summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/man/include/service_discovery.xml36
-rw-r--r--src/man/sssd-ipa.5.xml4
-rw-r--r--src/man/sssd-krb5.5.xml5
-rw-r--r--src/man/sssd-ldap.5.xml20
-rw-r--r--src/providers/data_provider_fo.c32
-rw-r--r--src/providers/dp_backend.h9
-rw-r--r--src/providers/fail_over.h2
-rw-r--r--src/providers/ipa/ipa_common.c24
-rw-r--r--src/providers/ipa/ipa_common.h2
-rw-r--r--src/providers/ipa/ipa_init.c3
-rw-r--r--src/providers/krb5/krb5_common.c21
-rw-r--r--src/providers/krb5/krb5_common.h4
-rw-r--r--src/providers/krb5/krb5_init.c8
-rw-r--r--src/providers/ldap/ldap_common.c57
-rw-r--r--src/providers/ldap/ldap_common.h8
-rw-r--r--src/providers/ldap/ldap_init.c24
-rw-r--r--src/providers/ldap/sdap.h1
17 files changed, 224 insertions, 36 deletions
diff --git a/src/man/include/service_discovery.xml b/src/man/include/service_discovery.xml
new file mode 100644
index 00000000..16d016ea
--- /dev/null
+++ b/src/man/include/service_discovery.xml
@@ -0,0 +1,36 @@
+<refsect1 id='service_discovery'>
+ <title>SERVICE DISCOVERY</title>
+ <para>
+ The service discovery feature allows back ends to automatically
+ find the appropriate servers to connect to using a special DNS
+ query.
+ </para>
+ <refsect2 id='configuration'>
+ <title>Configuration</title>
+ <para>
+ If no servers are specified, the back end automatically
+ uses service discovery to try to find a server. Optionally,
+ the user may choose to use both fixed server addresses
+ and service discovery by inserting a special keyword,
+ <quote>_srv_</quote>, in the list of servers. The order
+ of preference is maintained. This feature is useful if, for
+ example, the user prefers to use service discovery whenever
+ possible, and fall back to a specific server when no servers
+ can be discovered using DNS.
+ </para>
+ </refsect2>
+ <refsect2 id='domain_name'>
+ <title>The domain name</title>
+ <para>
+ The name of the SSSD domain is used as the domain part of the
+ service discovery DNS query.
+ </para>
+ </refsect2>
+ <refsect2 id='reference'>
+ <title>See Also</title>
+ <para>
+ For more information on the service discovery mechanism,
+ refer to RFC 2782.
+ </para>
+ </refsect2>
+</refsect1>
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index d1ba1c52..103558b0 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -82,6 +82,8 @@
on failover and server redundancy, see the
<quote>FAILOVER</quote> section.
This is optional if autodiscovery is enabled.
+ For more information on service discovery, refer
+ to the the <quote>SERVICE DISCOVERY</quote> section.
</para>
</listitem>
</varlistentry>
@@ -120,6 +122,8 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/failover.xml" />
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/service_discovery.xml" />
+
<refsect1 id='example'>
<title>EXAMPLE</title>
<para>
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml
index c291eca7..01f212d2 100644
--- a/src/man/sssd-krb5.5.xml
+++ b/src/man/sssd-krb5.5.xml
@@ -72,6 +72,9 @@
see the <quote>FAILOVER</quote> section. An optional
port number (preceded by a colon) may be appended to
the addresses or hostnames.
+ If empty, service discovery is enabled -
+ for more information, refer to the
+ <quote>SERVICE DISCOVERY</quote> section.
</para>
</listitem>
</varlistentry>
@@ -244,6 +247,8 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/failover.xml" />
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/service_discovery.xml" />
+
<refsect1 id='example'>
<title>EXAMPLE</title>
<para>
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index b79cbbc9..c119e7f3 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -61,9 +61,8 @@
Specifies the list of URIs of the LDAP servers to which
SSSD should connect in the order of preference. Refer to the
<quote>FAILOVER</quote> section for more information on failover and server redundancy.
- </para>
- <para>
- Default: ldap://localhost
+ If not specified, service discovery is enabled. For more information, refer
+ to the <quote>SERVICE DISCOVERY</quote> section.
</para>
</listitem>
</varlistentry>
@@ -632,12 +631,27 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>ldap_dns_service_name (string)</term>
+ <listitem>
+ <para>
+ Specifies the service name to use when service
+ discovery is enabled.
