diff options
Diffstat (limited to 'src/config')
-rw-r--r-- | src/config/SSSDConfig.py | 1 | ||||
-rwxr-xr-x | src/config/SSSDConfigTest.py | 2 | ||||
-rw-r--r-- | src/config/etc/sssd.api.conf | 1 | ||||
-rw-r--r-- | src/config/upgrade_config.py | 26 |
4 files changed, 29 insertions, 1 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index f1ff02aa..22013eeb 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -82,6 +82,7 @@ option_strings = { 'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'), 'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'), 'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'), + 'dns_discovery_domain' : _('The domain part of service discovery DNS query'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 63d1ad11..e99a7876 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -478,6 +478,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'lookup_family_order', 'account_cache_expiration', 'dns_resolver_timeout', + 'dns_discovery_domain', 'id_provider', 'auth_provider', 'access_provider', @@ -795,6 +796,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'account_cache_expiration', 'lookup_family_order', 'dns_resolver_timeout', + 'dns_discovery_domain', 'id_provider', 'auth_provider', 'access_provider', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index f0ef4114..ca85ed70 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -59,6 +59,7 @@ account_cache_expiration = int, None, false filter_users = list, str, false filter_groups = list, str, false dns_resolver_timeout = int, None, false +dns_discovery_domain = str, None, false # Special providers [provider/permit] diff --git a/src/config/upgrade_config.py b/src/config/upgrade_config.py index d47fcd38..ff22b489 100644 --- a/src/config/upgrade_config.py +++ b/src/config/upgrade_config.py @@ -59,6 +59,28 @@ class SSSDConfigFile(SSSDChangeConf): if item: item['name'] = new_name + def _add_dns_domain_name(self, domain): + id_provider = self.findOpts(domain['value'], 'option', 'id_provider')[1] + dns_domain_name = { 'type' : 'option', + 'name' : 'dns_discovery_domain', + 'value' : domain['name'].lstrip('domain/') } + if id_provider['value'] == 'ldap': + server = self.findOpts(domain['value'], 'option', 'ldap_uri')[1] + if not server or "__srv__" in server['value']: + domain['value'].insert(0, dns_domain_name) + return + elif id_provider['value'] == 'ipa': + server = self.findOpts(domain['value'], 'option', 'ipa_server')[1] + if not server or "__srv__" in server['value']: + domain['value'].insert(0, dns_domain_name) + return + + auth_provider = self.findOpts(domain['value'], 'option', 'auth_provider')[1] + if auth_provider and auth_provider['value'] == 'krb5': + server = self.findOpts(domain['value'], 'option', 'krb5_kdcip')[1] + if not server or "__srv__" in server['value']: + domain['value'].insert(0, dns_domain_name) + def _do_v2_changes(self): # remove Data Provider srvlist = self.get_option_index('sssd', 'services')[1] @@ -69,9 +91,11 @@ class SSSDConfigFile(SSSDChangeConf): srvlist['value'] = ", ".join([srv for srv in services]) self.delete_option('section', 'dp') - # remove magic_private_groups from all domains for domain in [ s for s in self.sections() if s['name'].startswith("domain/") ]: + # remove magic_private_groups from all domains self.delete_option_subtree(domain['value'], 'option', 'magic_private_groups') + # check if we need to add dns_domain + self._add_dns_domain_name(domain) def _update_option(self, to_section_name, from_section_name, opts): to_section = [ s for s in self.sections() if s['name'].strip() == to_section_name ] |