Identity Domain - Combiner for domain enrollment

The combiner detects enrollment into identity domains such as IPA, Active Directory, generic Kerberos realm, and generic LDAP. It parses domains and realms from SSSD, KRB5, IPA, and Samba configuration.

Supported domain types

  • IPA (RHEL IdM, FreeIPA)
  • Active Directory (SSSD)
  • Active Directory (Samba winbind)
  • generic LDAP domain (SSSD)
  • generic LDAP domain with Kerberos authentication (SSSD)
  • generic Kerberos realm (from krb5.conf)

The combiner cannot detect generic Kerberos realms that solely rely upon DNS realm lookup (dns_lookup_realm).

Examples:

DomainInfo(
    name="ipa.test",
    domain_type="IPA",
    server_software="IPA",
    client_software="SSSD",
    domain="ipa.test",
    realm="IPA.TEST",
    workgroup=None,
    ipa_mode="client",
)

DomainInfo(
    name="ad-winbind.test",
    domain_type="Active Directory (winbind)",
    server_software="Active Directory",
    client_software="winbind",
    domain="ad-winbind.test",
    realm="AD-WINBIND.TEST",
    workgroup="AD-WINBIND",
    ipa_mode=None,
)
class insights.combiners.identity_domain.DomainInfo(name, domain_type, server_software, client_software, domain, realm, workgroup, ipa_mode)

Identity domain information

name

user-friendly name either SSSD’s domain name, domain name, or lower-case realm name

Type:str
domain_type

domain type, e.g. IPA or Active Directory (SSSD)

Type:str
server_software

name of the server software, e.g. Active Directory

Type:str
client_software

name of the client software, e.g. SSSD or winbind

Type:str
domain

name of the identity domain, not set for generic Kerberos or LDAP

Type:str, None
realm

Kerberos realm name, not set for generic LDAP

Type:str, None
workgroup

workgroup name, only set for AD with winbind

Type:str, None
ipa_mode

IPA mode (server or client), only set for IPA

Type:str, None
class insights.combiners.identity_domain.IdentityDomain(sssd=None, krb5=None, ipa=None, smb=None)[source]

Bases: object

A combiner for identity domains.

Raises:SkipComponent -- When no identity domains are detected.
domains

List of the namedtuple DomainInfo

Type:list
default_realm

default realm name (if configured)

Type:str, None
dns_lookup_realm

is Kerberos realm DNS lookup enabled?

Type:bool
dns_lookup_kdc

is Kerberos KDC DNS lookup enabled?

Type:bool