ad_common.c revision 59415636c92c6e9764ddc65a85ad61002310519d
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen Stephen Gallagher <sgallagh@redhat.com>
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen Copyright (C) 2012 Red Hat
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen This program is free software; you can redistribute it and/or modify
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen it under the terms of the GNU General Public License as published by
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen the Free Software Foundation; either version 3 of the License, or
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen (at your option) any later version.
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen This program is distributed in the hope that it will be useful,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen but WITHOUT ANY WARRANTY; without even the implied warranty of
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen GNU General Public License for more details.
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen You should have received a copy of the GNU General Public License
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen along with this program. If not, see <http://www.gnu.org/licenses/>.
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainenerrno_t ad_set_search_bases(struct sdap_options *id_opts);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainenstatic errno_t ad_set_ad_id_options(struct ad_options *ad_opts,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainenad_create_default_sdap_options(TALLOC_CTX *mem_ctx)
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen id_opts = talloc_zero(mem_ctx, struct sdap_options);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Get sdap option maps */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* General Attribute Map */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* User map */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Group map */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Netgroup map */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Services map */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ad_options = talloc_zero(mem_ctx, struct ad_options);
ef5fb27361cc5e15766e85e28355750ff04b13c9Timo Sirainen ad_options->id = ad_create_default_sdap_options(ad_options);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_OP_FAILURE, ("Cannot initialize AD LDAP options\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = dp_opt_set_string(ad_options->basic, AD_KRB5_REALM, realm);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_OP_FAILURE, ("Cannot set AD domain\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = dp_opt_set_string(ad_options->basic, AD_HOSTNAME, hostname);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_OP_FAILURE, ("Cannot set AD domain\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = ad_set_ad_id_options(ad_options, ad_options->id);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen id_opts = talloc_zero(mem_ctx, struct sdap_options);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Get sdap option maps */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* General Attribute Map */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* User map */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Group map */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Netgroup map */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Services map */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen opts = talloc_zero(mem_ctx, struct ad_options);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* If the AD domain name wasn't explicitly set, assume that it
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen * matches the SSSD domain name
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen domain = dp_opt_get_string(opts->basic, AD_DOMAIN);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = dp_opt_set_string(opts->basic, AD_DOMAIN, dom->name);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Did we get an explicit server name, or are we discovering it? */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen server = dp_opt_get_string(opts->basic, AD_SERVER);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("No AD server set, will use service discovery!\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Set the machine's hostname to the local host name if it
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen * wasn't explicitly specified.
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("gethostname failed [%s].\n",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Setting ad_hostname to [%s].\n", hostname));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Setting ad_hostname failed [%s].\n",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Always use the upper-case AD domain for the kerberos realm */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = dp_opt_set_string(opts->basic, AD_KRB5_REALM, realm);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Active Directory is always case-insensitive */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Set this in the confdb so that the responders pick it
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen * up when they start up.
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = confdb_set_bool(cdb, conf_path, "case_sensitive",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Could not set domain case-sensitive: [%s]\n",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Setting domain case-insensitive\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainenad_resolve_callback(void *private_data, struct fo_server *server);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Split the server list */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = split_on_separator(tmp_ctx, servers, ',', true, true, &list, NULL);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Add each of these servers to the failover service */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen for (i = 0; list[i]; i++) {
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Failed to add server [%s] to failover service: "
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen "SRV resolution only allowed for primary servers!\n",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen sdata = talloc(service, struct ad_server_data);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = be_fo_add_srv_server(bectx, fo_gc_service, "gc",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Failed to add service discovery to failover: [%s]",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen sdata = talloc(service, struct ad_server_data);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = be_fo_add_srv_server(bectx, fo_service, "ldap",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Failed to add service discovery to failover: [%s]",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CONF_SETTINGS, ("Added service discovery for AD\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* It could be ipv6 address in square brackets. Remove
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen * the brackets if needed. */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen sdata = talloc(service, struct ad_server_data);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = be_fo_add_server(bectx, fo_service, list[i], 0, sdata, primary);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen sdata = talloc(service, struct ad_server_data);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = be_fo_add_server(bectx, fo_service, list[i], 0, sdata, primary);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CONF_SETTINGS, ("Added failover server %s\n", list[i]));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainenad_primary_servers_init(TALLOC_CTX *mem_ctx, struct ad_service *service,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen const char *fo_service, const char *fo_gc_service,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen return _ad_servers_init(mem_ctx, service, bectx, fo_service,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainenad_backup_servers_init(TALLOC_CTX *mem_ctx, struct ad_service *service,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen const char *fo_service, const char *fo_gc_service,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen return _ad_servers_init(mem_ctx, service, bectx, fo_service,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainenstatic int ad_user_data_cmp(void *ud1, void *ud2)
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen sd1 = talloc_get_type(ud1, struct ad_server_data);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen sd2 = talloc_get_type(ud2, struct ad_server_data);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_TRACE_LIBS, ("Comparing %s with %s\n",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen struct ad_service *service = talloc_get_type(pvt, struct ad_service);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid private pointer\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_TRACE_FUNC, ("The AD provider is online\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainenad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen service = talloc_zero(tmp_ctx, struct ad_service);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen service->sdap = talloc_zero(service, struct sdap_service);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen service->gc = talloc_zero(service, struct sdap_service);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen service->sdap->name = talloc_strdup(service->sdap, ad_service);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen service->gc->name = talloc_strdup(service->gc, ad_gc_service);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen if (!service->sdap->name || !service->gc->name) {
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen service->krb5_service = talloc_zero(service, struct krb5_service);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = be_fo_add_service(bectx, ad_service, ad_user_data_cmp);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to create failover service!\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = be_fo_add_service(bectx, ad_gc_service, ad_user_data_cmp);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to create GC failover service!\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen service->krb5_service->name = talloc_strdup(service->krb5_service,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen service->sdap->kinit_service_name = service->krb5_service->name;
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen service->gc->kinit_service_name = service->krb5_service->name;
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("No Kerberos realm set\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen talloc_strdup(service->krb5_service, krb5_realm);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("No primary servers defined, using service discovery\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = ad_primary_servers_init(mem_ctx, service, bectx,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = ad_backup_servers_init(mem_ctx, service, bectx,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = be_add_online_cb(bectx, bectx, ad_online_cb, service, NULL);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("Could not set up AD online callback\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = be_fo_service_add_callback(mem_ctx, bectx, ad_service,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Failed to add failover callback! [%s]\n", strerror(ret)));
39413f6b07f7e4f4c1aeeecab73a2c454c84e308Timo Sirainen ret = be_fo_service_add_callback(mem_ctx, bectx, ad_gc_service,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Failed to add failover callback! [%s]\n", strerror(ret)));
39413f6b07f7e4f4c1aeeecab73a2c454c84e308Timo Sirainenad_resolve_callback(void *private_data, struct fo_server *server)
39413f6b07f7e4f4c1aeeecab73a2c454c84e308Timo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen if (fo_is_srv_lookup(server) == false && sdata == NULL) {
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("No user data?\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen service = talloc_get_type(private_data, struct ad_service);
39413f6b07f7e4f4c1aeeecab73a2c454c84e308Timo Sirainen ("No hostent available for server (%s)\n",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen address = resolv_get_string_address(tmp_ctx, srvaddr);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("resolv_get_string_address failed.\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("Could not get server host name\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen new_uri = talloc_asprintf(service->sdap, "ldap://%s", srv_name);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to copy URI\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CONF_SETTINGS, ("Constructed uri '%s'\n", new_uri));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("resolv_get_sockaddr_address failed.\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* free old one and replace with new one */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen service->sdap->sockaddr = talloc_steal(service->sdap, sockaddr);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen service->gc->uri = talloc_asprintf(service->gc, "%s:%d",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen service->gc->sockaddr = resolv_get_sockaddr_address(service->gc,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Make sure there always is an URI even if we know that this
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen * server doesn't support GC. That way the lookup would go through
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen * just not return anything
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen service->gc->uri = talloc_strdup(service->gc, service->sdap->uri);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen service->gc->sockaddr = talloc_memdup(service->gc, service->sdap->sockaddr,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen sizeof(struct sockaddr_storage));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to append to URI\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CONF_SETTINGS, ("Constructed GC uri '%s'\n", service->gc->uri));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("resolv_get_sockaddr_address failed.\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Only write kdcinfo files for local servers */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Write krb5 info files */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, ("sss_escape_ip_address failed.\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = write_krb5info_file(service->krb5_service->realm, safe_address,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("write_krb5info_file failed, authentication might fail.\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainenad_set_ad_id_options(struct ad_options *ad_opts,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* We only support Kerberos password policy with AD, so
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen * force that on.
