of preference. Refer to the <quote>FAILOVER</quote> section for more information on failover and server redundancy. - </para> - <para> - Default: ldap://localhost + If not specified, service discovery is enabled. For more information, refer + to the <quote>SERVICE DISCOVERY</quote> section. </para> </listitem> </varlistentry> @@ -632,12 +631,27 @@ </listitem> </varlistentry> + <varlistentry> + <term>ldap_dns_service_name (string)</term> + <listitem> + <para> + Specifies the service name to use when service + discovery is enabled. + </para> + <para> + Default: ldap + </para> + </listitem> + </varlistentry> + </variablelist> </para> </refsect1> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/failover.xml" /> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/service_discovery.xml" /> + <refsect1 id='example'> <title>EXAMPLE</title> <para> diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c index cbdb78624..14ebbdb5d 100644 --- a/src/providers/data_provider_fo.c +++ b/src/providers/data_provider_fo.c @@ -53,6 +53,11 @@ struct be_failover_ctx { struct be_svc_data *svcs; }; +int be_fo_is_srv_identifier(const char *server) +{ + return server && strcasecmp(server, BE_SRV_IDENTIFIER) == 0; +} + static int be_fo_get_options(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, struct fo_options *opts) { @@ -61,6 +66,7 @@ static int be_fo_get_options(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, /* todo get timeout from configuration */ opts->retry_timeout = 30; + opts->srv_retry_timeout = 14400; ret = confdb_get_string(ctx->cdb, mem_ctx, ctx->conf_path, CONFDB_DOMAIN_FAMILY_ORDER, @@ -234,6 +240,32 @@ int be_fo_service_add_callback(TALLOC_CTX *memctx, return EOK; } +int be_fo_add_srv_server(struct be_ctx *ctx, const char *service_name, + const char *query_service, const char *proto, + const char *domain, void *user_data) +{ + struct be_svc_data *svc; + int ret; + + DLIST_FOR_EACH(svc, ctx->be_fo->svcs) { + if (strcmp(svc->name, service_name) == 0) { + break; + } + } + if (NULL == svc) { + return ENOENT; + } + + ret = fo_add_srv_server(svc->fo_service, query_service, + domain, proto, user_data); + if (ret && ret != EEXIST) { + DEBUG(1, ("Failed to add SRV lookup reference to failover service\n")); + return ret; + } + + return EOK; +} + int be_fo_add_server(struct be_ctx *ctx, const char *service_name, const char *server, int port, void *user_data) { diff --git a/src/providers/dp_backend.h b/src/providers/dp_backend.h index 496c80700..ec0510e39 100644 --- a/src/providers/dp_backend.h +++ b/src/providers/dp_backend.h @@ -26,6 +26,11 @@ #include "providers/fail_over.h" #include "db/sysdb.h" +/* a special token, if used in place of the hostname, denotes that real + * hostnames should be looked up from DNS using SRV requests + */ +#define BE_SRV_IDENTIFIER "_srv_" + struct be_ctx; struct bet_ops; struct be_req; @@ -147,10 +152,14 @@ void be_run_online_cb(struct be_ctx *be); typedef void (be_svc_callback_fn_t)(void *, struct fo_server *); int be_init_failover(struct be_ctx *ctx); +int be_fo_is_srv_identifier(const char *server); int be_fo_add_service(struct be_ctx *ctx, const char *service_name); int be_fo_service_add_callback(TALLOC_CTX *memctx, struct be_ctx *ctx, const char *service_name, be_svc_callback_fn_t *fn, void *private_data); +int be_fo_add_srv_server(struct be_ctx *ctx, const char *service_name, + const char *query_service, const char *proto, + const char *domain, void *user_data); int be_fo_add_server(struct be_ctx *ctx, const char *service_name, const char *server, int port, void *user_data); diff --git a/src/providers/fail_over.h b/src/providers/fail_over.h index 70e694fee..a31ace21e 100644 --- a/src/providers/fail_over.h +++ b/src/providers/fail_over.h @@ -159,4 +159,6 @@ const char *fo_get_server_name(struct fo_server *server); struct hostent *fo_get_server_hostent(struct fo_server *server); +int fo_is_srv_lookup(struct fo_server *s); + #endif /* !