Make IPA paths configurable or use base searches for HBAC related data

[sssd-bot]

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/777

• Created at 2011-01-14 17:53:18 by sbose
• Closed as Fixed
• Assigned to sbose

---

Currently the search paths for HBAC data are hardcoded. Chances are that these might change in future so a more flexible solution needs to be found.

Comments

---

Comment from sgallagh at 2011-01-17 15:37:23

Please add an {{{ipa_hbac_search_base}}} option to SSSD that defaults to {{{ldap_search_base}}} and perform lookups with an LDAP search expression including the HBAC objectClass.

doc: 0 => 1
milestone: NEEDS_TRIAGE => SSSD 1.5.1
priority: major => critical
tests: 0 => 1

---

Comment from sbose at 2011-01-18 13:10:15

We set ldap_search_base to "cn=accounts"+base_dn in ipa_common.c. So if we do not change this, too, I would suggest to default to the base_dn.

---

Comment from sgallagh at 2011-01-18 13:17:38

Unfortunately, we can't default to the base_dn for {{{ldap_search_base}}} in IPA because of the compat tree. If we search from the base, we always get duplicate entries (and it plays havoc with our processing).

---

Comment from sbose at 2011-01-18 13:28:30

Ah, sorry, I've meant to use the base DN as a default for ipa_hbac_search_base not for ldap_search_base.

---

Comment from sbose at 2011-01-20 12:57:11

fixed by 56789cf

resolution: => fixed
status: new => closed

---

Comment from dpal at 2012-01-19 03:04:07

Fields changed

rhbz: => 0

---

Comment from sbose at 2017-02-24 15:03:31

Metadata Update from @sbose:

• Issue assigned to sbose
• Issue set to the milestone: SSSD 1.5.1