|
 |
ed0ebb |
From 34e6ec1d52db7f184be5ccc1fde993b07b32910c Mon Sep 17 00:00:00 2001
|
|
|
ed0ebb |
From: Sumit Bose <sbose@redhat.com>
|
|
|
ed0ebb |
Date: Tue, 14 Aug 2018 16:44:39 +0200
|
|
|
ed0ebb |
Subject: [PATCH] Change qualified names default for IPA
|
|
|
ed0ebb |
|
|
|
ed0ebb |
In a FreeIPA domain it is typically expected that the IPA accounts use
|
|
|
ed0ebb |
sort names while accounts from trusted domains have fully qualified
|
|
|
ed0ebb |
names. This is automatically done by SSSD's IPA provider so there is no
|
|
|
ed0ebb |
need to force fully qualified names in the SSSD configuration.
|
|
|
ed0ebb |
|
|
|
ed0ebb |
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1575538
|
|
|
ed0ebb |
---
|
|
|
ed0ebb |
service/realm-options.c | 9 +++++----
|
|
|
ed0ebb |
service/realm-options.h | 3 ++-
|
|
|
ed0ebb |
service/realm-samba-winbind.c | 2 +-
|
|
|
ed0ebb |
service/realm-sssd-ad.c | 2 +-
|
|
|
ed0ebb |
service/realm-sssd-ipa.c | 2 +-
|
|
|
ed0ebb |
5 files changed, 10 insertions(+), 8 deletions(-)
|
|
|
ed0ebb |
|
|
|
ed0ebb |
diff --git a/service/realm-options.c b/service/realm-options.c
|
|
|
ed0ebb |
index bd804ea..34a209f 100644
|
|
|
ed0ebb |
--- a/service/realm-options.c
|
|
|
ed0ebb |
+++ b/service/realm-options.c
|
|
|
ed0ebb |
@@ -98,7 +98,7 @@ realm_options_automatic_mapping (GVariant *options,
|
|
|
ed0ebb |
|
|
|
ed0ebb |
if (realm_name && !option) {
|
|
|
ed0ebb |
section = g_utf8_casefold (realm_name, -1);
|
|
|
ed0ebb |
- mapping = realm_settings_boolean (realm_name, REALM_DBUS_OPTION_AUTOMATIC_ID_MAPPING, TRUE);
|
|
|
ed0ebb |
+ mapping = realm_settings_boolean (section, REALM_DBUS_OPTION_AUTOMATIC_ID_MAPPING, TRUE);
|
|
|
ed0ebb |
g_free (section);
|
|
|
ed0ebb |
}
|
|
|
ed0ebb |
|
|
|
ed0ebb |
@@ -112,20 +112,21 @@ realm_options_automatic_join (const gchar *realm_name)
|
|
|
ed0ebb |
gboolean mapping;
|
|
|
ed0ebb |
|
|
|
ed0ebb |
section = g_utf8_casefold (realm_name, -1);
|
|
|
ed0ebb |
- mapping = realm_settings_boolean (realm_name, "automatic-join", FALSE);
|
|
|
ed0ebb |
+ mapping = realm_settings_boolean (section, "automatic-join", FALSE);
|
|
|
ed0ebb |
g_free (section);
|
|
|
ed0ebb |
|
|
|
ed0ebb |
return mapping;
|
|
|
ed0ebb |
}
|
|
|
ed0ebb |
|
|
|
ed0ebb |
gboolean
|
|
|
ed0ebb |
-realm_options_qualify_names (const gchar *realm_name)
|
|
|
ed0ebb |
+realm_options_qualify_names (const gchar *realm_name,
|
|
|
ed0ebb |
+ gboolean def)
|
|
|
ed0ebb |
{
|
|
|
ed0ebb |
gchar *section;
|
|
|
ed0ebb |
gboolean qualify;
|
|
|
ed0ebb |
|
|
|
ed0ebb |
section = g_utf8_casefold (realm_name, -1);
|
|
|
ed0ebb |
- qualify = realm_settings_boolean (realm_name, "fully-qualified-names", TRUE);
|
|
|
ed0ebb |
+ qualify = realm_settings_boolean (section, "fully-qualified-names", def);
|
|
|
ed0ebb |
g_free (section);
|
|
|
ed0ebb |
|
|
|
ed0ebb |
return qualify;
|
|
|
ed0ebb |
diff --git a/service/realm-options.h b/service/realm-options.h
|
|
|
ed0ebb |
index 7a1355e..b71d219 100644
|
|
|
ed0ebb |
--- a/service/realm-options.h
|
|
|