__FAIL_OVER_H__ */ diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 7d457b7db..aa84e7a94 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -67,7 +67,8 @@ struct dp_option ipa_def_ldap_opts[] = { { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING }, { "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, - { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER } + { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }, + { "ldap_dns_service_name", DP_OPT_STRING, { SSS_LDAP_SRV_NAME }, NULL_STRING } }; struct sdap_attr_map ipa_attr_map[] = { @@ -155,12 +156,9 @@ int ipa_get_options(TALLOC_CTX *memctx, } } - /* FIXME: Make non-fatal once we have discovery */ server = dp_opt_get_string(opts->basic, IPA_SERVER); if (!server) { - DEBUG(0, ("Can't find ipa server, missing option!\n")); - ret = EINVAL; - goto done; + DEBUG(1, ("No ipa server set, will use service discovery!\n")); } ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME); @@ -537,6 +535,10 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, } service->krb5_service->realm = realm; + if (!servers) { + servers = BE_SRV_IDENTIFIER; + } + /* split server parm into a list */ ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL); if (ret != EOK) { @@ -549,6 +551,18 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, talloc_steal(service, list[i]); + if (be_fo_is_srv_identifier(list[i])) { + ret = be_fo_add_srv_server(ctx, "IPA", "ldap", + FO_PROTO_TCP, ctx->domain->name, NULL); + if (ret) { + DEBUG(0, ("Failed to add server\n")); + goto done; + } + + DEBUG(6, ("Added service lookup for service IPA\n")); + continue; + } + ret = be_fo_add_server(ctx, "IPA", list[i], 0, NULL); if (ret && ret != EEXIST) { DEBUG(0, ("Failed to add server\n")); diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 77628189c..9daede2db 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -35,7 +35,7 @@ struct ipa_service { /* the following defines are used to keep track of the options in the ldap * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ -#define IPA_OPTS_BASIC_TEST 32 +#define IPA_OPTS_BASIC_TEST 33 /* the following define is used to keep track of the options in the krb5 * module, so that if they change and ipa is not updated correspondingly diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 1689ac28e..596aecfbd 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -72,8 +72,7 @@ int common_ipa_init(struct be_ctx *bectx) ipa_servers = dp_opt_get_string(ipa_options->basic, IPA_SERVER); if (!ipa_servers) { - DEBUG(0, ("Missing ipa_server option!\n")); - return EINVAL; + DEBUG(1, ("Missing ipa_server option - using service discovery!\n")); } ipa_domain = dp_opt_get_string(ipa_options->basic, IPA_DOMAIN); diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index 1423b0890..bc2d3fbc1 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -334,6 +334,10 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, goto done; } + if (!servers) { + servers = BE_SRV_IDENTIFIER; + } + ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL); if (ret != EOK) { DEBUG(1, ("Failed to parse server list!\n")); @@ -344,6 +348,23 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, talloc_steal(service, list[i]); server_spec = talloc_strdup(service, list[i]); + if (!server_spec) { + ret = ENOMEM; + goto done; + } + + if (be_fo_is_srv_identifier(server_spec)) { + ret = be_fo_add_srv_server(ctx, service_name, service_name, + FO_PROTO_TCP, ctx->domain->name, NULL); + if (ret) { + DEBUG(0, ("Failed to add server\n")); + goto done; + } + + DEBUG(6, ("Added service lookup\n")); + continue; + } + port_str = strrchr(server_spec, ':'); if (port_str == NULL) { port = 0; diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index 0482ef023..12c487a90 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -40,8 +40,8 @@ #define KDCINFO_TMPL PUBCONF_PATH"/kdcinfo.