+ </para>
+ <para>
+ Default: ldap
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</para>
</refsect1>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/failover.xml" />
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/service_discovery.xml" />
+
<refsect1 id='example'>
<title>EXAMPLE</title>
<para>
diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c
index cbdb7862..14ebbdb5 100644
--- a/src/providers/data_provider_fo.c
+++ b/src/providers/data_provider_fo.c
@@ -53,6 +53,11 @@ struct be_failover_ctx {
struct be_svc_data *svcs;
};
+int be_fo_is_srv_identifier(const char *server)
+{
+ return server && strcasecmp(server, BE_SRV_IDENTIFIER) == 0;
+}
+
static int be_fo_get_options(TALLOC_CTX *mem_ctx, struct be_ctx *ctx,
struct fo_options *opts)
{
@@ -61,6 +66,7 @@ static int be_fo_get_options(TALLOC_CTX *mem_ctx, struct be_ctx *ctx,
/* todo get timeout from configuration */
opts->retry_timeout = 30;
+ opts->srv_retry_timeout = 14400;
ret = confdb_get_string(ctx->cdb, mem_ctx, ctx->conf_path,
CONFDB_DOMAIN_FAMILY_ORDER,
@@ -234,6 +240,32 @@ int be_fo_service_add_callback(TALLOC_CTX *memctx,
return EOK;
}
+int be_fo_add_srv_server(struct be_ctx *ctx, const char *service_name,
+ const char *query_service, const char *proto,
+ const char *domain, void *user_data)
+{
+ struct be_svc_data *svc;
+ int ret;
+
+ DLIST_FOR_EACH(svc, ctx->be_fo->svcs) {
+ if (strcmp(svc->name, service_name) == 0) {
+ break;
+ }
+ }
+ if (NULL == svc) {
+ return ENOENT;
+ }
+
+ ret = fo_add_srv_server(svc->fo_service, query_service,
+ domain, proto, user_data);
+ if (ret && ret != EEXIST) {
+ DEBUG(1, ("Failed to add SRV lookup reference to failover service\n"));
+ return ret;
+ }
+
+ return EOK;
+}
+
int be_fo_add_server(struct be_ctx *ctx, const char *service_name,
const char *server, int port, void *user_data)
{
diff --git a/src/providers/dp_backend.h b/src/providers/dp_backend.h
index 496c8070..ec0510e3 100644
--- a/src/providers/dp_backend.h
+++ b/src/providers/dp_backend.h
@@ -26,6 +26,11 @@
#include "providers/fail_over.h"
#include "db/sysdb.h"
+/* a special token, if used in place of the hostname, denotes that real
+ * hostnames should be looked up from DNS using SRV requests
+ */
+#define BE_SRV_IDENTIFIER "_srv_"
+
struct be_ctx;
struct bet_ops;
struct be_req;
@@ -147,10 +152,14 @@ void be_run_online_cb(struct be_ctx *be);
typedef void (be_svc_callback_fn_t)(void *, struct fo_server *);
int be_init_failover(struct be_ctx *ctx);
+int be_fo_is_srv_identifier(const char *server);
int be_fo_add_service(struct be_ctx *ctx, const char *service_name);
int be_fo_service_add_callback(TALLOC_CTX *memctx,
struct be_ctx *ctx, const char *service_name,
be_svc_callback_fn_t *fn, void *private_data);
+int be_fo_add_srv_server(struct be_ctx *ctx, const char *service_name,
+ const char *query_service, const char *proto,
+ const char *domain, void *user_data);
int be_fo_add_server(struct be_ctx *ctx, const char *service_name,
const char *server, int port, void *user_data);
diff --git a/src/providers/fail_over.h b/src/providers/fail_over.h
index 70e694fe..a31ace21 100644
--- a/src/providers/fail_over.h
+++ b/src/providers/fail_over.h
@@ -159,4 +159,6 @@ const char *fo_get_server_name(struct fo_server *server);
struct hostent *fo_get_server_hostent(struct fo_server *server);
+int fo_is_srv_lookup(struct fo_server *s);
+
#endif /* !__FAIL_OVER_H__ */
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 7d457b7d..aa84e7a9 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -67,7 +67,8 @@ struct dp_option ipa_def_ldap_opts[] = {
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING },
{ "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
- { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }
+ { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER },
+ { "ldap_dns_service_name", DP_OPT_STRING, { SSS_LDAP_SRV_NAME }, NULL_STRING }
};
struct sdap_attr_map ipa_attr_map[] = {
@@ -155,12 +156,9 @@ int ipa_get_options(TALLOC_CTX *memctx,
}
}
- /* FIXME: Make non-fatal once we have discovery */
server = dp_opt_get_string(opts->basic, IPA_SERVER);
if (!server) {
- DEBUG(0, ("Can't find ipa server, missing option!\n"));
- ret = EINVAL;
- goto done;
+ DEBUG(1, ("No ipa server set, will use service discovery!\n"));
}
ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
@@ -537,6 +535,10 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
}
service->krb5_service->realm = realm;
+ if (!servers) {
+ servers = BE_SRV_IDENTIFIER;
+ }
+
/* split server parm into a list */
ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL);
if (ret != EOK) {
@@ -549,6 +551,18 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
talloc_steal(service, list[i]);
+ if (be_fo_is_srv_identifier(list[i])) {
+ ret = be_fo_add_srv_server(ctx, "IPA", "ldap",
+ FO_PROTO_TCP, ctx->domain->name, NULL);
+ if (ret) {
+ DEBUG(0, ("Failed to add server\n"));
+ goto done;
+ }
+
+ DEBUG(6, ("Added service lookup for service IPA\n"));
+ continue;
+ }
+
ret = be_fo_add_server(ctx, "IPA", list[i], 0, NULL);
if (ret && ret != EEXIST) {
DEBUG(0, ("Failed to add server\n"));
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 77628189..9daede2d 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -35,7 +35,7 @@ struct ipa_service {
/* the following defines are used to keep track of the options in the ldap
* module, so that if they change and ipa is not updated correspondingly
* this will trigger a runtime abort error */
-#define IPA_OPTS_BASIC_TEST 32
+#define IPA_OPTS_BASIC_TEST 33
/* the following define is used to keep track of the options in the krb5
* module, so that if they change and ipa is not updated correspondingly
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 1689ac28..596aecfb 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -72,8 +72,7 @@ int common_ipa_init(struct be_ctx *bectx)
ipa_servers = dp_opt_get_string(ipa_options->basic, IPA_SERVER);
if (!ipa_servers) {
- DEBUG(0, ("Missing ipa_server option!\n"));
- return EINVAL;
+ DEBUG(1, ("Missing ipa_server option - using service discovery!\n"));
}
ipa_domain = dp_opt_get_string(ipa_options->basic, IPA_DOMAIN);
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index 1423b089..bc2d3fbc 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -334,6 +334,10 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
goto done;
}
+ if (!servers) {
+ servers = BE_SRV_IDENTIFIER;
+ }
+
ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL);
if (ret != EOK) {
DEBUG(1, ("Failed to parse server list!\n"));
@@ -344,6 +348,23 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
talloc_steal(service, list[i]);
server_spec = talloc_strdup(service, list[i]);
+ if (!server_spec) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ if (be_fo_is_srv_identifier(server_spec)) {
+ ret = be_fo_add_srv_server(ctx, service_name, service_name,
+ FO_PROTO_TCP, ctx->domain->name, NULL);
+ if (ret) {
+ DEBUG(0, ("Failed to add server\n"));
+ goto done;
+ }
+
+ DEBUG(6, ("Added service lookup\n"));
+ continue;
+ }
+
port_str = strrchr(server_spec, ':');
if (port_str == NULL) {
port = 0;
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
index 0482ef02..12c487a9 100644
--- a/src/providers/krb5/krb5_common.h
+++ b/src/providers/krb5/krb5_common.h
@@ -40,8 +40,8 @@
#define KDCINFO_TMPL PUBCONF_PATH"/kdcinfo.%s"
#define KPASSWDINFO_TMPL PUBCONF_PATH"/kpasswdinfo.%s"
-#define SSS_KRB5KDC_FO_SRV "KRB5KDC"
-#define SSS_KRB5KPASSWD_FO_SRV "KRB5KPASSWD"
