summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-11-02 10:06:31 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-11-04 15:04:21 -0400
commit38064e75ff70a5d740e02a511217cdbc5584ffd2 (patch)
tree416f5756dfabf45ee464d969c930f15cbba75821
parente481c0f0f16bcb787debf05584a0550a7052dda4 (diff)
downloadsssd-38064e75ff70a5d740e02a511217cdbc5584ffd2.tar.gz
sssd-38064e75ff70a5d740e02a511217cdbc5584ffd2.tar.bz2
sssd-38064e75ff70a5d740e02a511217cdbc5584ffd2.zip
Make ldap_search_base a non-mandatory option
-rw-r--r--src/config/etc/sssd.api.d/sssd-ldap.conf2
-rw-r--r--src/man/sssd-ldap.5.xml23
-rw-r--r--src/providers/ldap/ldap_common.c60
3 files changed, 46 insertions, 39 deletions
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index 1af6b0c8..404f4d59 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -1,6 +1,6 @@
[provider/ldap]
ldap_uri = str, None, false
-ldap_search_base = str, None, true
+ldap_search_base = str, None, false
ldap_schema = str, None, true, rfc2307
ldap_default_bind_dn = str, None, false
ldap_default_authtok_type = str, None, false
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 8c38ca76..2762362b 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -76,6 +76,17 @@
The default base DN to use for
performing LDAP user operations.
</para>
+ <para>
+ Default: If not set the value of the
+ defaultNamingContext or namingContexts attribute
+ from the RootDSE of the LDAP server is
+ used. If defaultNamingContext does not exists or
+ has an empty value namingContexts is used.
+ The namingContexts attribute must have a
+ single value with the DN of the search base of the
+ LDAP server to make this work. Multiple values are
+ are not supported.
+ </para>
</listitem>
</varlistentry>
@@ -1045,7 +1056,9 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
</para>
<para>
Default: the value of
- <emphasis>ldap_search_base</emphasis>
+ <emphasis>ldap_search_base</emphasis> or the value
+ of the defaultNamingContext or namingContexts
+ attribute of the RootDSE of the LDAP server.
</para>
</listitem>
</varlistentry>
@@ -1059,7 +1072,9 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
</para>
<para>
Default: the value of
- <emphasis>ldap_search_base</emphasis>
+ <emphasis>ldap_search_base</emphasis> or the value
+ of the defaultNamingContext or namingContexts
+ attribute of the RootDSE of the LDAP server.
</para>
</listitem>
</varlistentry>
@@ -1073,7 +1088,9 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
</para>
<para>
Default: the value of
- <emphasis>ldap_search_base</emphasis>
+ <emphasis>ldap_search_base</emphasis> or the value
+ of the defaultNamingContext or namingContexts
+ attribute of the RootDSE of the LDAP server.
</para>
</listitem>
</varlistentry>
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 543774b8..16693a4e 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -34,7 +34,7 @@ int ldap_child_debug_fd = -1;
struct dp_option default_basic_opts[] = {
{ "ldap_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_search_base", DP_OPT_STRING, { "dc=example,dc=com" }, NULL_STRING },
+ { "ldap_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING},
{ "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB },
@@ -185,12 +185,18 @@ int ldap_get_options(TALLOC_CTX *memctx,
struct sdap_attr_map *default_netgroup_map;
struct sdap_options *opts;
char *schema;
+ const char *search_base;
const char *pwd_policy;
int ret;
int account_cache_expiration;
int offline_credentials_expiration;
const char *ldap_deref;
int ldap_deref_val;
+ int o;
+ const int search_base_options[] = { SDAP_USER_SEARCH_BASE,
+ SDAP_GROUP_SEARCH_BASE,
+ SDAP_NETGROUP_SEARCH_BASE,
+ -1 };
opts = talloc_zero(memctx, struct sdap_options);
if (!opts) return ENOMEM;
@@ -203,41 +209,25 @@ int ldap_get_options(TALLOC_CTX *memctx,
goto done;
}
- /* set user/group/netgroup search bases if they are not */
- if (NULL == dp_opt_get_string(opts->basic, SDAP_USER_SEARCH_BASE)) {
- ret = dp_opt_set_string(opts->basic, SDAP_USER_SEARCH_BASE,
- dp_opt_get_string(opts->basic,
- SDAP_SEARCH_BASE));
- if (ret != EOK) {
- goto done;
- }
- DEBUG(6, ("Option %s set to %s\n",
- opts->basic[SDAP_USER_SEARCH_BASE].opt_name,
- dp_opt_get_string(opts->basic, SDAP_USER_SEARCH_BASE)));
- }
-
- if (NULL == dp_opt_get_string(opts->basic, SDAP_GROUP_SEARCH_BASE)) {
- ret = dp_opt_set_string(opts->basic, SDAP_GROUP_SEARCH_BASE,
- dp_opt_get_string(opts->basic,
- SDAP_SEARCH_BASE));
- if (ret != EOK) {
- goto done;
- }
- DEBUG(6, ("Option %s set to %s\n",
- opts->basic[SDAP_GROUP_SEARCH_BASE].opt_name,
- dp_opt_get_string(opts->basic, SDAP_GROUP_SEARCH_BASE)));
- }
-
- if (NULL == dp_opt_get_string(opts->basic, SDAP_NETGROUP_SEARCH_BASE)) {
- ret = dp_opt_set_string(opts->basic, SDAP_NETGROUP_SEARCH_BASE,
- dp_opt_get_string(opts->basic,
- SDAP_SEARCH_BASE));
- if (ret != EOK) {
- goto done;
+ search_base = dp_opt_get_string(opts->basic, SDAP_SEARCH_BASE);
+ if (search_base != NULL) {
+ /* set user/group/netgroup search bases if they are not */
+ for (o = 0; search_base_options[o] != -1; o++) {
+ if (NULL == dp_opt_get_string(opts->basic, search_base_options[o])) {
+ ret = dp_opt_set_string(opts->basic, search_base_options[o],
+ search_base);
+ if (ret != EOK) {
+ goto done;
+ }
+ DEBUG(6, ("Option %s set to %s\n",
+ opts->basic[search_base_options[o]].opt_name,
+ dp_opt_get_string(opts->basic,
+ search_base_options[o])));
+ }
}
- DEBUG(6, ("Option %s set to %s\n",
- opts->basic[SDAP_NETGROUP_SEARCH_BASE].opt_name,
- dp_opt_get_string(opts->basic, SDAP_NETGROUP_SEARCH_BASE)));
+ } else {
+ DEBUG(5, ("Search base not set, trying to discover it later when "
+ "connecting to the LDAP server.\n"));
}
pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY);