ad_common.c revision 7119f0c483049a8850d3075c0b1062f35200a538
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher Stephen Gallagher <sgallagh@redhat.com>
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher Copyright (C) 2012 Red Hat
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher This program is free software; you can redistribute it and/or modify
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher it under the terms of the GNU General Public License as published by
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher the Free Software Foundation; either version 3 of the License, or
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher (at your option) any later version.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher This program is distributed in the hope that it will be useful,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher but WITHOUT ANY WARRANTY; without even the implied warranty of
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher GNU General Public License for more details.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher You should have received a copy of the GNU General Public License
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher along with this program. If not, see <http://www.gnu.org/licenses/>.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher opts = talloc_zero(mem_ctx, struct ad_options);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = dp_get_options(opts, cdb, conf_path,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* If the AD domain name wasn't explicitly set, assume that it
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher * matches the SSSD domain name
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher domain = dp_opt_get_string(opts->basic, AD_DOMAIN);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = dp_opt_set_string(opts->basic, AD_DOMAIN, dom->name);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Did we get an explicit server name, or are we discovering it? */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher server = dp_opt_get_string(opts->basic, AD_SERVER);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("No AD server set, will use service discovery!\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Set the machine's hostname to the local host name if it
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher * wasn't explicitly specified.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher gret = gethostname(hostname, HOST_NAME_MAX);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("gethostname failed [%s].\n",
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("Setting ad_hostname to [%s].\n", hostname));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("Setting ad_hostname failed [%s].\n",
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Always use the upper-case AD domain for the kerberos realm */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = dp_opt_set_string(opts->basic, AD_KRB5_REALM, realm);
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher /* Active Directory is always case-insensitive */
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher /* Set this in the confdb so that the responders pick it
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher * up when they start up.
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher ret = confdb_set_bool(cdb, conf_path, "case_sensitive",
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher ("Could not set domain case-sensitive: [%s]\n",
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher ("Setting domain case-insensitive\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherad_resolve_callback(void *private_data, struct fo_server *server);
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny /* Split the server list */
04759b59e71c78ab23b84d13dd29d9c6dd680adbMichal Zidek ret = split_on_separator(tmp_ctx, servers, ',', true, true, &list, NULL);
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n"));
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny ad_domain = dp_opt_get_string(options->basic, AD_DOMAIN);
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny /* Add each of these servers to the failover service */
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny for (i = 0; list[i]; i++) {
4a1e58d85409fbb7a12ac244c3dbef8c0c1b15dfMichal Zidek ("Failed to add server [%s] to failover service: "
4a1e58d85409fbb7a12ac244c3dbef8c0c1b15dfMichal Zidek "SRV resolution only allowed for primary servers!\n",
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny ret = be_fo_add_srv_server(bectx, AD_SERVICE_NAME, "ldap",
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny ("Failed to add service discovery to failover: [%s]",
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny DEBUG(SSSDBG_CONF_SETTINGS, ("Added service discovery for AD\n"));
b096321a5a02dda0b6b71ba0f9c4d8feacd979e4Michal Zidek /* It could be ipv6 address in square brackets. Remove
b096321a5a02dda0b6b71ba0f9c4d8feacd979e4Michal Zidek * the brackets if needed. */
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny ret = be_fo_add_server(bectx, AD_SERVICE_NAME, list[i], 0, NULL, primary);
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n"));
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny DEBUG(SSSDBG_CONF_SETTINGS, ("Added failover server %s\n", list[i]));
7119f0c483049a8850d3075c0b1062f35200a538Jakub Hrozekad_primary_servers_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
7119f0c483049a8850d3075c0b1062f35200a538Jakub Hrozek const char *servers, struct ad_options *options)
7119f0c483049a8850d3075c0b1062f35200a538Jakub Hrozek return _ad_servers_init(mem_ctx, bectx, servers, options, true);
7119f0c483049a8850d3075c0b1062f35200a538Jakub Hrozekad_backup_servers_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
7119f0c483049a8850d3075c0b1062f35200a538Jakub Hrozek const char *servers, struct ad_options *options)
7119f0c483049a8850d3075c0b1062f35200a538Jakub Hrozek return _ad_servers_init(mem_ctx, bectx, servers, options, false);
9ab243b369ba317cc964080786dbcdebaf23d6beMichal Zidekstatic int ad_user_data_cmp(void *ud1, void *ud2)
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service = talloc_zero(tmp_ctx, struct ad_service);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service->sdap = talloc_zero(service, struct sdap_service);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service->krb5_service = talloc_zero(service, struct krb5_service);
9ab243b369ba317cc964080786dbcdebaf23d6beMichal Zidek ret = be_fo_add_service(bectx, AD_SERVICE_NAME, ad_user_data_cmp);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to create failover service!\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service->sdap->name = talloc_strdup(service, AD_SERVICE_NAME);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service->krb5_service->name = talloc_strdup(service, AD_SERVICE_NAME);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service->sdap->kinit_service_name = service->krb5_service->name;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher realm = dp_opt_get_string(options->basic, AD_KRB5_REALM);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("No Kerberos realm set\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher talloc_strdup(service->krb5_service, realm);
b1caacb098ae99ad65144120fdec4d0fd98ad9d5Pavel Březina ("No primary servers defined, using service discovery\n"));
7119f0c483049a8850d3075c0b1062f35200a538Jakub Hrozek ret = ad_primary_servers_init(mem_ctx, bectx, primary_servers, options);
7119f0c483049a8850d3075c0b1062f35200a538Jakub Hrozek ret = ad_backup_servers_init(mem_ctx, bectx, backup_servers, options);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = be_fo_service_add_callback(mem_ctx, bectx, AD_SERVICE_NAME,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("Failed to add failover callback! [%s]\n", strerror(ret)));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher *_service = talloc_steal(mem_ctx, service);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherad_resolve_callback(void *private_data, struct fo_server *server)
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service = talloc_get_type(private_data, struct ad_service);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("No hostent available for server (%s)\n",
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("resolv_get_sockaddr_address failed.\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher address = resolv_get_string_address(tmp_ctx, srvaddr);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("resolv_get_string_address failed.\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Could not get server host name\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher new_uri = talloc_asprintf(service, "ldap://%s", srv_name);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to copy URI\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CONF_SETTINGS, ("Constructed uri '%s'\n", new_uri));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* free old one and replace with new one */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service->sdap->sockaddr = talloc_steal(service, sockaddr);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher safe_address = sss_escape_ip_address(tmp_ctx,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("sss_escape_ip_address failed.\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = write_krb5info_file(service->krb5_service->realm, safe_address,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("write_krb5info_file failed, authentication might fail.\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherad_set_search_bases(struct sdap_options *id_opts);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherad_get_id_options(struct ad_options *ad_opts,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher id_opts = talloc_zero(tmp_ctx, struct sdap_options);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = dp_get_options(id_opts, cdb, conf_path,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Set up search bases if they were assigned explicitly */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* We only support Kerberos password policy with AD, so
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher * force that on.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_FATAL_FAILURE, ("Could not set password policy\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Set the Kerberos Realm for GSSAPI */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Should be impossible, this is set in ad_get_common_options() */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_FATAL_FAILURE, ("No Kerberos realm\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_REALM, krb5_realm);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("Option %s set to %s\n",
4e2d9fe30bf8b692972a9654c60d2d90ed355815Stephen Gallagher keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB);
4e2d9fe30bf8b692972a9654c60d2d90ed355815Stephen Gallagher ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_KEYTAB,
4e2d9fe30bf8b692972a9654c60d2d90ed355815Stephen Gallagher ("Option %s set to %s\n",
4e2d9fe30bf8b692972a9654c60d2d90ed355815Stephen Gallagher id_opts->basic[SDAP_KRB5_KEYTAB].opt_name,
e0d861963e10c5aba79ad87f8c48b0ce1bec06caJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the SASL-related options\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* fix schema to AD */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Get sdap option maps */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* General Attribute Map */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* User map */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Group map */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Netgroup map */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Services map */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ad_opts->id = talloc_steal(ad_opts, id_opts);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherad_set_search_bases(struct sdap_options *id_opts)
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher const int search_base_options[] = { SDAP_USER_SEARCH_BASE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* AD servers provide defaultNamingContext, so we will
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher * rely on that to specify the search base unless it has
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher * been specifically overridden.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher dp_opt_get_string(id_opts->basic, SDAP_SEARCH_BASE);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* set search bases if they are not */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher for (o = 0; search_base_options[o] != -1; o++) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (NULL == dp_opt_get_string(id_opts->basic,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("Option %s set to %s\n",
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher id_opts->basic[search_base_options[o]].opt_name,
0051296f67bd7d8e2e3094638ddff4e641324d04Michal Zidek ("Search base not set. SSSD will attempt to discover it later, "
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher "when connecting to the LDAP server.\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Default search */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sdap_parse_search_base(id_opts, id_opts->basic,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK && ret != ENOENT) goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* User search */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sdap_parse_search_base(id_opts, id_opts->basic,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK && ret != ENOENT) goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Group search base */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sdap_parse_search_base(id_opts, id_opts->basic,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK && ret != ENOENT) goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Netgroup search */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sdap_parse_search_base(id_opts, id_opts->basic,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK && ret != ENOENT) goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Service search */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sdap_parse_search_base(id_opts, id_opts->basic,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK && ret != ENOENT) goto done;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher /* Get krb5 options */
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ret = dp_get_options(tmp_ctx, bectx->cdb, bectx->conf_path,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ("Could not read Kerberos options from the configuration\n"));
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ad_servers = dp_opt_get_string(ad_opts->basic, AD_SERVER);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher /* Force the krb5_servers to match the ad_servers */
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ret = dp_opt_set_string(krb5_options, KRB5_KDC, ad_servers);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ("Option %s set to %s\n",
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher /* Set krb5 realm */
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher /* Set the Kerberos Realm for GSSAPI */
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher /* Should be impossible, this is set in ad_get_common_options() */
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher DEBUG(SSSDBG_FATAL_FAILURE, ("No Kerberos realm\n"));
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher /* Force the kerberos realm to match the AD_KRB5_REALM (which may have
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher * been upper-cased in ad_common_options()
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ("Option %s set to %s\n",
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher *_opts = talloc_steal(mem_ctx, krb5_options);
74e95cfd9d3939dfe9417d79d2f6fc79b361405fJakub Hrozekerrno_t ad_get_dyndns_options(struct be_ctx *be_ctx,
3bd78eb2faf09635b8d307e4440ccb1420f80716Jakub Hrozek ret = be_nsupdate_init(ad_opts, be_ctx, ad_dyndns_opts,
74e95cfd9d3939dfe9417d79d2f6fc79b361405fJakub Hrozek ("Cannot initialize AD dyndns opts [%d]: %s\n",