Bug 60679

Summary: Configuration option for RFC2307 with Active Directory
Product: realmd Reporter: Stef Walter <stefw>
Component: GeneralAssignee: Stef Walter <stefw>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium CC: jhrozek, stefw, yelley
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Bug Depends on: 63434    
Bug Blocks: 61215    
Attachments: Make realm_settings_boolean() accept a default value
Make realm_ini_config_set() accept more than one agrument pair
Option 'automatic-id-mapping' turns off id mapping
Make realm_settings_boolean() accept a default value
Option 'automatic-id-mapping' turns off id mapping

Description Stef Walter 2013-02-11 18:19:06 UTC 
By default we setup SSSD with auto-generated UNIX info (uid/gid/homedir/etc.), as this works on all networks. But many networks maintain this info as part of active directory using RFC2307 compatible LDAP attributes.

We should have an option to use RFC 2307 with a given domain.
Comment 1 Jakub Hrozek 2013-04-12 12:33:54 UTC 
In order to use UIDs and GID from the POSIX attributes and not ID-map them, all you should set is;
ldap_id_mapping = False

I would have to check to be 100% sure, but I thought that the homedir, shell etc would be used automatically if present in the remote directory.
Comment 2 Stef Walter 2013-04-12 13:49:26 UTC 
Created attachment 77876 [details] [review]
Make realm_settings_boolean() accept a default value

We're using these settings for a lot of admin configurable stuff
and we can't expect per-realm defaults to be present in the
installed files, so specify them in the code.
Comment 3 Stef Walter 2013-04-12 13:49:31 UTC 
Created attachment 77877 [details] [review]
Make realm_ini_config_set() accept more than one agrument pair

This cleans up code a lot, and gives us a syntax similar to
realm_ini_config_change().
Comment 4 Stef Walter 2013-04-12 13:49:37 UTC 
Created attachment 77878 [details] [review]
Option 'automatic-id-mapping' turns off id mapping

This new per-realm option 'automatic-id-mapping = no' turns off
automatic ID mapping, and makes sssd and winbind obey RFC2307
when configured.
Comment 5 Stef Walter 2013-04-12 14:08:09 UTC 
Created attachment 77880 [details] [review]
Make realm_settings_boolean() accept a default value

Rebased on other patches
Comment 6 Stef Walter 2013-04-12 14:08:42 UTC 
Created attachment 77881 [details] [review]
Option 'automatic-id-mapping' turns off id mapping

Updated patch to use lower case realm names when looking up settings
Comment 7 Stef Walter 2013-04-12 14:37:20 UTC 
I think these are ready for review. Thanks in advance for looking it over.
Comment 8 Stef Walter 2013-04-26 16:23:20 UTC 
Attachment 77877 [details] pushed as f3822b5 - Make realm_ini_config_set() accept more than one agrument pair
Attachment 77880 [details] pushed as 666252b - Make realm_settings_boolean() accept a default value
Attachment 77881 [details] pushed as fecf523 - Option 'automatic-id-mapping' turns off id mapping

Pushed to matser. Review timed out, but I've tested this well, and would like to get it in
for the test day coming up.

More testing information here:
https://fedoraproject.org/wiki/QA:Testcase_realmd_join_rfc2307

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.