diff options
-rw-r--r-- | src/confdb/confdb.h | 2 | ||||
-rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 17 | ||||
-rw-r--r-- | src/util/usertools.c | 2 |
3 files changed, 20 insertions, 1 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 01eade2b..3e88b78f 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -71,6 +71,8 @@ /* Both monitor and domains */ #define CONFDB_NAME_REGEX "re_expression" #define CONFDB_FULL_NAME_FORMAT "full_name_format" +#define CONFDB_DEFAULT_FULL_NAME_FORMAT "%1$s@%2$s%3$s" +#define CONFDB_DEFAULT_FULL_NAME_FORMAT_OLD "%1$s@%2$s" /* Responders */ #define CONFDB_RESPONDER_GET_DOMAINS_TIMEOUT "get_domains_timeout" diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 7910e246..a09f07ac 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -1118,6 +1118,23 @@ int ipa_ad_subdom_init(struct be_ctx *be_ctx, return EOK; } + /* The IPA code relies on the default FQDN format to unparse user + * names. Warn loudly if the full_name_format was customized on the + * IPA server + */ + if ((strcmp(be_ctx->domain->names->fq_fmt, + CONFDB_DEFAULT_FULL_NAME_FORMAT) != 0) + && (strcmp(be_ctx->domain->names->fq_fmt, + CONFDB_DEFAULT_FULL_NAME_FORMAT_OLD) != 0)) { + DEBUG(SSSDBG_FATAL_FAILURE, ("%s is set to a non-default value [%s] " \ + "lookups of subdomain users will likely fail!\n", + CONFDB_FULL_NAME_FORMAT, be_ctx->domain->names->fq_fmt)); + sss_log(SSS_LOG_ERR, "%s is set to a non-default value [%s] " \ + "lookups of subdomain users will likely fail!\n", + CONFDB_FULL_NAME_FORMAT, be_ctx->domain->names->fq_fmt); + /* Attempt to continue */ + } + realm = dp_opt_get_string(id_ctx->ipa_options->basic, IPA_KRB5_REALM); if (realm == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("No Kerberos realm for IPA?\n")); diff --git a/src/util/usertools.c b/src/util/usertools.c index dc863ce8..7ec14b35 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -306,7 +306,7 @@ int sss_names_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, } if (!fq_fmt) { - fq_fmt = talloc_strdup(tmpctx, "%1$s@%2$s"); + fq_fmt = talloc_strdup(tmpctx, CONFDB_DEFAULT_FULL_NAME_FORMAT); if (!fq_fmt) { ret = ENOMEM; goto done; |