summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2010-06-08 08:14:35 -0400
committerStephen Gallagher <sgallagh@redhat.com>2010-06-09 08:29:34 -0400
commit855abda5ed5a0dcae499632ed5ead1d4cd293b48 (patch)
tree1643486ecb8645e903488148b5e7be697673172b
parent7bfc287b693d3696bd5b3c60bdb7e543eb230f9b (diff)
downloadsssd-855abda5ed5a0dcae499632ed5ead1d4cd293b48.tar.gz
sssd-855abda5ed5a0dcae499632ed5ead1d4cd293b48.tar.xz
sssd-855abda5ed5a0dcae499632ed5ead1d4cd293b48.zip
Change default min_id to 1
Also update manpage for min_id/max_id to be more clear about how it relates to primary GID.
-rw-r--r--src/confdb/confdb.h2
-rwxr-xr-xsrc/config/SSSDConfigTest.py7
-rw-r--r--src/config/etc/sssd.api.conf2
-rw-r--r--src/man/sssd.conf.5.xml14
4 files changed, 16 insertions, 9 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index be4dfb6f7..ae7502f8d 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -39,7 +39,7 @@
#define CONFDB_FILE "config.ldb"
#define CONFDB_DEFAULT_CONFIG_FILE SSSD_CONF_DIR"/sssd.conf"
-#define SSSD_MIN_ID 1000
+#define SSSD_MIN_ID 1
/* Configuration options */
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 04d438e06..ea897d716 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -595,7 +595,6 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
options = domain.list_mandatory_options()
control_list = [
'cache_credentials',
- 'min_id',
'id_provider',
'auth_provider']
@@ -989,9 +988,9 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
domain = SSSDConfig.SSSDDomain('sssd', self.schema)
# Positive test - Remove existing option
- self.assertTrue('min_id' in domain.get_all_options().keys())
- domain.remove_option('min_id')
- self.assertFalse('min_id' in domain.get_all_options().keys())
+ self.assertTrue('cache_credentials' in domain.get_all_options().keys())
+ domain.remove_option('cache_credentials')
+ self.assertFalse('cache_credentials' in domain.get_all_options().keys())
# Positive test - Remove unset but valid option
self.assertFalse('max_id' in domain.get_all_options().keys())
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 7d0e20c77..f0ef41149 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -46,7 +46,7 @@ chpass_provider = str, None, false
debug_level = int, None, false, 0
debug_timestamps = bool, None, false
command = str, None, false
-min_id = int, None, true, 1000
+min_id = int, None, false
max_id = int, None, false
timeout = int, None, false
enumerate = bool, None, false
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index bd2d3acd1..497fae630 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -396,11 +396,19 @@
<term>min_id,max_id (integer)</term>
<listitem>
<para>
- UID limits for the domain. If a domain contains
- entry that is outside these limits, it is ignored
+ UID and GID limits for the domain. If a domain
+ contains an entry that is outside these limits, it
+ is ignored.
</para>
<para>
- Default: 1000 for min_id, 0 (no limit) for max_id
+ For users, this affects the primary GID limit. The
+ user will not be returned to NSS if either the
+ UID or the primary GID is outside the range. For
+ non-primary group memberships, those that are in
+ range will be reported as expected.
+ </para>
+ <para>
+ Default: 1 for min_id, 0 (no limit) for max_id
</para>
</listitem>
</varlistentry>