+#define SSS_KRB5KDC_FO_SRV "KERBEROS"
+#define SSS_KRB5KPASSWD_FO_SRV "KPASSWD"
enum krb5_opts {
KRB5_KDC = 0,
diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c
index 0bacb3f8..03d95260 100644
--- a/src/providers/krb5/krb5_init.c
+++ b/src/providers/krb5/krb5_init.c
@@ -90,8 +90,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
krb5_servers = dp_opt_get_string(ctx->opts, KRB5_KDC);
if (krb5_servers == NULL) {
- DEBUG(0, ("Missing krb5_kdcip option!\n"));
- return EINVAL;
+ DEBUG(1, ("Missing krb5_kdcip option, using service discovery!\n"));
}
krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM);
@@ -108,8 +107,9 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
}
krb5_kpasswd_servers = dp_opt_get_string(ctx->opts, KRB5_KPASSWD);
- if (krb5_kpasswd_servers == NULL) {
- DEBUG(0, ("Missing krb5_kpasswd option, using KDC!\n"));
+ if (krb5_kpasswd_servers == NULL && krb5_servers != NULL) {
+ DEBUG(0, ("Missing krb5_kpasswd option and KDC set explicitly, "
+ "will use KDC for pasword change operations!\n"));
ctx->kpasswd_service = NULL;
} else {
ret = krb5_service_init(ctx, bectx, SSS_KRB5KPASSWD_FO_SRV,
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 90ec7e2e..03b2133a 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -31,7 +31,7 @@
int ldap_child_debug_fd = -1;
struct dp_option default_basic_opts[] = {
- { "ldap_uri", DP_OPT_STRING, { "ldap://localhost" }, NULL_STRING },
+ { "ldap_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_search_base", DP_OPT_STRING, { "dc=example,dc=com" }, NULL_STRING },
{ "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING},
@@ -63,7 +63,8 @@ struct dp_option default_basic_opts[] = {
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING },
{ "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
- { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }
+ { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER },
+ { "ldap_dns_service_name", DP_OPT_STRING, { SSS_LDAP_SRV_NAME }, NULL_STRING }
};
struct sdap_attr_map generic_attr_map[] = {
@@ -537,30 +538,46 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server)
if (!service) return;
tmp = (const char *)fo_get_server_user_data(server);
- if (tmp && ldap_is_ldap_url(tmp)) {
- new_uri = talloc_strdup(service, tmp);
+
+ if (fo_is_srv_lookup(server)) {
+ if (!tmp) {
+ DEBUG(1, ("Unknown service, using ldap\n"));
+ tmp = SSS_LDAP_SRV_NAME;
+ }
+ new_uri = talloc_asprintf(service, "%s://%s:%d",
+ tmp,
+ fo_get_server_name(server),
+ fo_get_server_port(server));
} else {
- new_uri = talloc_asprintf(service, "ldap://%s",
- fo_get_server_name(server));
+ if (tmp && ldap_is_ldap_url(tmp)) {
+ new_uri = talloc_strdup(service, tmp);
+ } else {
+ new_uri = talloc_asprintf(service, "ldap://%s",
+ fo_get_server_name(server));
+ }
}
+
if (!new_uri) {
DEBUG(2, ("Failed to copy URI ...\n"));
return;
}
+ DEBUG(6, ("Constructed uri '%s'\n", new_uri));
+
/* free old one and replace with new one */
talloc_zfree(service->uri);
service->uri = new_uri;
}
int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
- const char *service_name, const char *urls,
- struct sdap_service **_service)
+ const char *service_name, const char *dns_service_name,
+ const char *urls, struct sdap_service **_service)
{
TALLOC_CTX *tmp_ctx;
struct sdap_service *service;
LDAPURLDesc *lud;
char **list = NULL;
+ char *srv_user_data;
int ret;
int i;
@@ -587,6 +604,10 @@ int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
goto done;
}
+ if (!urls) {
+ urls = BE_SRV_IDENTIFIER;
+ }
+
/* split server parm into a list */
ret = split_on_separator(tmp_ctx, urls, ',', true, &list, NULL);
if (ret != EOK) {
@@ -596,6 +617,26 @@ int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
