Use service discovery in backends

Integrate the failover improvements with our back ends. The DNS domain
used in the SRV query is always the SSSD domain name.

Please note that this patch changes the default value of ldap_uri from
"ldap://localhost" to "NULL" in order to use service discovery with no
server set.

3 files changed, 21 insertions, 8 deletions

diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 7d457b7d..aa84e7a9 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -67,7 +67,8 @@ struct dp_option ipa_def_ldap_opts[] = {
     { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING },
     { "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
-    { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }
+    { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER },
+    { "ldap_dns_service_name", DP_OPT_STRING, { SSS_LDAP_SRV_NAME }, NULL_STRING }
 };
 
 struct sdap_attr_map ipa_attr_map[] = {
@@ -155,12 +156,9 @@ int ipa_get_options(TALLOC_CTX *memctx,
         }
     }
 
-    /* FIXME: Make non-fatal once we have discovery */
     server = dp_opt_get_string(opts->basic, IPA_SERVER);
     if (!server) {
-        DEBUG(0, ("Can't find ipa server, missing option!\n"));
-        ret = EINVAL;
-        goto done;
+        DEBUG(1, ("No ipa server set, will use service discovery!\n"));
     }
 
     ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
@@ -537,6 +535,10 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
     }
     service->krb5_service->realm = realm;
 
+    if (!servers) {
+        servers = BE_SRV_IDENTIFIER;
+    }
+
     /* split server parm into a list */
     ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL);
     if (ret != EOK) {
@@ -549,6 +551,18 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
 
         talloc_steal(service, list[i]);
 
+        if (be_fo_is_srv_identifier(list[i])) {
+            ret = be_fo_add_srv_server(ctx, "IPA", "ldap",
+                                       FO_PROTO_TCP, ctx->domain->name, NULL);
+            if (ret) {
+                DEBUG(0, ("Failed to add server\n"));
+                goto done;
+            }
+
+            DEBUG(6, ("Added service lookup for service IPA\n"));
+            continue;
+        }
+
         ret = be_fo_add_server(ctx, "IPA", list[i], 0, NULL);
         if (ret && ret != EEXIST) {
             DEBUG(0, ("Failed to add server\n"));
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 77628189..9daede2d 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -35,7 +35,7 @@ struct ipa_service {
 /* the following defines are used to keep track of the options in the ldap
  * module, so that if they change and ipa is not updated correspondingly
  * this will trigger a runtime abort error */
-#define IPA_OPTS_BASIC_TEST 32
+#define IPA_OPTS_BASIC_TEST 33
 
 /* the following define is used to keep track of the options in the krb5
  * module, so that if they change and ipa is not updated correspondingly
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 1689ac28..596aecfb 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -72,8 +72,7 @@ int common_ipa_init(struct be_ctx *bectx)
 
     ipa_servers = dp_opt_get_string(ipa_options->basic, IPA_SERVER);
     if (!ipa_servers) {
-        DEBUG(0, ("Missing ipa_server option!\n"));
-        return EINVAL;
+        DEBUG(1, ("Missing ipa_server option - using service discovery!\n"));
     }
 
     ipa_domain = dp_opt_get_string(ipa_options->basic, IPA_DOMAIN);