summaryrefslogtreecommitdiff
path: root/src/config
diff options
context:
space:
mode:
Diffstat (limited to 'src/config')
-rw-r--r--src/config/SSSDConfig.py1
-rwxr-xr-xsrc/config/SSSDConfigTest.py2
-rw-r--r--src/config/etc/sssd.api.conf1
-rw-r--r--src/config/upgrade_config.py26
4 files changed, 29 insertions, 1 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index f1ff02aa..22013eeb 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -82,6 +82,7 @@ option_strings = {
'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'),
'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'),
'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'),
+ 'dns_discovery_domain' : _('The domain part of service discovery DNS query'),
# [provider/ipa]
'ipa_domain' : _('IPA domain'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 63d1ad11..e99a7876 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -478,6 +478,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'lookup_family_order',
'account_cache_expiration',
'dns_resolver_timeout',
+ 'dns_discovery_domain',
'id_provider',
'auth_provider',
'access_provider',
@@ -795,6 +796,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'account_cache_expiration',
'lookup_family_order',
'dns_resolver_timeout',
+ 'dns_discovery_domain',
'id_provider',
'auth_provider',
'access_provider',
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index f0ef4114..ca85ed70 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -59,6 +59,7 @@ account_cache_expiration = int, None, false
filter_users = list, str, false
filter_groups = list, str, false
dns_resolver_timeout = int, None, false
+dns_discovery_domain = str, None, false
# Special providers
[provider/permit]
diff --git a/src/config/upgrade_config.py b/src/config/upgrade_config.py
index d47fcd38..ff22b489 100644
--- a/src/config/upgrade_config.py
+++ b/src/config/upgrade_config.py
@@ -59,6 +59,28 @@ class SSSDConfigFile(SSSDChangeConf):
if item:
item['name'] = new_name
+ def _add_dns_domain_name(self, domain):
+ id_provider = self.findOpts(domain['value'], 'option', 'id_provider')[1]
+ dns_domain_name = { 'type' : 'option',
+ 'name' : 'dns_discovery_domain',
+ 'value' : domain['name'].lstrip('domain/') }
+ if id_provider['value'] == 'ldap':
+ server = self.findOpts(domain['value'], 'option', 'ldap_uri')[1]
+ if not server or "__srv__" in server['value']:
+ domain['value'].insert(0, dns_domain_name)
+ return
+ elif id_provider['value'] == 'ipa':
+ server = self.findOpts(domain['value'], 'option', 'ipa_server')[1]
+ if not server or "__srv__" in server['value']:
+ domain['value'].insert(0, dns_domain_name)
+ return
+
+ auth_provider = self.findOpts(domain['value'], 'option', 'auth_provider')[1]
+ if auth_provider and auth_provider['value'] == 'krb5':
+ server = self.findOpts(domain['value'], 'option', 'krb5_kdcip')[1]
+ if not server or "__srv__" in server['value']:
+ domain['value'].insert(0, dns_domain_name)
+
def _do_v2_changes(self):
# remove Data Provider
srvlist = self.get_option_index('sssd', 'services')[1]
@@ -69,9 +91,11 @@ class SSSDConfigFile(SSSDChangeConf):
srvlist['value'] = ", ".join([srv for srv in services])
self.delete_option('section', 'dp')
- # remove magic_private_groups from all domains
for domain in [ s for s in self.sections() if s['name'].startswith("domain/") ]:
+ # remove magic_private_groups from all domains
self.delete_option_subtree(domain['value'], 'option', 'magic_private_groups')
+ # check if we need to add dns_domain
+ self._add_dns_domain_name(domain)
def _update_option(self, to_section_name, from_section_name, opts):
to_section = [ s for s in self.sections() if s['name'].strip() == to_section_name ]