From f6cd1236c27817b97db002094b76648d92b55f82 Mon Sep 17 00:00:00 2001 From: Jan Zeleny Date: Tue, 5 Jun 2012 09:10:24 -0400 Subject: Primary server support: new option in ldap provider This patch adds support for new config option ldap_backup_uri. The description of this option's functionality is included in man page in previous patch. --- src/config/SSSDConfig/__init__.py.in | 2 ++ src/config/etc/sssd.api.d/sssd-ad.conf | 1 + src/config/etc/sssd.api.d/sssd-ipa.conf | 1 + src/config/etc/sssd.api.d/sssd-ldap.conf | 2 ++ src/man/sssd-ldap.5.xml | 8 ++++---- src/providers/ad/ad_opts.h | 2 ++ src/providers/ipa/ipa_opts.h | 2 ++ src/providers/ldap/ldap_init.c | 7 +++---- src/providers/ldap/ldap_opts.h | 2 ++ src/providers/ldap/sdap.h | 2 ++ 10 files changed, 21 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 1daa3907c..485688433 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -166,6 +166,7 @@ option_strings = { # [provider/ldap] 'ldap_uri' : _('ldap_uri, The URI of the LDAP server'), + 'ldap_backup_uri' : _('ldap_backup_uri, The URI of the LDAP server'), 'ldap_search_base' : _('The default base DN'), 'ldap_schema' : _('The Schema Type in use on the LDAP server, rfc2307'), 'ldap_default_bind_dn' : _('The default bind DN'), @@ -297,6 +298,7 @@ option_strings = { # [provider/ldap/chpass] 'ldap_chpass_uri' : _('URI of an LDAP server where password changes are allowed'), + 'ldap_chpass_backup_uri' : _('URI of a backup LDAP server where password changes are allowed'), 'ldap_chpass_dns_service_name' : _('DNS service name for LDAP password change server'), # [provider/ldap/sudo] diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf index f7c6d2d13..6c323399e 100644 --- a/src/config/etc/sssd.api.d/sssd-ad.conf +++ b/src/config/etc/sssd.api.d/sssd-ad.conf @@ -3,6 +3,7 @@ ad_domain = str, None, false ad_server = str, None, false ad_hostname = str, None, false ldap_uri = str, None, false +ldap_backup_uri = str, None, false ldap_search_base = str, None, false ldap_schema = str, None, false ldap_default_bind_dn = str, None, false diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index 914854092..fa380a672 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -9,6 +9,7 @@ ipa_host_search_base = str, None, false ipa_master_domain_search_base = str, None, false ipa_ranges_search_base = str, None, false ldap_uri = str, None, false +ldap_backup_uri = str, None, false ldap_search_base = str, None, false ldap_schema = str, None, false ldap_default_bind_dn = str, None, false diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 2af849ff7..cdad5b688 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -1,5 +1,6 @@ [provider/ldap] ldap_uri = str, None, false +ldap_backup_uri = str, None, false ldap_search_base = str, None, false ldap_schema = str, None, false ldap_default_bind_dn = str, None, false @@ -124,6 +125,7 @@ ldap_access_order = str, None, false [provider/ldap/chpass] ldap_chpass_uri = str, None, false +ldap_chpass_backup_uri = str, None, false ldap_chpass_dns_service_name = str, None, false [provider/ldap/sudo] diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 0e14a2a43..93d5783af 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -57,14 +57,14 @@ - ldap_uri (string) + ldap_uri, ldap_backup_uri (string) Specifies the comma-separated list of URIs of the LDAP servers to which SSSD should connect in the order of preference. Refer to the FAILOVER section for more information on failover and server redundancy. - If not specified, service discovery is enabled. For more information, refer - to the SERVICE DISCOVERY section. + If neither option is specified, service discovery is enabled. For more information, + refer to the SERVICE DISCOVERY section. The format of the URI must match the format defined in RFC 2732: @@ -82,7 +82,7 @@ - ldap_chpass_uri (string) + ldap_chpass_uri, ldap_chpass_backup_uri (string) Specifies