/* now for each URI add a new server to the failover service */
for (i = 0; list[i]; i++) {
+ if (be_fo_is_srv_identifier(list[i])) {
+ srv_user_data = talloc_strdup(service, dns_service_name);
+ if (!srv_user_data) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = be_fo_add_srv_server(ctx, service_name,
+ dns_service_name, FO_PROTO_TCP,
+ ctx->domain->name,
+ srv_user_data);
+ if (ret) {
+ DEBUG(0, ("Failed to add server\n"));
+ goto done;
+ }
+
+ DEBUG(6, ("Added service lookup\n"));
+ continue;
+ }
+
ret = ldap_url_parse(list[i], &lud);
if (ret != LDAP_SUCCESS) {
DEBUG(0, ("Failed to parse ldap URI (%s)!\n", list[i]));
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
index ff1ffb72..3998e300 100644
--- a/src/providers/ldap/ldap_common.h
+++ b/src/providers/ldap/ldap_common.h
@@ -30,6 +30,8 @@
#define PWD_POL_OPT_SHADOW "shadow"
#define PWD_POL_OPT_MIT "mit_kerberos"
+#define SSS_LDAP_SRV_NAME "ldap"
+
/* a fd the child process would log into */
extern int ldap_child_debug_fd;
@@ -76,9 +78,9 @@ void sdap_pam_chpass_handler(struct be_req *breq);
void sdap_handler_done(struct be_req *req, int dp_err,
int error, const char *errstr);
-int sdap_service_init(TALLOC_CTX *mmectx, struct be_ctx *ctx,
- const char *service_name, const char *urls,
- struct sdap_service **service);
+int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
+ const char *service_name, const char *dns_service_name,
+ const char *urls, struct sdap_service **_service);
/* options parser */
int ldap_get_options(TALLOC_CTX *memctx,
diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
index b74ffc21..917ece0c 100644
--- a/src/providers/ldap/ldap_init.c
+++ b/src/providers/ldap/ldap_init.c
@@ -52,6 +52,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx,
{
struct sdap_id_ctx *ctx;
const char *urls;
+ const char *dns_service_name;
int ret;
ctx = talloc_zero(bectx, struct sdap_id_ctx);
@@ -65,14 +66,17 @@ int sssm_ldap_id_init(struct be_ctx *bectx,
goto done;
}
+ dns_service_name = dp_opt_get_string(ctx->opts->basic,
+ SDAP_DNS_SERVICE_NAME);
+ DEBUG(7, ("Service name for discovery set to %s\n", dns_service_name));
+
urls = dp_opt_get_string(ctx->opts->basic, SDAP_URI);
if (!urls) {
- DEBUG(0, ("Missing ldap_uri\n"));
- ret = EINVAL;
- goto done;
+ DEBUG(1, ("Missing ldap_uri, will use service discovery\n"));
}
- ret = sdap_service_init(ctx, ctx->be, "LDAP", urls, &ctx->service);
+ ret = sdap_service_init(ctx, ctx->be, "LDAP",
+ dns_service_name, urls, &ctx->service);
if (ret != EOK) {
DEBUG(1, ("Failed to initialize failover service!\n"));
goto done;
@@ -114,6 +118,7 @@ int sssm_ldap_auth_init(struct be_ctx *bectx,
{
struct sdap_auth_ctx *ctx;
const char *urls;
+ const char *dns_service_name;
int ret;
ctx = talloc(bectx, struct sdap_auth_ctx);
@@ -127,14 +132,17 @@ int sssm_ldap_auth_init(struct be_ctx *bectx,
goto done;
}
+ dns_service_name = dp_opt_get_string(ctx->opts->basic,
+ SDAP_DNS_SERVICE_NAME);
+ DEBUG(7, ("Service name for discovery set to %s\n", dns_service_name));
+
urls = dp_opt_get_string(ctx->opts->basic, SDAP_URI);
if (!urls) {
- DEBUG(0, ("Missing ldap_uri\n"));
- ret = EINVAL;
- goto done;
+ DEBUG(1, ("Missing ldap_uri, will use service discovery\n"));
}
- ret = sdap_service_init(ctx, ctx->be, "LDAP", urls, &ctx->service);
+ ret = sdap_service_init(ctx, ctx->be, "LDAP", dns_service_name,
+ urls, &ctx->service);
if (ret != EOK) {
DEBUG(1, ("Failed to initialize failover service!\n"));
goto done;
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 1445e8ee..a4da43b3 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -150,6 +150,7 @@ enum sdap_basic_opt {
SDAP_PWD_POLICY,
SDAP_REFERRALS,
SDAP_ACCOUNT_CACHE_EXPIRATION,
+ SDAP_DNS_SERVICE_NAME,
SDAP_OPTS_BASIC /* opts counter */
};