On 01/03/2017 04:51 PM, Jakub Hrozek wrote:
On Tue, Jan 03, 2017 at 04:46:25PM +0100, Michal Židek wrote:
Hi,
for IPA provider, we plan to add the ability to configure
trusted domains (currently AD domains) in a similar way the
main domain is configured in sssd.conf.
If ipadomain.test is the main IPA domain and addomain.test
is the AD domain and there is IPA-AD trust extablished between
the two, I think the way to configure addomain.test specific
option could be:
[domain/ipadomain.com]
# the usual main domain configuration
[domain/ipadomain.com/addomain.com]
# configuration of trusted domain
I like the general format of the configuration.
So, the main domain would be used as prefix in the
section name where the trusted domain / subdomain
is configured.
I wanted to ask what other developers think about the
format. Note that not all options that are available
in the main domain will be available for the subdomain.
Of course, options like id_provider will not be overridable. Maybe we
can extend the dp_opts array to indicate if the option is possible to be
overriden?
That is an implementation detail. My main concern was that we often
talk about "domain section of sssd.conf" and this looks
like a domain section, but a lot of what was said about
domain section (on list, forums, etc.) does not apply to
this section and that concerned me a little. But OTOH I do
not think the confusion would be big and of course it will
be explained in the man page together with list of options that
are available for this "subdomain" section.
Michal
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
