diff --git a/Cargo.toml b/Cargo.toml index 807470f..b802ec7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -40,7 +40,7 @@ tracing-subscriber = "^0.3.17" tracing = "^0.1.37" himmelblau_unix_common = { path = "src/common" } kanidm_unix_common = { path = "src/glue" } -libhimmelblau = { version = "0.3.8" } +libhimmelblau = { version = "0.3.9" } clap = { version = "^4.5", features = ["derive", "env"] } clap_complete = "^4.4.1" reqwest = { version = "^0.12.2", features = ["json"] } diff --git a/man/man5/himmelblau.conf.5 b/man/man5/himmelblau.conf.5 index 9215a1e..c2e8c6e 100644 --- a/man/man5/himmelblau.conf.5 +++ b/man/man5/himmelblau.conf.5 @@ -260,7 +260,7 @@ connection_timeout = 5 .TP .B cache_timeout .RE -The timeout for caching authentication data. Default is 15 seconds. +The timeout for caching authentication data. Default is 300 seconds (5 minutes). .EXAMPLES cache_timeout = 10 diff --git a/platform/debian/himmelblau.conf.example b/platform/debian/himmelblau.conf.example index 58e97eb..48f5176 100644 --- a/platform/debian/himmelblau.conf.example +++ b/platform/debian/himmelblau.conf.example @@ -93,7 +93,7 @@ home_alias = CN # shell = /bin/bash ; default shell for the user # idmap_range = 5000000-5999999 # connection_timeout = 2 -# cache_timeout = 15 +# cache_timeout = 300 use_etc_skel = true # selinux = true diff --git a/src/common/src/config.rs b/src/common/src/config.rs index 0eb9674..3a3e21f 100644 --- a/src/common/src/config.rs +++ b/src/common/src/config.rs @@ -455,6 +455,10 @@ impl HimmelblauConfig { self.config.get(domain, "tenant_id") } + pub fn get_graph_url(&self, domain: &str) -> Option { + self.config.get(domain, "graph_url") + } + pub fn get_local_groups(&self) -> Vec { match self.config.get("global", "local_groups") { Some(val) => val.split(',').map(|s| s.to_string()).collect(), diff --git a/src/common/src/constants.rs b/src/common/src/constants.rs index 3bb4286..951225f 100644 --- a/src/common/src/constants.rs +++ b/src/common/src/constants.rs @@ -35,7 +35,7 @@ pub const DEFAULT_GRAPH: &str = "https://graph.microsoft.com"; pub const DEFAULT_APP_ID: &str = "b743a22d-6705-4147-8670-d92fa515ee2b"; pub const DRS_APP_ID: &str = "01cb2876-7ebd-4aa4-9cc9-d28bd4d359a9"; pub const DEFAULT_CONN_TIMEOUT: u64 = 30; -pub const DEFAULT_CACHE_TIMEOUT: u64 = 15; +pub const DEFAULT_CACHE_TIMEOUT: u64 = 300; pub const DEFAULT_SELINUX: bool = true; pub const DEFAULT_HSM_PIN_PATH: &str = "/var/lib/himmelblaud/hsm-pin"; pub const DEFAULT_HELLO_ENABLED: bool = true; diff --git a/src/common/src/idprovider/himmelblau.rs b/src/common/src/idprovider/himmelblau.rs index 114b98a..87ec361 100644 --- a/src/common/src/idprovider/himmelblau.rs +++ b/src/common/src/idprovider/himmelblau.rs @@ -22,7 +22,6 @@ use super::interface::{ use crate::config::split_username; use crate::config::HimmelblauConfig; use crate::config::IdAttr; -use crate::constants::DEFAULT_GRAPH; use crate::db::KeyStoreTxn; use crate::idprovider::interface::tpm; use crate::unix_proto::PamAuthRequest; @@ -112,12 +111,13 @@ impl HimmelblauMultiProvider { let mut idmap_lk = idmap.write().await; let authority_host = cfg.get_authority_host(&domain); let tenant_id = cfg.get_tenant_id(&domain); + let graph_url = cfg.get_graph_url(&domain); let graph = match Graph::new( &cfg.get_odc_provider(&domain), &domain, Some(&authority_host), tenant_id.as_deref(), - Some(DEFAULT_GRAPH), + graph_url.as_deref(), ) .await { @@ -1407,6 +1407,12 @@ impl HimmelblauProvider { "Setting domain {} config authority_host to {}", self.domain, &self.authority_host ); + let graph_url = self.graph.graph_url(); + config.set(&self.domain, "graph_url", &graph_url); + debug!( + "Setting domain {} config graph_url to {}", + self.domain, &graph_url + ); if let Err(e) = config.write_server_config() { return Err(MsalError::GeneralFailure(format!( "Failed to write domain join configuration: {:?}", diff --git a/src/config/himmelblau.conf.example b/src/config/himmelblau.conf.example index 2d933a8..7a6ad34 100644 --- a/src/config/himmelblau.conf.example +++ b/src/config/himmelblau.conf.example @@ -91,7 +91,7 @@ # shell = /bin/bash ; default shell for the user # idmap_range = 5000000-5999999 # connection_timeout = 2 -# cache_timeout = 15 +# cache_timeout = 300 # use_etc_skel = false # selinux = true