diff options
Diffstat (limited to 'src/providers/ldap')
| -rw-r--r-- | src/providers/ldap/ldap_common.c | 57 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_common.h | 8 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_init.c | 24 | ||||
| -rw-r--r-- | src/providers/ldap/sdap.h | 1 |
4 files changed, 71 insertions, 19 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 90ec7e2e7..03b2133a8 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -31,7 +31,7 @@ int ldap_child_debug_fd = -1; struct dp_option default_basic_opts[] = { - { "ldap_uri", DP_OPT_STRING, { "ldap://localhost" }, NULL_STRING }, + { "ldap_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_search_base", DP_OPT_STRING, { "dc=example,dc=com" }, NULL_STRING }, { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING}, @@ -63,7 +63,8 @@ struct dp_option default_basic_opts[] = { { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING }, { "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, - { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER } + { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }, + { "ldap_dns_service_name", DP_OPT_STRING, { SSS_LDAP_SRV_NAME }, NULL_STRING } }; struct sdap_attr_map generic_attr_map[] = { @@ -537,30 +538,46 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) if (!service) return; tmp = (const char *)fo_get_server_user_data(server); - if (tmp && ldap_is_ldap_url(tmp)) { - new_uri = talloc_strdup(service, tmp); + + if (fo_is_srv_lookup(server)) { + if (!tmp) { + DEBUG(1, ("Unknown service, using ldap\n")); + tmp = SSS_LDAP_SRV_NAME; + } + new_uri = talloc_asprintf(service, "%s://%s:%d", + tmp, + fo_get_server_name(server), + fo_get_server_port(server)); } else { - new_uri = talloc_asprintf(service, "ldap://%s", - fo_get_server_name(server)); + if (tmp && ldap_is_ldap_url(tmp)) { + new_uri = talloc_strdup(service, tmp); + } else { + new_uri = talloc_asprintf(service, "ldap://%s", + fo_get_server_name(server)); + } } + if (!new_uri) { DEBUG(2, ("Failed to copy URI ...\n")); return; } + DEBUG(6, ("Constructed uri '%s'\n", new_uri)); + /* free old one and replace with new one */ talloc_zfree(service->uri); service->uri = new_uri; } int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, - const char *service_name, const char *urls, - struct sdap_service **_service) + const char *service_name, const char *dns_service_name, + const char *urls, struct sdap_service **_service) { TALLOC_CTX *tmp_ctx; struct sdap_service *service; LDAPURLDesc *lud; char **list = NULL; + char *srv_user_data; int ret; int i; @@ -587,6 +604,10 @@ int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, goto done; } + if (!urls) { + urls = BE_SRV_IDENTIFIER; + } + /* split server parm into a list */ ret = split_on_separator(tmp_ctx, urls, ',', true, &list, NULL); if (ret != EOK) { @@ -596,6 +617,26 @@ int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, /* now for each URI add a new server to the failover service */ for (i = 0; list[i]; i++) { + if (be_fo_is_srv_identifier(list[i])) { + srv_user_data = talloc_strdup(service, dns_service_name); + if (!srv_user_data) { + ret = ENOMEM; + goto done; + } + + ret = be_fo_add_srv_server(ctx, service_name, + dns_service_name, FO_PROTO_TCP, + ctx->domain->name, + srv_user_data); + if (ret) { + DEBUG(0, ("Failed to add server\n")); + goto done; + } + + DEBUG(6, ("Added service lookup\n")); + continue; + } + ret = ldap_url_parse(list[i], &lud); if (ret != LDAP_SUCCESS) { DEBUG(0, ("Failed to parse ldap URI (%s)!\n", list[i])); diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index ff1ffb725..3998e3001 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -30,6 +30,8 @@ #define PWD_POL_OPT_SHADOW "shadow" #define PWD_POL_OPT_MIT "mit_kerberos" +#define SSS_LDAP_SRV_NAME "ldap" + /* a fd the child process would log into */ extern int ldap_child_debug_fd; @@ -76,9 +78,9 @@ void sdap_pam_chpass_handler(struct be_req *breq); void sdap_handler_done(struct be_req *req, int dp_err, int error, const char *errstr); -int sdap_service_init(TALLOC_CTX *mmectx, struct be_ctx *ctx, - const char *service_name, const char *urls, - struct sdap_service **service); +int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, + const char *service_name, const char *dns_service_name, + const char *urls, struct sdap_service **_service); /* options parser */ int ldap_get_options(TALLOC_CTX *memctx, diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index b74ffc215..917ece0cb 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -52,6 +52,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx, { struct sdap_id_ctx *ctx; const char *urls; + const char *dns_service_name; int ret; ctx = talloc_zero(bectx, struct sdap_id_ctx); @@ -65,14 +66,17 @@ int sssm_ldap_id_init(struct be_ctx *bectx, goto done; } + dns_service_name = dp_opt_get_string(ctx->opts->basic, + SDAP_DNS_SERVICE_NAME); + DEBUG(7, ("Service name for discovery set to %s\n", dns_service_name)); + urls = dp_opt_get_string(ctx->opts->basic, SDAP_URI); if (!urls) { - DEBUG(0, ("Missing ldap_uri\n")); - ret = EINVAL; - goto done; + DEBUG(1, ("Missing ldap_uri, will use service discovery\n")); } - ret = sdap_service_init(ctx, ctx->be, "LDAP", urls, &ctx->service); + ret = sdap_service_init(ctx, ctx->be, "LDAP", + dns_service_name, urls, &ctx->service); if (ret != EOK) { DEBUG(1, ("Failed to initialize failover service!\n")); goto done; @@ -114,6 +118,7 @@ int sssm_ldap_auth_init(struct be_ctx *bectx, { struct sdap_auth_ctx *ctx; const char *urls; + const char *dns_service_name; int ret; ctx = talloc(bectx, struct sdap_auth_ctx); @@ -127,14 +132,17 @@ int sssm_ldap_auth_init(struct be_ctx *bectx, goto done; } + dns_service_name = dp_opt_get_string(ctx->opts->basic, + SDAP_DNS_SERVICE_NAME); + DEBUG(7, ("Service name for discovery set to %s\n", dns_service_name)); + urls = dp_opt_get_string(ctx->opts->basic, SDAP_URI); if (!urls) { - DEBUG(0, ("Missing ldap_uri\n")); - ret = EINVAL; - goto done; + DEBUG(1, ("Missing ldap_uri, will use service discovery\n")); } - ret = sdap_service_init(ctx, ctx->be, "LDAP", urls, &ctx->service); + ret = sdap_service_init(ctx, ctx->be, "LDAP", dns_service_name, + urls, &ctx->service); if (ret != EOK) { DEBUG(1, ("Failed to initialize failover service!\n")); goto done; diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 1445e8eea..a4da43b35 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -150,6 +150,7 @@ enum sdap_basic_opt { SDAP_PWD_POLICY, SDAP_REFERRALS, SDAP_ACCOUNT_CACHE_EXPIRATION, + SDAP_DNS_SERVICE_NAME, SDAP_OPTS_BASIC /* opts counter */ }; |