LDAP: Add id-mapping option

6 files changed, 6 insertions, 0 deletions

diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index ddad27657..46ca838e0 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -193,6 +193,7 @@ option_strings = {
     'ldap_enumeration_refresh_timeout' : _('Length of time between enumeration updates'),
     'ldap_purge_cache_timeout' : _('Length of time between cache cleanups'),
     'ldap_id_use_start_tls' : _('Require TLS for ID lookups'),
+    'ldap_id_mapping' : _('Use ID-mapping of objectSID instead of pre-set IDs'),
     'ldap_user_search_base' : _('Base DN for user lookups'),
     'ldap_user_search_scope' : _('Scope of user lookups'),
     'ldap_user_search_filter' : _('Filter for user lookups'),
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index 7e3d3ff7f..162dab579 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -49,6 +49,7 @@ ldap_search_timeout = int, None, false
 ldap_enumeration_refresh_timeout = int, None, false
 ldap_purge_cache_timeout = int, None, false
 ldap_id_use_start_tls = bool, None, false
+ldap_id_mapping = bool, None, false
 ldap_user_search_base = str, None, false
 ldap_user_search_scope = str, None, false
 ldap_user_search_filter = str, None, false
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index df602784b..766216f64 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -41,6 +41,7 @@ ldap_enumeration_search_timeout = int, None, false
 ldap_enumeration_refresh_timeout = int, None, false
 ldap_purge_cache_timeout = int, None, false
 ldap_id_use_start_tls = bool, None, false
+ldap_id_mapping = bool, None, false
 ldap_user_search_base = str, None, false
 ldap_user_search_scope = str, None, false
 ldap_user_search_filter = str, None, false
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index 48c839de7..75ce632e0 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -79,6 +79,7 @@ struct dp_option ipa_def_ldap_opts[] = {
     { "ldap_tls_key", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_tls_cipher_suite", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_id_use_start_tls", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
+    { "ldap_id_mapping", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
     { "ldap_sasl_mech", DP_OPT_STRING, { "GSSAPI" } , NULL_STRING },
     { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h
index a609aca90..1f9ca57a8 100644
--- a/src/providers/ldap/ldap_opts.h
+++ b/src/providers/ldap/ldap_opts.h
@@ -61,6 +61,7 @@ struct dp_option default_basic_opts[] = {
     { "ldap_tls_key", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_tls_cipher_suite", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_id_use_start_tls", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
+    { "ldap_id_mapping", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
     { "ldap_sasl_mech", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 5109ea86a..9ef880042 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -180,6 +180,7 @@ enum sdap_basic_opt {
     SDAP_TLS_KEY,
     SDAP_TLS_CIPHER_SUITE,
     SDAP_ID_TLS,
+    SDAP_ID_MAPPING,
     SDAP_SASL_MECH,
     SDAP_SASL_AUTHID,
     SDAP_SASL_REALM,