Bug 60679 - Configuration option for RFC2307 with Active Directory
Summary: Configuration option for RFC2307 with Active Directory
Status: RESOLVED FIXED
Alias: None
Product: realmd
Classification: Unclassified
Component: General (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Stef Walter
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on: 63434
Blocks: 61215
  Show dependency treegraph
 
Reported: 2013-02-11 18:19 UTC by Stef Walter
Modified: 2013-04-26 16:23 UTC (History)
3 users (show)

See Also:
i915 platform:
i915 features:

Attachments
Make realm_settings_boolean() accept a default value (6.44 KB, patch)
2013-04-12 13:49 UTC, Stef Walter 		Details | Splinter Review
Make realm_ini_config_set() accept more than one agrument pair (9.33 KB, patch)
2013-04-12 13:49 UTC, Stef Walter 		Details | Splinter Review
Option 'automatic-id-mapping' turns off id mapping (7.08 KB, patch)
2013-04-12 13:49 UTC, Stef Walter 		Details | Splinter Review
Make realm_settings_boolean() accept a default value (5.77 KB, patch)
2013-04-12 14:08 UTC, Stef Walter 		Details | Splinter Review
Option 'automatic-id-mapping' turns off id mapping (7.26 KB, patch)
2013-04-12 14:08 UTC, Stef Walter 		Details | Splinter Review
Show Obsolete (2) View All

Description Stef Walter 2013-02-11 18:19:06 UTC 
By default we setup SSSD with auto-generated UNIX info (uid/gid/homedir/etc.), as this works on all networks. But many networks maintain this info as part of active directory using RFC2307 compatible LDAP attributes.

We should have an option to use RFC 2307 with a given domain.
Comment 1 Jakub Hrozek 2013-04-12 12:33:54 UTC 
In order to use UIDs and GID from the POSIX attributes and not ID-map them, all you should set is;
ldap_id_mapping = False

I would have to check to be 100% sure, but I thought that the homedir, shell etc would be used automatically if present in the remote directory.
Comment 2 Stef Walter 2013-04-12 13:49:26 UTC 
Created attachment 77876 [details] [review]
Make realm_settings_boolean() accept a default value

We're using these settings for a lot of admin configurable stuff
and we can't expect per-realm defaults to be present in the
installed files, so specify them in the code.
Comment 3 Stef Walter 2013-04-12 13:49:31 UTC 
Created attachment 77877 [details] [review]
Make realm_ini_config_set() accept more than one agrument pair

This cleans up code a lot, and gives us a syntax similar to
realm_ini_config_change().
Comment 4 Stef Walter 2013-04-12 13:49:37 UTC 
Created attachment 77878 [details] [review]
Option 'automatic-id-mapping' turns off id mapping

This new per-realm option 'automatic-id-mapping = no' turns off
automatic ID mapping, and makes sssd and winbind obey RFC2307
when configured.
Comment 5 Stef Walter 2013-04-12 14:08:09 UTC 
Created attachment 77880 [details] [review]
Make realm_settings_boolean() accept a default value

Rebased on other patches
Comment 6 Stef Walter 2013-04-12 14:08:42 UTC 
Created attachment 77881 [details] [review]
Option 'automatic-id-mapping' turns off id mapping

Updated patch to use lower case realm names when looking up settings
Comment 7 Stef Walter 2013-04-12 14:37:20 UTC 
I think these are ready for review. Thanks in advance for looking it over.
Comment 8 Stef Walter 2013-04-26 16:23:20 UTC 
Attachment 77877 [details] pushed as f3822b5 - Make realm_ini_config_set() accept more than one agrument pair
Attachment 77880 [details] pushed as 666252b - Make realm_settings_boolean() accept a default value
Attachment 77881 [details] pushed as fecf523 - Option 'automatic-id-mapping' turns off id mapping

Pushed to matser. Review timed out, but I've tested this well, and would like to get it in
for the test day coming up.

More testing information here:
https://fedoraproject.org/wiki/QA:Testcase_realmd_join_rfc2307

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.