diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2013-07-12 15:19:02 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-07-19 13:47:05 +0200 |
| commit | 52ae806bd17c3c00d70bd1aed437f10f5ae51a1c (patch) | |
| tree | e96db99e43762ded9201f9c0e1f7bef44a01fe10 /src/confdb | |
| parent | b4486ce81fefae716549959eaa82612dac63cbe5 (diff) | |
| download | sssd-52ae806bd17c3c00d70bd1aed437f10f5ae51a1c.tar.gz sssd-52ae806bd17c3c00d70bd1aed437f10f5ae51a1c.tar.bz2 sssd-52ae806bd17c3c00d70bd1aed437f10f5ae51a1c.zip | |
IPA: warn if full_name_format is customized in server mode
https://fedorahosted.org/sssd/ticket/2009
If the IPA server mode is on and the SSSD is running on the IPA server,
then the server's extdom plugin calls getpwnam_r to read info about trusted
users from the AD server and return them to the clients that called the
extended operation.
The SSSD returns the subdomain users fully-qualified, ie "user@domain"
by default. The format of the fully qualified name is configurable.
However, the extdom plugin returns the user name without the domain
component.
With this patch, when ipa_server_mode is on, warn if the full_name_format
is set to a non-default value. That would prompt the admin to change the
format if he changed it to something exotic.
Diffstat (limited to 'src/confdb')
| -rw-r--r-- | src/confdb/confdb.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 01eade2b..3e88b78f 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -71,6 +71,8 @@ /* Both monitor and domains */ #define CONFDB_NAME_REGEX "re_expression" #define CONFDB_FULL_NAME_FORMAT "full_name_format" +#define CONFDB_DEFAULT_FULL_NAME_FORMAT "%1$s@%2$s%3$s" +#define CONFDB_DEFAULT_FULL_NAME_FORMAT_OLD "%1$s@%2$s" /* Responders */ #define CONFDB_RESPONDER_GET_DOMAINS_TIMEOUT "get_domains_timeout" |