From 5377817417b800335c5ae21f7e6b301ddbcbe1d1 Mon Sep 17 00:00:00 2001 From: Petr Cech Date: Fri, 13 May 2016 05:21:07 -0400 Subject: [PATCH 103/108] AD_PROVIDER: Add ad_enabled_domains option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves: https://fedorahosted.org/sssd/ticket/2828 Reviewed-by: Jakub Hrozek Reviewed-by: Lukáš Slebodník --- src/config/SSSDConfig/__init__.py.in | 1 + src/config/cfg_rules.ini | 1 + src/config/etc/sssd.api.d/sssd-ad.conf | 1 + src/man/sssd-ad.5.xml | 27 +++++++++++++++++++++++++++ src/providers/ad/ad_common.h | 1 + src/providers/ad/ad_opts.c | 1 + 6 files changed, 32 insertions(+) diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index ac538788b9878dc2613cb48b7483d392cca41d47..1718a9babf390b95710ec356f25f09ea679bdd73 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -192,6 +192,7 @@ option_strings = { # [provider/ad] 'ad_domain' : _('Active Directory domain'), + 'ad_enabled_domains' : _('Enabled Active Directory domains'), 'ad_server' : _('Active Directory server address'), 'ad_backup_server' : _('Active Directory backup server address'), 'ad_hostname' : _('Active Directory client hostname'), diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index bd0116f334e2605e7671a208225761421511a75a..ef6435b08aee416e377fe854e6768f3fa4fd9650 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -335,6 +335,7 @@ option = ad_access_filter option = ad_backup_server option = ad_domain option = ad_enable_dns_sites +option = ad_enabled_domains option = ad_enable_gc option = ad_gpo_access_control option = ad_gpo_cache_timeout diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf index 87a74f4af0770874c71baaea02d2313721db78bf..8d97a416c8c97bff096042b0b70a3b2c18183710 100644 --- a/src/config/etc/sssd.api.d/sssd-ad.conf +++ b/src/config/etc/sssd.api.d/sssd-ad.conf @@ -1,5 +1,6 @@ [provider/ad] ad_domain = str, None, false +ad_enabled_domains = str, None, false ad_server = str, None, false ad_backup_server = str, None, false ad_hostname = str, None, false diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index ef27976dd62e164cfb91359efc69bd54e1aa9711..8a2f4ade9387f0d5723b7056bdce9e83363cf035 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -114,6 +114,33 @@ ldap_id_mapping = False + ad_enabled_domains (string) + + + A comma-separated list of enabled Active Directory domains. + If provided, SSSD will ignore any domains not listed in this + option. If left unset, all domains from the AD forest will + be available. + + + For proper operation, this option must be specified in all + lower-case and as the fully qualified domain name of the + Active Directory domain. For example: + +ad_enabled_domains = sales.example.com, eng.example.com + + + + The short domain name (also known as the NetBIOS or the flat + name) will be autodetected by SSSD. + + + Default: Not set + + + + + ad_server, ad_backup_server (string) diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index 7e86faf1142d7be49eef01e1ddd7bfafea2fcedc..23351e328968918aa9ca9009c052e670a7d55258 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -42,6 +42,7 @@ struct ad_options; enum ad_basic_opt { AD_DOMAIN = 0, + AD_ENABLED_DOMAINS, AD_SERVER, AD_BACKUP_SERVER, AD_HOSTNAME, diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c index 829f9d9556bc3fa74a95eb76db0e31b19befe8fe..fc1dc67337845754eba8c879c78e08c1777a4abc 100644 --- a/src/providers/ad/ad_opts.c +++ b/src/providers/ad/ad_opts.c @@ -28,6 +28,7 @@ struct dp_option ad_basic_opts[] = { { "ad_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ad_enabled_domains", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_hostname", DP_OPT_STRING, NULL_STRING, NULL_STRING }, -- 2.4.11