summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/confdb/confdb.h2
-rw-r--r--src/providers/ipa/ipa_subdomains.c17
-rw-r--r--src/util/usertools.c2
3 files changed, 20 insertions, 1 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 01eade2b..3e88b78f 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -71,6 +71,8 @@
/* Both monitor and domains */
#define CONFDB_NAME_REGEX "re_expression"
#define CONFDB_FULL_NAME_FORMAT "full_name_format"
+#define CONFDB_DEFAULT_FULL_NAME_FORMAT "%1$s@%2$s%3$s"
+#define CONFDB_DEFAULT_FULL_NAME_FORMAT_OLD "%1$s@%2$s"
/* Responders */
#define CONFDB_RESPONDER_GET_DOMAINS_TIMEOUT "get_domains_timeout"
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 7910e246..a09f07ac 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -1118,6 +1118,23 @@ int ipa_ad_subdom_init(struct be_ctx *be_ctx,
return EOK;
}
+ /* The IPA code relies on the default FQDN format to unparse user
+ * names. Warn loudly if the full_name_format was customized on the
+ * IPA server
+ */
+ if ((strcmp(be_ctx->domain->names->fq_fmt,
+ CONFDB_DEFAULT_FULL_NAME_FORMAT) != 0)
+ && (strcmp(be_ctx->domain->names->fq_fmt,
+ CONFDB_DEFAULT_FULL_NAME_FORMAT_OLD) != 0)) {
+ DEBUG(SSSDBG_FATAL_FAILURE, ("%s is set to a non-default value [%s] " \
+ "lookups of subdomain users will likely fail!\n",
+ CONFDB_FULL_NAME_FORMAT, be_ctx->domain->names->fq_fmt));
+ sss_log(SSS_LOG_ERR, "%s is set to a non-default value [%s] " \
+ "lookups of subdomain users will likely fail!\n",
+ CONFDB_FULL_NAME_FORMAT, be_ctx->domain->names->fq_fmt);
+ /* Attempt to continue */
+ }
+
realm = dp_opt_get_string(id_ctx->ipa_options->basic, IPA_KRB5_REALM);
if (realm == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, ("No Kerberos realm for IPA?\n"));
diff --git a/src/util/usertools.c b/src/util/usertools.c
index dc863ce8..7ec14b35 100644
--- a/src/util/usertools.c
+++ b/src/util/usertools.c
@@ -306,7 +306,7 @@ int sss_names_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb,
}
if (!fq_fmt) {
- fq_fmt = talloc_strdup(tmpctx, "%1$s@%2$s");
+ fq_fmt = talloc_strdup(tmpctx, CONFDB_DEFAULT_FULL_NAME_FORMAT);
if (!fq_fmt) {
ret = ENOMEM;
goto done;