From c9ac6648ad57398ef9c8312485955a43f356b998 Mon Sep 17 00:00:00 2001 From: Petr Cech Date: Fri, 13 May 2016 05:21:07 -0400 Subject: [PATCH 1/5] AD_PROVIDER: Add ad_enabled_domains option Resolves: https://fedorahosted.org/sssd/ticket/2828 --- src/config/SSSDConfig/__init__.py.in | 1 + src/config/cfg_rules.ini | 1 + src/config/etc/sssd.api.d/sssd-ad.conf | 1 + src/man/sssd-ad.5.xml | 22 ++++++++++++++++++++++ src/providers/ad/ad_common.h | 1 + src/providers/ad/ad_opts.c | 1 + 6 files changed, 27 insertions(+) diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index b5e078d0118a15c10b43fbe050176943ec90e0ee..bb477fef4159914ef5902edbb65af5a530348c7f 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -190,6 +190,7 @@ option_strings = { # [provider/ad] 'ad_domain' : _('Active Directory domain'), + 'ad_enabled_domains' : _('Enabled Active Directory domains'), 'ad_server' : _('Active Directory server address'), 'ad_backup_server' : _('Active Directory backup server address'), 'ad_hostname' : _('Active Directory client hostname'), diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 85a15be3493cf4b8c5a612b0f66ae4c86d39b1ab..2c7eec35d7e48030eace8e26e28b9d7e383bf97e 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -325,6 +325,7 @@ option = ad_access_filter option = ad_backup_server option = ad_domain option = ad_enable_dns_sites +option = ad_enabled_domains option = ad_enable_gc option = ad_gpo_access_control option = ad_gpo_cache_timeout diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf index 23006d26ca6fe7ca2b912ef091b4c73d5d23bee1..0d16387aafbd4f1f9f46654d31f403ad465f8422 100644 --- a/src/config/etc/sssd.api.d/sssd-ad.conf +++ b/src/config/etc/sssd.api.d/sssd-ad.conf @@ -1,5 +1,6 @@ [provider/ad] ad_domain = str, None, false +ad_enabled_domains = str, None, false ad_server = str, None, false ad_backup_server = str, None, false ad_hostname = str, None, false diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index ef27976dd62e164cfb91359efc69bd54e1aa9711..1e3309fe0b9719adb7451e5491cca3366df3531b 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -114,6 +114,28 @@ ldap_id_mapping = False + ad_enabled_domains (string) + + + The comma-separated list of the enabled Active + Directory domains. This is optional. If provided, + SSSD will not contact domains not listed in this + option. If not provided, all domains from AD forest + are enabled. + + + For proper operation, this option should be + specified as the lower-case version of the long + version of the Active Directory domain. + + + The short domain name (also known as the NetBIOS + or the flat name) is autodetected by the SSSD. + + + + + ad_server, ad_backup_server (string) diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index ce363c5a4122aa5e48ca83b0b2bdf63ff4372d91..5eea9e477038913a94b4a61b6d1a211abb951bfe 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -42,6 +42,7 @@ struct ad_options; enum ad_basic_opt { AD_DOMAIN = 0, + AD_ENABLED_DOMAINS, AD_SERVER, AD_BACKUP_SERVER, AD_HOSTNAME, diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c index 57dfcca6b998083c7cf9ac0bcb142ff7736cc8b9..8e02fbeb4d580ac31775917ed787e5d7ff3c9271 100644 --- a/src/providers/ad/ad_opts.c +++ b/src/providers/ad/ad_opts.c @@ -28,6 +28,7 @@ struct dp_option ad_basic_opts[] = { { "ad_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ad_enabled_domains", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_hostname", DP_OPT_STRING, NULL_STRING, NULL_STRING }, -- 2.7.4