On Fri, Sep 27, 2013 at 12:54:32PM +0200, Pavel Březina wrote: > On 09/26/2013 07:40 PM, Jakub Hrozek wrote: > >On Wed, Sep 25, 2013 at 11:37:37AM +0200, Jakub Hrozek wrote: > >>I realized this might be a nice chance when I was working on #2079. In > > ^^^^^^ > > change > >>the server mode, the IPA sites should be ignored, I think. But I don't > >>think this patch is too important as IPA sites are still only > >>experimental patches. > > > >Rebased version of this minor patch is attached. > > The patch looks good, but can we also warn when in server mode and > ipa_enable_dns_sites = true?
Added.
>From d4bd1b363f23cd9a6fed8fb5cd3fb69c99af32c2 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Thu, 26 Sep 2013 19:37:06 +0200 Subject: [PATCH] IPA: Do not enable IPA sites in server mode When running in IPA server mode, the IPA sites should be ignored and the SSSD should only connect to the local server. --- src/providers/ipa/ipa_init.c | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index b1440da163e94e043be74c76ce88c30d8ec7d771..54293698be740ee302ba2b56e34b5ab453b4c0f7 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -242,24 +242,14 @@ int sssm_ipa_id_init(struct be_ctx *bectx, hostname = dp_opt_get_string(ipa_options->basic, IPA_HOSTNAME); server_mode = dp_opt_get_bool(ipa_options->basic, IPA_SERVER_MODE); - if (dp_opt_get_bool(ipa_options->basic, IPA_ENABLE_DNS_SITES)) { - /* use IPA plugin */ - ipa_domain = dp_opt_get_string(ipa_options->basic, IPA_DOMAIN); - srv_ctx = ipa_srv_plugin_ctx_init(bectx, bectx->be_res->resolv, - hostname, ipa_domain); - if (srv_ctx == NULL) { - DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory?\n")); - ret = ENOMEM; - goto done; - } - - be_fo_set_srv_lookup_plugin(bectx, ipa_srv_plugin_send, - ipa_srv_plugin_recv, srv_ctx, "IPA"); - } else if (server_mode == true) { + if (server_mode == true) { ipa_servers = dp_opt_get_string(ipa_options->basic, IPA_SERVER); - if (srv_in_server_list(ipa_servers) == true) { - DEBUG(SSSDBG_MINOR_FAILURE, ("SRV resolution enabled on the IPA server. " - "Site discovery of trusted AD servers might not work\n")); + if (srv_in_server_list(ipa_servers) == true + || dp_opt_get_bool(ipa_options->basic, + IPA_ENABLE_DNS_SITES) == true) { + DEBUG(SSSDBG_MINOR_FAILURE, ("SRV resolution or IPA sites enabled " + "on the IPA server. Site discovery of trusted AD servers " + "might not work\n")); /* If SRV discovery is enabled on the server and * dns_discovery_domain is set explicitly, then @@ -304,6 +294,19 @@ int sssm_ipa_id_init(struct be_ctx *bectx, "will be ignored in ipa_server_mode\n")); } } + } else if (dp_opt_get_bool(ipa_options->basic, IPA_ENABLE_DNS_SITES)) { + /* use IPA plugin */ + ipa_domain = dp_opt_get_string(ipa_options->basic, IPA_DOMAIN); + srv_ctx = ipa_srv_plugin_ctx_init(bectx, bectx->be_res->resolv, + hostname, ipa_domain); + if (srv_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory?\n")); + ret = ENOMEM; + goto done; + } + + be_fo_set_srv_lookup_plugin(bectx, ipa_srv_plugin_send, + ipa_srv_plugin_recv, srv_ctx, "IPA"); } else { /* fall back to standard plugin on clients. */ ret = be_fo_set_dns_srv_lookup_plugin(bectx, hostname); -- 1.8.3.1
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel