diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-17 09:32:07 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-28 22:22:20 +0200 |
| commit | 0249e8d37920f59fd70bdafa4f6706a05ae523c1 (patch) | |
| tree | ece7563cc8939b0c7948aa36812a52b70dbb06da | |
| parent | 9822d4d468ec74e4e173f5adf0db12d02974cd18 (diff) | |
| download | sssd-0249e8d37920f59fd70bdafa4f6706a05ae523c1.tar.gz sssd-0249e8d37920f59fd70bdafa4f6706a05ae523c1.tar.bz2 sssd-0249e8d37920f59fd70bdafa4f6706a05ae523c1.zip | |
IPA: Add a server mode option
https://fedorahosted.org/sssd/ticket/1993
SSSD needs to know that it is running on an IPA server and should not
look up trusted users and groups with the help of the extdom plugin
but do the lookups on its own. For this a new boolean configuration
option, is introduced which defaults to false but is set to true during
ipa-server-install or during updates of the FreeIPA server if it is not
already set.
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ipa.conf | 1 | ||||
| -rw-r--r-- | src/man/sssd-ipa.5.xml | 19 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_common.h | 1 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_opts.h | 1 |
4 files changed, 22 insertions, 0 deletions
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index 8a7e75f2..bc14fbe3 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -128,6 +128,7 @@ ldap_idmap_default_domain_sid = str, None, false ldap_groups_use_matching_rule_in_chain = bool, None, false ldap_initgroups_use_matching_rule_in_chain = bool, None, false ldap_rfc2307_fallback_to_local_users = bool, None, false +ipa_server_mode = bool, None, false [provider/ipa/auth] krb5_ccachedir = str, None, false diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index a0c2c346..2eebe70f 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -457,6 +457,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term>ipa_hbac_support_srchost (boolean)</term> <listitem> @@ -475,6 +476,24 @@ </listitem> </varlistentry> + <varlistentry> + <term>ipa_server_mode (boolean)</term> + <listitem> + <para> + This options should only be set by the IPA + installer. + </para> + <para> + The option denotes that the SSSD is running on + IPA server and should perform lookups of users + and groups from trusted domains differently. + </para> + <para> + Default: false + </para> + </listitem> + </varlistentry> + <varlistentry condition="with_autofs"> <term>ipa_automount_location (string)</term> <listitem> diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 8bf2d3e1..43ccb8e0 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -50,6 +50,7 @@ enum ipa_basic_opt { IPA_AUTOMOUNT_LOCATION, IPA_RANGES_SEARCH_BASE, IPA_ENABLE_DNS_SITES, + IPA_SERVER_MODE, IPA_OPTS_BASIC /* opts counter */ }; diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index 139008b1..9babca73 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -48,6 +48,7 @@ struct dp_option ipa_basic_opts[] = { { "ipa_automount_location", DP_OPT_STRING, { "default" }, NULL_STRING }, { "ipa_ranges_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ipa_enable_dns_sites", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ipa_server_mode", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, DP_OPTION_TERMINATOR }; |