the comma-separated list of URIs of the LDAP servers to diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h index 0d957bcd4..41491ddc2 100644 --- a/src/providers/ad/ad_opts.h +++ b/src/providers/ad/ad_opts.h @@ -38,6 +38,7 @@ struct dp_option ad_basic_opts[] = { struct dp_option ad_def_ldap_opts[] = { { "ldap_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_backup_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_authtok_type", DP_OPT_STRING, { "password" }, NULL_STRING}, @@ -96,6 +97,7 @@ struct dp_option ad_def_ldap_opts[] = { { "ldap_account_expire_policy", DP_OPT_STRING, { "ad" }, NULL_STRING }, { "ldap_access_order", DP_OPT_STRING, { "filter" }, NULL_STRING }, { "ldap_chpass_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_chpass_backup_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_update_last_change", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_enumeration_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index 6eedc0019..4925c599f 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -51,6 +51,7 @@ struct dp_option ipa_basic_opts[] = { struct dp_option ipa_def_ldap_opts[] = { { "ldap_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_backup_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING}, @@ -109,6 +110,7 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_account_expire_policy", DP_OPT_STRING, { "ipa" }, NULL_STRING }, { "ldap_access_order", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_chpass_backup_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_update_last_change", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_enumeration_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index 90e5f666b..52bd233f1 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -88,6 +88,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx, { struct sdap_id_ctx *ctx; const char *urls; + const char *backup_urls; const char *dns_service_name; const char *sasl_mech; int ret; @@ -117,12 +118,10 @@ int sssm_ldap_id_init(struct be_ctx *bectx, DEBUG(7, ("Service name for discovery set to %s\n", dns_service_name)); urls = dp_opt_get_string(ctx->opts->basic, SDAP_URI); - if (!urls) { - DEBUG(SSSDBG_CONF_SETTINGS, ("Missing ldap_uri, will use service discovery\n")); - } + backup_urls = dp_opt_get_string(ctx->opts->basic, SDAP_BACKUP_URI); ret = sdap_service_init(ctx, ctx->be, "LDAP", - dns_service_name, urls, NULL, + dns_service_name, urls, backup_urls, &ctx->service); if (ret != EOK) { DEBUG(1, ("Failed to initialize failover service!\n")); diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h index 4ed6aaff4..9be6a0f65 100644 --- a/src/providers/ldap/ldap_opts.h +++ b/src/providers/ldap/ldap_opts.h @@ -31,6 +31,7 @@ struct dp_option default_basic_opts[] = { { "ldap_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_backup_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_authtok_type", DP_OPT_STRING, { "password" }, NULL_STRING}, @@ -89,6 +90,7 @@ struct dp_option default_basic_opts[] = { { "ldap_account_expire_policy", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_access_order", DP_OPT_STRING, { "filter" }, NULL_STRING }, { "ldap_chpass_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_chpass_backup_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_update_last_change", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_enumeration_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 4ca755e32..70b4e6ada 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -150,6 +150,7 @@ enum sdap_result { enum sdap_basic_opt { SDAP_URI = 0, + SDAP_BACKUP_URI, SDAP_SEARCH_BASE, SDAP_DEFAULT_BIND_DN, SDAP_DEFAULT_AUTHTOK_TYPE, @@ -207,6 +208,7 @@ enum sdap_basic_opt { SDAP_ACCOUNT_EXPIRE_POLICY, SDAP_ACCESS_ORDER, SDAP_CHPASS_URI, + SDAP_CHPASS_BACKUP_URI, SDAP_CHPASS_DNS_SERVICE_NAME, SDAP_CHPASS_UPDATE_LAST_CHANGE, SDAP_ENUM_SEARCH_TIMEOUT, -- cgit