diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-19 17:34:56 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-19 22:19:29 +0100 |
commit | 24c3186d01d8d1c11832baab24ab3f0de121c666 (patch) | |
tree | 7b47e44e39139a3096d23b53931513661e6b370c | |
parent | 459f70d567c211f860244f75f2878c3a446c2a38 (diff) | |
download | sssd-24c3186d01d8d1c11832baab24ab3f0de121c666.tar.gz sssd-24c3186d01d8d1c11832baab24ab3f0de121c666.tar.bz2 sssd-24c3186d01d8d1c11832baab24ab3f0de121c666.zip |
LDAP: Make it possible to use full principal in ldap_sasl_authid again
-rw-r--r-- | src/man/sssd-ldap.5.xml | 5 | ||||
-rw-r--r-- | src/providers/ldap/ldap_common.c | 20 |
2 files changed, 21 insertions, 4 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 2d62c11f..b1be45fe 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1418,6 +1418,9 @@ Specify the SASL authorization id to use. When GSSAPI is used, this represents the Kerberos principal used for authentication to the directory. + This option can either contain the full principal (for + example host/myhost@EXAMPLE.COM) or just the principal name + (for example host/myhost). </para> <para> Default: host/hostname@REALM @@ -1431,6 +1434,8 @@ <para> Specify the SASL realm to use. When not specified, this option defaults to the value of krb5_realm. + If the ldap_sasl_authid contains the realm as well, + this option is ignored. </para> <para> Default: the value of krb5_realm. diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 516ba179..f8b921ad 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -1009,6 +1009,7 @@ sdap_set_sasl_options(struct sdap_options *id_opts, TALLOC_CTX *tmp_ctx; char *sasl_primary; char *desired_primary; + char *primary_realm; char *sasl_realm; char *desired_realm; bool primary_requested = true; @@ -1024,12 +1025,23 @@ sdap_set_sasl_options(struct sdap_options *id_opts, desired_primary = default_primary; } - desired_realm = dp_opt_get_string(id_opts->basic, SDAP_SASL_REALM); - if (!desired_realm) { - realm_requested = false; - desired_realm = default_realm; + if ((primary_realm = strchr(desired_primary, '@'))) { + *primary_realm = '\0'; + desired_realm = primary_realm+1; + DEBUG(SSSDBG_TRACE_INTERNAL, + ("authid contains realm [%s]\n", desired_realm)); + } else { + desired_realm = dp_opt_get_string(id_opts->basic, SDAP_SASL_REALM); + if (!desired_realm) { + realm_requested = false; + desired_realm = default_realm; + } } + DEBUG(SSSDBG_CONF_SETTINGS, ("Will look for %s@%s in %s\n", + desired_primary, desired_realm, + keytab_path ? keytab_path : "default keytab")); + ret = select_principal_from_keytab(tmp_ctx, desired_primary, desired_realm, keytab_path, |