ed0ebb |
+++ b/service/realm-options.h
|
|
|
ed0ebb |
@@ -37,7 +37,8 @@ const gchar * realm_options_user_principal (GVariant *options,
|
|
|
ed0ebb |
gboolean realm_options_automatic_mapping (GVariant *options,
|
|
|
ed0ebb |
const gchar *realm_name);
|
|
|
ed0ebb |
|
|
|
ed0ebb |
-gboolean realm_options_qualify_names (const gchar *realm_name);
|
|
|
ed0ebb |
+gboolean realm_options_qualify_names (const gchar *realm_name,
|
|
|
ed0ebb |
+ gboolean def);
|
|
|
ed0ebb |
|
|
|
ed0ebb |
gboolean realm_options_check_domain_name (const gchar *domain_name);
|
|
|
ed0ebb |
|
|
|
ed0ebb |
diff --git a/service/realm-samba-winbind.c b/service/realm-samba-winbind.c
|
|
|
ed0ebb |
index 9335e26..61988eb 100644
|
|
|
ed0ebb |
--- a/service/realm-samba-winbind.c
|
|
|
ed0ebb |
+++ b/service/realm-samba-winbind.c
|
|
|
ed0ebb |
@@ -102,7 +102,7 @@ realm_samba_winbind_configure_async (RealmIniConfig *config,
|
|
|
ed0ebb |
"winbind enum groups", "no",
|
|
|
ed0ebb |
"winbind offline logon", "yes",
|
|
|
ed0ebb |
"winbind refresh tickets", "yes",
|
|
|
ed0ebb |
- "winbind use default domain", realm_options_qualify_names (domain_name )? "no" : "yes",
|
|
|
ed0ebb |
+ "winbind use default domain", realm_options_qualify_names (domain_name, TRUE )? "no" : "yes",
|
|
|
ed0ebb |
"template shell", realm_settings_string ("users", "default-shell"),
|
|
|
ed0ebb |
NULL);
|
|
|
ed0ebb |
|
|
|
ed0ebb |
diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
|
|
|
ed0ebb |
index 8543ca8..de7ce30 100644
|
|
|
ed0ebb |
--- a/service/realm-sssd-ad.c
|
|
|
ed0ebb |
+++ b/service/realm-sssd-ad.c
|
|
|
ed0ebb |
@@ -172,7 +172,7 @@ configure_sssd_for_domain (RealmIniConfig *config,
|
|
|
ed0ebb |
gchar *home;
|
|
|
ed0ebb |
|
|
|
ed0ebb |
home = realm_sssd_build_default_home (realm_settings_string ("users", "default-home"));
|
|
|
ed0ebb |
- qualify = realm_options_qualify_names (disco->domain_name);
|
|
|
ed0ebb |
+ qualify = realm_options_qualify_names (disco->domain_name, TRUE);
|
|
|
ed0ebb |
shell = realm_settings_string ("users", "default-shell");
|
|
|
ed0ebb |
explicit_computer_name = realm_options_computer_name (options, disco->domain_name);
|
|
|
ed0ebb |
realmd_tags = g_string_new ("");
|
|
|
ed0ebb |
diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
|
|
|
ed0ebb |
index ff1dc8a..5029f6b 100644
|
|
|
ed0ebb |
--- a/service/realm-sssd-ipa.c
|
|
|
ed0ebb |
+++ b/service/realm-sssd-ipa.c
|
|
|
ed0ebb |
@@ -201,7 +201,7 @@ on_ipa_client_do_restart (GObject *source,
|
|
|
ed0ebb |
|
|
|
ed0ebb |
realm_sssd_config_update_domain (config, domain, &error,
|
|
|
ed0ebb |
"cache_credentials", "True",
|
|
|
ed0ebb |
- "use_fully_qualified_names", realm_options_qualify_names (domain) ? "True" : "False",
|
|
|
ed0ebb |
+ "use_fully_qualified_names", realm_options_qualify_names (domain, FALSE) ? "True" : "False",
|
|
|
ed0ebb |
"krb5_store_password_if_offline", "True",
|
|
|
ed0ebb |
"default_shell", shell,
|
|
|
ed0ebb |
"fallback_homedir", home,
|
|
|
ed0ebb |
--
|
|
|
ed0ebb |
2.26.2
|
|
|
ed0ebb |
|