Tidy up ipa options

Do not replicate every and each option we may want to set in ipa.
Just read out ldap and krb provider options (added reference in the manual too,
and removed mention of ipa specific timeout values, use ldap options for that)

Avoid calling auth module initialization twice, just pass the auth context to
the chpass module too.

Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be
used for both users and groups. the user and group search bases can still be set
separately if necessary but they are now optional and set to be identical to
SDAP_SEARCH_BASE if not explicitly specified in the configuration.

2 files changed, 1 insertions, 5 deletions

diff --git a/server/config/etc/sssd.api.d/sssd-ipa.conf b/server/config/etc/sssd.api.d/sssd-ipa.conf
index 528f8d31..3b421111 100644
--- a/server/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/server/config/etc/sssd.api.d/sssd-ipa.conf
@@ -2,8 +2,3 @@
 ipa_domain = str, None
 ipa_server = str, None
 ipa_hostname = str, None
-ipa_search_timeout = int, None
-ipa_network_timeout = int, None
-ipa_opt_timeout = int, None
-ipa_offline_timeout = int, None
-ipa_enumeration_refresh_timeout = int, None
diff --git a/server/config/etc/sssd.api.d/sssd-ldap.conf b/server/config/etc/sssd.api.d/sssd-ldap.conf
index 4ee371e8..1c094f6d 100644
--- a/server/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/server/config/etc/sssd.api.d/sssd-ldap.conf
@@ -1,5 +1,6 @@
 [provider/ldap]
 ldap_uri = str, None, ldap://localhost
+ldap_search_base = str, None
 ldap_schema = str, None, rfc2307
 ldap_default_bind_dn = str, None
 ldap_default_authtok_type = str, None