|
 |
e543c9 |
From 71565f0969738171e04f35e9aba93e63e4e83a8e Mon Sep 17 00:00:00 2001
|
|
|
e543c9 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
e543c9 |
Date: Tue, 28 Apr 2015 17:04:51 +0200
|
|
|
e543c9 |
Subject: [PATCH 206/207] UTIL: Inherit ignore_group_members
|
|
|
e543c9 |
|
|
|
e543c9 |
Resolves:
|
|
|
e543c9 |
https://fedorahosted.org/sssd/ticket/2644
|
|
|
e543c9 |
|
|
|
e543c9 |
Allows the administrators to extend ignore_group_members to subdomains
|
|
|
e543c9 |
as well by setting:
|
|
|
e543c9 |
subdomain_inherit = ignore_group_members
|
|
|
e543c9 |
in the domain section.
|
|
|
e543c9 |
|
|
|
e543c9 |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
e543c9 |
(cherry picked from commit 01c049ceef55c7bbfca1e47cecb2a0a2cf0a5d44)
|
|
|
e543c9 |
---
|
|
|
e543c9 |
src/man/sssd.conf.5.xml | 4 ++++
|
|
|
e543c9 |
src/util/domain_info_utils.c | 9 +++++++++
|
|
|
e543c9 |
2 files changed, 13 insertions(+)
|
|
|
e543c9 |
|
|
|
e543c9 |
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
|
|
|
e543c9 |
index f7d688a..19995be 100644
|
|
|
e543c9 |
--- a/src/man/sssd.conf.5.xml
|
|
|
e543c9 |
+++ b/src/man/sssd.conf.5.xml
|
|
|
e543c9 |
@@ -483,6 +483,10 @@
|
|
|
e543c9 |
Specifies a list of configuration parameters that
|
|
|
e543c9 |
should be inherited by a subdomain. Please note
|
|
|
e543c9 |
that only selected parameters can be inherited.
|
|
|
e543c9 |
+ Currently the following options can be inherited:
|
|
|
e543c9 |
+ </para>
|
|
|
e543c9 |
+ <para>
|
|
|
e543c9 |
+ ignore_group_members
|
|
|
e543c9 |
</para>
|
|
|
e543c9 |
<para>
|
|
|
e543c9 |
Example:
|
|
|
e543c9 |
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
|
|
|
e543c9 |
index e0f1120..75eca8a 100644
|
|
|
e543c9 |
--- a/src/util/domain_info_utils.c
|
|
|
e543c9 |
+++ b/src/util/domain_info_utils.c
|
|
|
e543c9 |
@@ -206,6 +206,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
|
|
|
e543c9 |
const char *forest)
|
|
|
e543c9 |
{
|
|
|
e543c9 |
struct sss_domain_info *dom;
|
|
|
e543c9 |
+ bool inherit_option;
|
|
|
e543c9 |
|
|
|
e543c9 |
DEBUG(SSSDBG_TRACE_FUNC,
|
|
|
e543c9 |
"Creating [%s] as subdomain of [%s]!\n", name, parent->name);
|
|
|
e543c9 |
@@ -281,6 +282,14 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
|
|
|
e543c9 |
dom->enumerate = enumerate;
|
|
|
e543c9 |
dom->fqnames = true;
|
|
|
e543c9 |
dom->mpg = mpg;
|
|
|
e543c9 |
+ /* If the parent domain filters out group members, the subdomain should
|
|
|
e543c9 |
+ * as well if configured */
|
|
|
e543c9 |
+ inherit_option = string_in_list(CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS,
|
|
|
e543c9 |
+ parent->sd_inherit, false);
|
|
|
e543c9 |
+ if (inherit_option) {
|
|
|
e543c9 |
+ dom->ignore_group_members = parent->ignore_group_members;
|
|
|
e543c9 |
+ }
|
|
|
e543c9 |
+
|
|
|
e543c9 |
/* If the parent domain explicitly limits ID ranges, the subdomain
|
|
|
e543c9 |
* should honour the limits as well.
|
|
|
e543c9 |
*/
|
|
|
e543c9 |
--
|
|
|
e543c9 |
2.1.0
|
|
|
e543c9 |
|