diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2011-12-07 17:20:47 +0100 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-12-16 14:46:17 -0500 |
| commit | 10b6b1fc57bb7c2edb4cfd0a0038303bd33722bc (patch) | |
| tree | 3c5d97cdebe0a8b7e53e60d65d32dd4d0a0f1735 /src/providers/ipa | |
| parent | 88c5d362804244a5a74785b94018ddf887094553 (diff) | |
| download | sssd-10b6b1fc57bb7c2edb4cfd0a0038303bd33722bc.tar.gz sssd-10b6b1fc57bb7c2edb4cfd0a0038303bd33722bc.tar.bz2 sssd-10b6b1fc57bb7c2edb4cfd0a0038303bd33722bc.zip | |
SUDO Integration - LDAP configuration options
Diffstat (limited to 'src/providers/ipa')
| -rw-r--r-- | src/providers/ipa/ipa_common.c | 39 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_common.h | 2 |
2 files changed, 40 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index f437580a..4f90b185 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -60,6 +60,7 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_group_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_group_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING }, { "ldap_group_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sudo_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_schema", DP_OPT_STRING, { "ipa_v1" }, NULL_STRING }, { "ldap_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, @@ -465,6 +466,44 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->id->basic, + SDAP_SUDO_SEARCH_BASE)) { +#if 0 + ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE, + dp_opt_get_string(ipa_opts->id->basic, + SDAP_SEARCH_BASE)); + if (ret != EOK) { + goto done; + } +#else + /* We don't yet have support for the native representation + * of sudo in IPA. For now, we need to point at the + * compat tree + */ + value = talloc_asprintf(tmpctx, "ou=SUDOers,%s", basedn); + if (!value) { + ret = ENOMEM; + goto done; + } + + ret = dp_opt_set_string(ipa_opts->id->basic, + SDAP_SUDO_SEARCH_BASE, + value); + if (ret != EOK) { + goto done; + } +#endif + + DEBUG(6, ("Option %s set to %s\n", + ipa_opts->id->basic[SDAP_SUDO_SEARCH_BASE].opt_name, + dp_opt_get_string(ipa_opts->id->basic, + SDAP_SUDO_SEARCH_BASE))); + } + ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, + SDAP_SUDO_SEARCH_BASE, + &ipa_opts->id->sudo_search_bases); + if (ret != EOK) goto done; + + if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE)) { value = talloc_asprintf(tmpctx, "cn=ng,cn=alt,%s", basedn); if (!value) { diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index f7ab5efd..577e3e19 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -35,7 +35,7 @@ struct ipa_service { /* the following defines are used to keep track of the options in the ldap * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ -#define IPA_OPTS_BASIC_TEST 55 +#define IPA_OPTS_BASIC_TEST 56 /* the following define is used to keep track of the options in the krb5 * module, so that if they change and ipa is not updated correspondingly |