diff options
author | Sumit Bose <sbose@redhat.com> | 2010-11-02 10:06:31 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-11-04 15:04:21 -0400 |
commit | 38064e75ff70a5d740e02a511217cdbc5584ffd2 (patch) | |
tree | 416f5756dfabf45ee464d969c930f15cbba75821 | |
parent | e481c0f0f16bcb787debf05584a0550a7052dda4 (diff) | |
download | sssd-38064e75ff70a5d740e02a511217cdbc5584ffd2.tar.gz sssd-38064e75ff70a5d740e02a511217cdbc5584ffd2.tar.bz2 sssd-38064e75ff70a5d740e02a511217cdbc5584ffd2.zip |
Make ldap_search_base a non-mandatory option
-rw-r--r-- | src/config/etc/sssd.api.d/sssd-ldap.conf | 2 | ||||
-rw-r--r-- | src/man/sssd-ldap.5.xml | 23 | ||||
-rw-r--r-- | src/providers/ldap/ldap_common.c | 60 |
3 files changed, 46 insertions, 39 deletions
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 1af6b0c8..404f4d59 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -1,6 +1,6 @@ [provider/ldap] ldap_uri = str, None, false -ldap_search_base = str, None, true +ldap_search_base = str, None, false ldap_schema = str, None, true, rfc2307 ldap_default_bind_dn = str, None, false ldap_default_authtok_type = str, None, false diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 8c38ca76..2762362b 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -76,6 +76,17 @@ The default base DN to use for performing LDAP user operations. </para> + <para> + Default: If not set the value of the + defaultNamingContext or namingContexts attribute + from the RootDSE of the LDAP server is + used. If defaultNamingContext does not exists or + has an empty value namingContexts is used. + The namingContexts attribute must have a + single value with the DN of the search base of the + LDAP server to make this work. Multiple values are + are not supported. + </para> </listitem> </varlistentry> @@ -1045,7 +1056,9 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com </para> <para> Default: the value of - <emphasis>ldap_search_base</emphasis> + <emphasis>ldap_search_base</emphasis> or the value + of the defaultNamingContext or namingContexts + attribute of the RootDSE of the LDAP server. </para> </listitem> </varlistentry> @@ -1059,7 +1072,9 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com </para> <para> Default: the value of - <emphasis>ldap_search_base</emphasis> + <emphasis>ldap_search_base</emphasis> or the value + of the defaultNamingContext or namingContexts + attribute of the RootDSE of the LDAP server. </para> </listitem> </varlistentry> @@ -1073,7 +1088,9 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com </para> <para> Default: the value of - <emphasis>ldap_search_base</emphasis> + <emphasis>ldap_search_base</emphasis> or the value + of the defaultNamingContext or namingContexts + attribute of the RootDSE of the LDAP server. </para> </listitem> </varlistentry> diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 543774b8..16693a4e 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -34,7 +34,7 @@ int ldap_child_debug_fd = -1; struct dp_option default_basic_opts[] = { { "ldap_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "ldap_search_base", DP_OPT_STRING, { "dc=example,dc=com" }, NULL_STRING }, + { "ldap_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB }, @@ -185,12 +185,18 @@ int ldap_get_options(TALLOC_CTX *memctx, struct sdap_attr_map *default_netgroup_map; struct sdap_options *opts; char *schema; + const char *search_base; const char *pwd_policy; int ret; int account_cache_expiration; int offline_credentials_expiration; const char *ldap_deref; int ldap_deref_val; + int o; + const int search_base_options[] = { SDAP_USER_SEARCH_BASE, + SDAP_GROUP_SEARCH_BASE, + SDAP_NETGROUP_SEARCH_BASE, + -1 }; opts = talloc_zero(memctx, struct sdap_options); if (!opts) return ENOMEM; @@ -203,41 +209,25 @@ int ldap_get_options(TALLOC_CTX *memctx, goto done; } - /* set user/group/netgroup search bases if they are not */ - if (NULL == dp_opt_get_string(opts->basic, SDAP_USER_SEARCH_BASE)) { - ret = dp_opt_set_string(opts->basic, SDAP_USER_SEARCH_BASE, - dp_opt_get_string(opts->basic, - SDAP_SEARCH_BASE)); - if (ret != EOK) { - goto done; - } - DEBUG(6, ("Option %s set to %s\n", - opts->basic[SDAP_USER_SEARCH_BASE].opt_name, - dp_opt_get_string(opts->basic, SDAP_USER_SEARCH_BASE))); - } - - if (NULL == dp_opt_get_string(opts->basic, SDAP_GROUP_SEARCH_BASE)) { - ret = dp_opt_set_string(opts->basic, SDAP_GROUP_SEARCH_BASE, - dp_opt_get_string(opts->basic, - SDAP_SEARCH_BASE)); - if (ret != EOK) { - goto done; - } - DEBUG(6, ("Option %s set to %s\n", - opts->basic[SDAP_GROUP_SEARCH_BASE].opt_name, - dp_opt_get_string(opts->basic, SDAP_GROUP_SEARCH_BASE))); - } - - if (NULL == dp_opt_get_string(opts->basic, SDAP_NETGROUP_SEARCH_BASE)) { - ret = dp_opt_set_string(opts->basic, SDAP_NETGROUP_SEARCH_BASE, - dp_opt_get_string(opts->basic, - SDAP_SEARCH_BASE)); - if (ret != EOK) { - goto done; + search_base = dp_opt_get_string(opts->basic, SDAP_SEARCH_BASE); + if (search_base != NULL) { + /* set user/group/netgroup search bases if they are not */ + for (o = 0; search_base_options[o] != -1; o++) { + if (NULL == dp_opt_get_string(opts->basic, search_base_options[o])) { + ret = dp_opt_set_string(opts->basic, search_base_options[o], + search_base); + if (ret != EOK) { + goto done; + } + DEBUG(6, ("Option %s set to %s\n", + opts->basic[search_base_options[o]].opt_name, + dp_opt_get_string(opts->basic, + search_base_options[o]))); + } } - DEBUG(6, ("Option %s set to %s\n", - opts->basic[SDAP_NETGROUP_SEARCH_BASE].opt_name, - dp_opt_get_string(opts->basic, SDAP_NETGROUP_SEARCH_BASE))); + } else { + DEBUG(5, ("Search base not set, trying to discover it later when " + "connecting to the LDAP server.\n")); } pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY); |