%s" #define KPASSWDINFO_TMPL PUBCONF_PATH"/kpasswdinfo.%s" -#define SSS_KRB5KDC_FO_SRV "KRB5KDC" -#define SSS_KRB5KPASSWD_FO_SRV "KRB5KPASSWD" +#define SSS_KRB5KDC_FO_SRV "KERBEROS" +#define SSS_KRB5KPASSWD_FO_SRV "KPASSWD" enum krb5_opts { KRB5_KDC = 0, diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c index 0bacb3f8f..03d952607 100644 --- a/src/providers/krb5/krb5_init.c +++ b/src/providers/krb5/krb5_init.c @@ -90,8 +90,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, krb5_servers = dp_opt_get_string(ctx->opts, KRB5_KDC); if (krb5_servers == NULL) { - DEBUG(0, ("Missing krb5_kdcip option!\n")); - return EINVAL; + DEBUG(1, ("Missing krb5_kdcip option, using service discovery!\n")); } krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM); @@ -108,8 +107,9 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, } krb5_kpasswd_servers = dp_opt_get_string(ctx->opts, KRB5_KPASSWD); - if (krb5_kpasswd_servers == NULL) { - DEBUG(0, ("Missing krb5_kpasswd option, using KDC!\n")); + if (krb5_kpasswd_servers == NULL && krb5_servers != NULL) { + DEBUG(0, ("Missing krb5_kpasswd option and KDC set explicitly, " + "will use KDC for pasword change operations!\n")); ctx->kpasswd_service = NULL; } else { ret = krb5_service_init(ctx, bectx, SSS_KRB5KPASSWD_FO_SRV, diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 90ec7e2e7..03b2133a8 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -31,7 +31,7 @@ int ldap_child_debug_fd = -1; struct dp_option default_basic_opts[] = { - { "ldap_uri", DP_OPT_STRING, { "ldap://localhost" }, NULL_STRING }, + { "ldap_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_search_base", DP_OPT_STRING, { "dc=example,dc=com" }, NULL_STRING }, { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING}, @@ -63,7 +63,8 @@ struct dp_option default_basic_opts[] = { { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING }, { "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, - { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER } + { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }, + { "ldap_dns_service_name", DP_OPT_STRING, { SSS_LDAP_SRV_NAME }, NULL_STRING } }; struct sdap_attr_map generic_attr_map[] = { @@ -537,30 +538,46 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) if (!service) return; tmp = (const char *)fo_get_server_user_data(server); - if (tmp && ldap_is_ldap_url(tmp)) { - new_uri = talloc_strdup(service, tmp); + + if (fo_is_srv_lookup(server)) { + if (!tmp) { + DEBUG(1, ("Unknown service, using ldap\n")); + tmp = SSS_LDAP_SRV_NAME; + } + new_uri = talloc_asprintf(service, "%s://%s:%d", + tmp, + fo_get_server_name(server), + fo_get_server_port(server)); } else { - new_uri = talloc_asprintf(service, "ldap://%s", - fo_get_server_name(server)); + if (tmp && ldap_is_ldap_url(tmp)) { + new_uri = talloc_strdup(service, tmp); + } else { + new_uri = talloc_asprintf(service, "ldap://%s", + fo_get_server_name(server)); + } } + if (!new_uri) { DEBUG(2, ("Failed to copy URI ...\n")); return; } + DEBUG(6, ("Constructed uri '%s'\n", new_uri)); + /* free old one and replace with new one */ talloc_zfree(service->uri); service->uri = new_uri; } int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, - const char *service_name, const char *urls, - struct sdap_service **_service) + const char *service_name, const char *dns_service_name, + const char *urls, struct sdap_service **_service) { TALLOC_CTX *tmp_ctx; struct sdap_service *service; LDAPURLDesc *lud; char **list = NULL; + char *srv_user_data; int ret; int i; @@ -587,6 +604,10 @@ int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, goto done; } + if (!urls) { + urls = BE_SRV_IDENTIFIER; + } + /* split server parm into a list */ ret = split_on_separator(tmp_ctx, urls, ',', true, &list, NULL); if (ret != EOK) { @@ -596,6 +617,26 @@ int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, /* now for each URI add a new server to the failover service */ for (i = 0; list[i]; i++) { + if (be_fo_is_srv_identifier(list[i])) { + srv_user_data = talloc_strdup(service, dns_service_name); + if (!srv_user_data) { + ret = ENOMEM; + goto done; + } + + ret = be_fo_add_srv_server(ctx, service_name, + dns_service_name, FO_PROTO_TCP, + ctx->domain->name, + srv_user_data); + if (ret) { + DEBUG(0, ("Failed to add server\n")); + goto done; + } + + DEBUG(6, ("Added service lookup\n")); + continue; + } + ret = ldap_url_parse(list[i], &lud); if (ret != LDAP_SUCCESS) { DEBUG(0, ("Failed to parse ldap URI (%s)!\n", list[i])); diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index ff1ffb725..3998e3001 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -30,6 +30,8 @@ #define PWD_POL_OPT_SHADOW "shadow" #define PWD_POL_OPT_MIT "mit_kerberos" +#define SSS_LDAP_SRV_NAME "ldap" + /* a fd the child process would log into */ extern int ldap_child_debug_fd; @@ -76,9 +78,9 @@ void sdap_pam_chpass_handler(struct be_req *breq); void sdap_handler_done(struct be_req *req, int dp_err, int error, const char *errstr); -int sdap_service_init(TALLOC_CTX *mmectx, struct be_ctx *ctx, - const char *service_name, const char *urls, - struct sdap_service **service); +int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, + const char *service_name, const char *dns_service_name, + const char *urls, struct sdap_service **_service); /* options parser */ int ldap_get_options(TALLOC_CTX *memctx, diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index b74ffc215..917ece0cb 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -52,6 +52,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx, { struct sdap_id_ctx *ctx; const char *urls; + const char *dns_service_name; int ret; ctx = talloc_zero(bectx, struct sdap_id_ctx); @@ -65,14 +66,17 @@ int sssm_ldap_id_init(struct be_ctx *bectx, goto done; } + dns_service_name = dp_opt_get_string(ctx->opts->basic, + SDAP_DNS_SERVICE_NAME); + DEBUG(7, ("Service name for discovery set to %s\n", dns_service_name)); + urls = dp_opt_get_string(ctx->opts->basic, SDAP_URI); if (!urls) { - DEBUG(0, ("Missing ldap_uri\n")); - ret = EINVAL; - goto done; + DEBUG(1, ("Missing ldap_uri, will use service discovery\n")); } - ret = sdap_service_init(ctx, ctx->be, "LDAP", urls, &ctx->service); + ret = sdap_service_init(ctx, ctx->be, "LDAP", + dns_service_name, urls, &ctx->service); if (ret != EOK) { DEBUG(1, ("Failed to initialize failover service!\n")); goto done; @@ -114,6 +118,7 @@ int sssm_ldap_auth_init(struct be_ctx *bectx, { struct sdap_auth_ctx *ctx; const char *urls; + const char *dns_service_name; int ret; ctx = talloc(bectx, struct sdap_auth_ctx); @@ -127,14 +132,17 @@ int sssm_ldap_auth_init(struct be_ctx *bectx, goto done; } + dns_service_name = dp_opt_get_string(ctx->opts->basic, + SDAP_DNS_SERVICE_NAME); + DEBUG(7, ("Service name for discovery set to %s\n", dns_service_name)); + urls = dp_opt_get_string(ctx->opts->basic, SDAP_URI); if (!urls) { - DEBUG(0, ("Missing ldap_uri\n")); - ret = EINVAL; - goto done; + DEBUG(1, ("Missing ldap_uri, will use service discovery\n")); } - ret = sdap_service_init(ctx, ctx->be, "LDAP", urls, &ctx->service); + ret = sdap_service_init(ctx, ctx->be, "LDAP", dns_service_name, + urls, &ctx->service); if (ret != EOK) { DEBUG(1, ("Failed to initialize failover service!\n")); goto done; diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 1445e8eea..a4da43b35 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -150,6 +150,7 @@ enum sdap_basic_opt { SDAP_PWD_POLICY, SDAP_REFERRALS, SDAP_ACCOUNT_CACHE_EXPIRATION, + SDAP_DNS_SERVICE_NAME, SDAP_OPTS_BASIC /* opts counter */ }; |