Commit 744e2b4 GPO: Use AD site override if set

1 file Authored by mzidek 2 months ago , Committed by jhrozek 2 months ago ,
GPO: Use AD site override if set

Use AD site override if it was set in SSSD configuration.

Resolves:
https://pagure.io/SSSD/sssd/issue/3646

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

    
 1 @@ -2806,7 +2806,8 @@
 2       struct tevent_req *req;
 3       struct ad_gpo_process_som_state *state;
 4       int ret;
 5 -     char *site;
 6 +     char *site = NULL;
 7 +     char *site_override = NULL;
 8       const char *attrs[] = {AD_AT_CONFIG_NC, NULL};
 9   
10       req = tevent_req_callback_data(subreq, struct tevent_req);
11 @@ -2817,17 +2818,43 @@
12       talloc_zfree(subreq);
13   
14       if (ret != EOK || site == NULL) {
15 -         DEBUG(SSSDBG_OP_FAILURE, "Cannot retrieve master domain info\n");
16 +         DEBUG(SSSDBG_TRACE_FUNC,
17 +               "Could not autodiscover AD site. This is not fatal if "
18 +               "ad_site option was set.\n");
19 +     }
20 + 
21 +     site_override = dp_opt_get_string(state->ad_options, AD_SITE);
22 +     if (site_override != NULL) {
23 +         DEBUG(SSSDBG_TRACE_FUNC,
24 +               "Overriding autodiscovered AD site value '%s' with '%s' from "
25 +               "configuration.\n", site ? site : "none", site_override);
26 +     }
27 + 
28 +     if (site == NULL && site_override == NULL) {
29 +         sss_log(SSS_LOG_WARNING,
30 +                 "Could not autodiscover AD site value using DNS and ad_site "
31 +                 "option was not set in configuration. GPO will not work. "
32 +                 "To work around this issue you can use ad_site option in SSSD "
33 +                 "configuration.");
34 +         DEBUG(SSSDBG_OP_FAILURE,
35 +               "Could not autodiscover AD site value using DNS and ad_site "
36 +               "option was not set in configuration. GPO will not work. "
37 +               "To work around this issue you can use ad_site option in SSSD "
38 +               "configuration.\n");
39           tevent_req_error(req, ENOENT);
40           return;
41       }
42   
43 -     state->site_name = talloc_asprintf(state, "cn=%s", site);
44 +     state->site_name = talloc_asprintf(state, "cn=%s",
45 +                                        site_override ? site_override
46 +                                                      : site);
47       if (state->site_name == NULL) {
48           tevent_req_error(req, ENOMEM);
49           return;
50       }
51   
52 +     DEBUG(SSSDBG_TRACE_FUNC, "Using AD site '%s'.\n", state->site_name);
53 + 
54       /*
55        * note: the configNC attribute is being retrieved here from the rootDSE
56        * entry. In future, since we already make an LDAP query for the rootDSE