rpms/sssd
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b6696d97c4
sssd/0027-GPO-Use-AD-site-override-if-set.patch

80 lines
3.0 KiB
Diff
Raw Normal View History

Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 19:30:42 +00:00
From 82096e7e4a6ccaf8a2828ddfc77a04c930a14148 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
Date: Wed, 4 Apr 2018 13:24:21 +0200
Subject: [PATCH] GPO: Use AD site override if set
Use AD site override if it was set in SSSD configuration.
Resolves:
https://pagure.io/SSSD/sssd/issue/3646
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 744e2b4d0710c1dc850bfadbd75ae1ae7faf1148)
---
src/providers/ad/ad_gpo.c | 33 ++++++++++++++++++++++++++++++---
1 file changed, 30 insertions(+), 3 deletions(-)
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index 028f6a2e7..a48f264c7 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -2806,7 +2806,8 @@ ad_gpo_site_name_retrieval_done(struct tevent_req *subreq)
struct tevent_req *req;
struct ad_gpo_process_som_state *state;
int ret;
- char *site;
+ char *site = NULL;
+ char *site_override = NULL;
const char *attrs[] = {AD_AT_CONFIG_NC, NULL};
req = tevent_req_callback_data(subreq, struct tevent_req);
@@ -2817,17 +2818,43 @@ ad_gpo_site_name_retrieval_done(struct tevent_req *subreq)
talloc_zfree(subreq);
if (ret != EOK || site == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "Cannot retrieve master domain info\n");
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Could not autodiscover AD site. This is not fatal if "
+ "ad_site option was set.\n");
+ }
+
+ site_override = dp_opt_get_string(state->ad_options, AD_SITE);
+ if (site_override != NULL) {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "Overriding autodiscovered AD site value '%s' with '%s' from "
+ "configuration.\n", site ? site : "none", site_override);
+ }
+
+ if (site == NULL && site_override == NULL) {
+ sss_log(SSS_LOG_WARNING,
+ "Could not autodiscover AD site value using DNS and ad_site "
+ "option was not set in configuration. GPO will not work. "
+ "To work around this issue you can use ad_site option in SSSD "
+ "configuration.");
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Could not autodiscover AD site value using DNS and ad_site "
+ "option was not set in configuration. GPO will not work. "
+ "To work around this issue you can use ad_site option in SSSD "
+ "configuration.\n");
tevent_req_error(req, ENOENT);
return;
}
- state->site_name = talloc_asprintf(state, "cn=%s", site);
+ state->site_name = talloc_asprintf(state, "cn=%s",
+ site_override ? site_override
+ : site);
if (state->site_name == NULL) {
tevent_req_error(req, ENOMEM);
return;
}
+ DEBUG(SSSDBG_TRACE_FUNC, "Using AD site '%s'.\n", state->site_name);
+
/*
* note: the configNC attribute is being retrieved here from the rootDSE
* entry. In future, since we already make an LDAP query for the rootDSE
--
2.14.3
Reference in New Issue Copy Permalink