packages/sssd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
sssd/backport-ad-honor-ad_use_ldaps-setting-with-ad_machine_pw_ren.patch
wjiang 6bcafde74a backport patches from upstream community
2024-12-03 11:04:12 +08:00

62 lines
2.6 KiB
Diff
Raw Blame History

From d004e7b4b977da3dd9f1d3de910c28c093a6fb26 Mon Sep 17 00:00:00 2001
From: santeri3700 <santeri.pikarinen@gmail.com>
Date: Tue, 15 Oct 2024 20:13:20 +0300
Subject: [PATCH] ad: honor ad_use_ldaps setting with ad_machine_pw_renewal
The value of ad_use_ldaps was not passed as `--use-ldaps`
argument to the adcli update command which handles
the automatic renewal of AD machine account password.
Resolves: https://github.com/SSSD/sssd/issues/7642
Signed-off-by: santeri3700 <santeri.pikarinen@gmail.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/providers/ad/ad_machine_pw_renewal.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/providers/ad/ad_machine_pw_renewal.c b/src/providers/ad/ad_machine_pw_renewal.c
index 56b64a2a9..2e54e9bff 100644
--- a/src/providers/ad/ad_machine_pw_renewal.c
+++ b/src/providers/ad/ad_machine_pw_renewal.c
@@ -39,6 +39,7 @@ struct renewal_data {
static errno_t get_adcli_extra_args(const char *ad_domain,
const char *ad_hostname,
const char *ad_keytab,
+ bool ad_use_ldaps,
size_t pw_lifetime_in_days,
bool add_samba_data,
size_t period,
@@ -59,7 +60,7 @@ static errno_t get_adcli_extra_args(const char *ad_domain,
return ENOMEM;
}
- args = talloc_array(renewal_data, const char *, 9);
+ args = talloc_array(renewal_data, const char *, 10);
if (args == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_array failed.\n");
return ENOMEM;
@@ -79,6 +80,9 @@ static errno_t get_adcli_extra_args(const char *ad_domain,
args[c++] = talloc_asprintf(args, "--host-keytab=%s", ad_keytab);
}
args[c++] = talloc_asprintf(args, "--domain=%s", ad_domain);
+ if (ad_use_ldaps) {
+ args[c++] = talloc_strdup(args, "--use-ldaps");
+ }
if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) {
args[c++] = talloc_strdup(args, "--verbose");
}
@@ -390,6 +394,7 @@ errno_t ad_machine_account_password_renewal_init(struct be_ctx *be_ctx,
dp_opt_get_cstring(ad_opts->basic, AD_HOSTNAME),
dp_opt_get_cstring(ad_opts->id_ctx->sdap_id_ctx->opts->basic,
SDAP_KRB5_KEYTAB),
+ dp_opt_get_bool(ad_opts->basic, AD_USE_LDAPS),
lifetime,
dp_opt_get_bool(ad_opts->basic,
AD_UPDATE_SAMBA_MACHINE_ACCOUNT_PASSWORD),
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink