URL: https://github.com/SSSD/sssd/pull/247 Author: mzidek-rh Title: #247: Subdomain inherit Action: opened
PR body: """ I tested if the options that work in subdomain inherit also work in trusted domain section in sssd.conf. Most seem to work without any changes in the code except for two. With these two patches only one that does not work remains (I wanted to send patchset that adds all the options, but I got stuck on the option that sets the ldap principal, so I am sending this in the meantime). """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/247/head:pr247 git checkout pr247
From b4207ed070860509736e152b4788f21b6588c9c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com> Date: Fri, 21 Apr 2017 13:11:39 +0200 Subject: [PATCH 1/2] SUBDOMAINS: Configurable ignore_group_members Allow ignore_group_members in the subdomain section in sssd.conf. Resolves: https://pagure.io/SSSD/sssd/issue/3337 --- src/db/sysdb_subdomains.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c index e2a4f7b..063177d 100644 --- a/src/db/sysdb_subdomains.c +++ b/src/db/sysdb_subdomains.c @@ -218,6 +218,22 @@ check_subdom_config_file(struct confdb_ctx *confdb, sd_conf_path, CONFDB_DOMAIN_FQ, subdomain->fqnames ? "TRUE" : "FALSE"); + + /* ignore_group_members */ + ret = confdb_get_bool(confdb, sd_conf_path, + CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS, + false, &subdomain->ignore_group_members); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to get %s option for the subdomain: %s\n", + CONFDB_DOMAIN_FQ, subdomain->name); + goto done; + } + + DEBUG(SSSDBG_CONF_SETTINGS, "%s/%s has value %s\n", + sd_conf_path, CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS, + subdomain->ignore_group_members ? "TRUE" : "FALSE"); + ret = EOK; done: talloc_free(tmp_ctx); From 5f2d1616421d6f9c32bb07cd530abf2c4e756293 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com> Date: Fri, 21 Apr 2017 17:44:41 +0200 Subject: [PATCH 2/2] MAN: Add options for subdomains Add options supported in subdomain_inherit to the subdomain section of sssd.conf. Resolves: https://pagure.io/SSSD/sssd/issue/3337 --- src/man/sssd.conf.5.xml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index c712870..a5cdcba 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -2923,7 +2923,12 @@ ldap_user_extra_attrs = phone:telephoneNumber <para>ad_server,</para> <para>ad_backup_server,</para> <para>ad_site,</para> - <para>use_fully_qualified_names</para> + <para>use_fully_qualified_names,</para> + <para>ignore_group_members,</para> + <para>ldap_purge_cache_timeout,</para> + <para>ldap_use_tokengroups,</para> + <para>ldap_user_principal.</para> + <para> For more details about these options see their individual description in the manual page.
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org