Add 'ipa_server_mode' option to SSSD configuration

https://fedorahosted.org/freeipa/ticket/3652
2025-02-25 18:55:28 -06:00 · 2013-07-15 11:09:14 +02:00
parent f637d05a18
commit 595de183a7
2 changed files with 14 additions and 1 deletions
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -32,6 +32,7 @@ import fileinput
 import ConfigParser

 from ipalib import api
+import SSSDConfig
 import ipalib.util
 import ipalib.errors
 from ipapython import ipautil, sysrestore, version, services
@@ -39,7 +40,6 @@ from ipapython.config import IPAOptionParser
 from ipapython.ipa_log_manager import *
 from ipapython import certmonger
 from ipapython import dogtag
-from ipapython.dn import DN
 from ipaserver.install import installutils
 from ipaserver.install import dsinstance
 from ipaserver.install import httpinstance
@@ -842,6 +842,15 @@ def fix_schema_file_syntax(ds):
    sysupgrade.set_upgrade_state('ds', 'fix_schema_syntax', True)


+def set_sssd_domain_option(option, value):
+    sssdconfig = SSSDConfig.SSSDConfig()
+    sssdconfig.import_config()
+    domain = sssdconfig.get_domain(str(api.env.domain))
+    domain.set_option(option, value)
+    sssdconfig.save_domain(domain)
+    sssdconfig.write("/etc/sssd/sssd.conf")
+
+
 def main():
    """
    Get some basics about the system. If getting those basics fail then
@@ -975,5 +984,7 @@ def main():
        except ipautil.CalledProcessError, e:
            root_logger.error("Failed to restart %s: %s", ca.service_name, e)

+    set_sssd_domain_option('ipa_server_mode', 'True')
+
 if __name__ == '__main__':
    installutils.run_script(main, operation_name='ipa-upgradeconfig')
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1104,8 +1104,10 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, clie
        else:
            domain.set_option('ipa_server', '_srv_, %s' % ', '.join(cli_server))
    else:
+        domain.set_option('ipa_server_mode', 'True')
        # the master should only use itself for Kerberos
        domain.set_option('ipa_server', cli_server[0])
+
    domain.set_option('ipa_domain', cli_domain)
    domain.set_option('ipa_hostname', client_hostname)
    if cli_domain.lower() != cli_realm.lower():