From 5377817417b800335c5ae21f7e6b301ddbcbe1d1 Mon Sep 17 00:00:00 2001

From: Petr Cech <pcech@redhat.com>

Date: Fri, 13 May 2016 05:21:07 -0400

Subject: [PATCH 103/108] AD_PROVIDER: Add ad_enabled_domains option

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Resolves:

https://fedorahosted.org/sssd/ticket/2828

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

---

 src/config/SSSDConfig/__init__.py.in   |  1 +

 src/config/cfg_rules.ini               |  1 +

 src/config/etc/sssd.api.d/sssd-ad.conf |  1 +

 src/man/sssd-ad.5.xml                  | 27 +++++++++++++++++++++++++++

 src/providers/ad/ad_common.h           |  1 +

 src/providers/ad/ad_opts.c             |  1 +

 6 files changed, 32 insertions(+)

diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in

index ac538788b9878dc2613cb48b7483d392cca41d47..1718a9babf390b95710ec356f25f09ea679bdd73 100644

--- a/src/config/SSSDConfig/__init__.py.in

+++ b/src/config/SSSDConfig/__init__.py.in

@@ -192,6 +192,7 @@ option_strings = {

     # [provider/ad]

     'ad_domain' : _('Active Directory domain'),

+    'ad_enabled_domains' : _('Enabled Active Directory domains'),

     'ad_server' : _('Active Directory server address'),

     'ad_backup_server' : _('Active Directory backup server address'),

     'ad_hostname' : _('Active Directory client hostname'),

diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini

index bd0116f334e2605e7671a208225761421511a75a..ef6435b08aee416e377fe854e6768f3fa4fd9650 100644

--- a/src/config/cfg_rules.ini

+++ b/src/config/cfg_rules.ini

@@ -335,6 +335,7 @@ option = ad_access_filter

 option = ad_backup_server

 option = ad_domain

 option = ad_enable_dns_sites

+option = ad_enabled_domains

 option = ad_enable_gc

 option = ad_gpo_access_control

 option = ad_gpo_cache_timeout

diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf

index 87a74f4af0770874c71baaea02d2313721db78bf..8d97a416c8c97bff096042b0b70a3b2c18183710 100644

--- a/src/config/etc/sssd.api.d/sssd-ad.conf

+++ b/src/config/etc/sssd.api.d/sssd-ad.conf

@@ -1,5 +1,6 @@

 [provider/ad]

 ad_domain = str, None, false

+ad_enabled_domains = str, None, false

 ad_server = str, None, false

 ad_backup_server = str, None, false

 ad_hostname = str, None, false

diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml

index ef27976dd62e164cfb91359efc69bd54e1aa9711..8a2f4ade9387f0d5723b7056bdce9e83363cf035 100644

--- a/src/man/sssd-ad.5.xml

+++ b/src/man/sssd-ad.5.xml

@@ -114,6 +114,33 @@ ldap_id_mapping = False

                 </varlistentry>

                 <varlistentry>

+                    <term>ad_enabled_domains (string)</term>

+                    <listitem>

+                        <para>

+                            A comma-separated list of enabled Active Directory domains.

+                            If provided, SSSD will ignore any domains not listed in this

+                            option. If left unset, all domains from the AD forest will

+                            be available.

+                        </para>

+                        <para>

+                            For proper operation, this option must be specified in all

+                            lower-case and as the fully qualified domain name of the

+                            Active Directory domain. For example:

+                            <programlisting>

+ad_enabled_domains = sales.example.com, eng.example.com

+                            </programlisting>

+                        </para>

+                        <para>

+                            The short domain name (also known as the NetBIOS or the flat

+                            name) will be autodetected by SSSD.

+                        </para>

+                        <para>

+                            Default: Not set

+                        </para>

+                    </listitem>

+                </varlistentry>

+

+                <varlistentry>

                     <term>ad_server, ad_backup_server (string)</term>

                     <listitem>

                         <para>

diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h

index 7e86faf1142d7be49eef01e1ddd7bfafea2fcedc..23351e328968918aa9ca9009c052e670a7d55258 100644

--- a/src/providers/ad/ad_common.h

+++ b/src/providers/ad/ad_common.h

@@ -42,6 +42,7 @@ struct ad_options;

 enum ad_basic_opt {

     AD_DOMAIN = 0,

+    AD_ENABLED_DOMAINS,

     AD_SERVER,

     AD_BACKUP_SERVER,

     AD_HOSTNAME,

diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c

index 829f9d9556bc3fa74a95eb76db0e31b19befe8fe..fc1dc67337845754eba8c879c78e08c1777a4abc 100644

--- a/src/providers/ad/ad_opts.c

+++ b/src/providers/ad/ad_opts.c

@@ -28,6 +28,7 @@

 struct dp_option ad_basic_opts[] = {

     { "ad_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING },

+    { "ad_enabled_domains", DP_OPT_STRING, NULL_STRING, NULL_STRING },

     { "ad_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },

     { "ad_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },

     { "ad_hostname", DP_OPT_STRING, NULL_STRING, NULL_STRING },

-- 

2.4.11