b6dff2ba7a4640c1c4fa8fcad5602d236c31a2e4Timo Sirainen DEBUG(SSSDBG_FATAL_FAILURE, ("Could not set password policy\n"));
b6dff2ba7a4640c1c4fa8fcad5602d236c31a2e4Timo Sirainen /* Set the Kerberos Realm for GSSAPI */
b6dff2ba7a4640c1c4fa8fcad5602d236c31a2e4Timo Sirainen krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Should be impossible, this is set in ad_get_common_options() */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_FATAL_FAILURE, ("No Kerberos realm\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_REALM, krb5_realm);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Option %s set to %s\n",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_KEYTAB,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Option %s set to %s\n",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the SASL-related options\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* fix schema to AD */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = ad_create_sdap_options(ad_opts, cdb, conf_path, &id_opts);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Set up search bases if they were assigned explicitly */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainenad_set_search_bases(struct sdap_options *id_opts)
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen const int search_base_options[] = { SDAP_USER_SEARCH_BASE,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* AD servers provide defaultNamingContext, so we will
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen * rely on that to specify the search base unless it has
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen * been specifically overridden.
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen dp_opt_get_string(id_opts->basic, SDAP_SEARCH_BASE);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* set search bases if they are not */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen for (o = 0; search_base_options[o] != -1; o++) {
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Option %s set to %s\n",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen id_opts->basic[search_base_options[o]].opt_name,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Search base not set. SSSD will attempt to discover it later, "
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen "when connecting to the LDAP server.\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Default search */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = sdap_parse_search_base(id_opts, id_opts->basic,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* User search */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = sdap_parse_search_base(id_opts, id_opts->basic,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Group search base */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = sdap_parse_search_base(id_opts, id_opts->basic,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Netgroup search */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = sdap_parse_search_base(id_opts, id_opts->basic,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Service search */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = sdap_parse_search_base(id_opts, id_opts->basic,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Get krb5 options */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = dp_get_options(tmp_ctx, bectx->cdb, bectx->conf_path,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Could not read Kerberos options from the configuration\n"));
e156adefc1260d31a145df2f5e9b3c82050d4163Timo Sirainen ad_servers = dp_opt_get_string(ad_opts->basic, AD_SERVER);
e156adefc1260d31a145df2f5e9b3c82050d4163Timo Sirainen /* Force the krb5_servers to match the ad_servers */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = dp_opt_set_string(krb5_options, KRB5_KDC, ad_servers);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Option %s set to %s\n",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Set krb5 realm */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Set the Kerberos Realm for GSSAPI */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Should be impossible, this is set in ad_get_common_options() */
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_FATAL_FAILURE, ("No Kerberos realm\n"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Force the kerberos realm to match the AD_KRB5_REALM (which may have
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen * been upper-cased in ad_common_options()
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Option %s set to %s\n",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen /* Set flag that controls whether we want to write the
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen * kdcinfo files at all
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ad_opts->service->krb5_service->write_kdcinfo = \
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen dp_opt_get_bool(krb5_options, KRB5_USE_KDCINFO);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ad_opts->service->krb5_service->write_kdcinfo ? "true" : "false"));
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainenerrno_t ad_get_dyndns_options(struct be_ctx *be_ctx,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ret = be_nsupdate_init(ad_opts, be_ctx, ad_dyndns_opts,
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ("Cannot initialize AD dyndns opts [%d]: %s\n",
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainenad_id_ctx_init(struct ad_options *ad_opts, struct be_ctx *bectx)
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen ad_ctx = talloc_zero(ad_opts, struct ad_id_ctx);
a914bff43644dd9b3977244203839ca74161e40cTimo Sirainen sdap_ctx = sdap_id_ctx_new(ad_ctx, bectx, ad_opts->service->sdap);