Add a new option to control subdomain enumeration

2 files changed, 16 insertions, 0 deletions

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index 693118e79..6527ede4b 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1129,6 +1129,19 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
         goto done;
     }
 
+    tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+                                      CONFDB_SUBDOMAIN_ENUMERATE,
+                                      CONFDB_DEFAULT_SUBDOMAIN_ENUMERATE);
+    if (tmp != NULL) {
+        ret = split_on_separator(domain, tmp, ',', true, true,
+                                 &domain->sd_enumerate, NULL);
+        if (ret != 0) {
+            DEBUG(SSSDBG_FATAL_FAILURE,
+                  ("Cannot parse %s\n", CONFDB_SUBDOMAIN_ENUMERATE));
+            goto done;
+        }
+    }
+
     *_domain = domain;
     ret = EOK;
 done:
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index ab7abe910..cb2a62425 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -148,6 +148,8 @@
 #define CONFDB_DOMAIN_TIMEOUT "timeout"
 #define CONFDB_DOMAIN_ATTR "cn"
 #define CONFDB_DOMAIN_ENUMERATE "enumerate"
+#define CONFDB_SUBDOMAIN_ENUMERATE "subdomain_enumerate"
+#define CONFDB_DEFAULT_SUBDOMAIN_ENUMERATE "none"
 #define CONFDB_DOMAIN_MINID "min_id"
 #define CONFDB_DOMAIN_MAXID "max_id"
 #define CONFDB_DOMAIN_CACHE_CREDS "cache_credentials"
@@ -199,6 +201,7 @@ struct sss_domain_info {
     char *provider;
     int timeout;
     bool enumerate;
+    char **sd_enumerate;
     bool fqnames;
     bool mpg;
     bool ignore_group_members;