diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2010-02-16 14:11:00 +0100 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-02-23 16:16:25 -0500 |
| commit | af81aaa57f82eab78647113c391bd84247f96150 (patch) | |
| tree | b68313b8e8a5f71c76fda78e5750cf86f794c72d /src/config | |
| parent | f8c6a449412c6d5aa86609584fe4e530fd51a4b1 (diff) | |
| download | sssd-af81aaa57f82eab78647113c391bd84247f96150.tar.gz sssd-af81aaa57f82eab78647113c391bd84247f96150.tar.xz sssd-af81aaa57f82eab78647113c391bd84247f96150.zip | |
Better cleanup task handling
Implements a different mechanism for cleanup task. Instead of just
deleting expired entries, this patch adds a new option
account_cache_expiration for domains. If an entry is expired and the last
login was more days in the past that account_cache_expiration, the entry is
deleted.
Groups are deleted if they are expired and and no user references them
(no user has memberof: attribute pointing at that group).
The parameter account_cache_expiration is not LDAP-specific, so that other
future backends might use the same timeout setting.
Fixes: #391
Diffstat (limited to 'src/config')
| -rw-r--r-- | src/config/SSSDConfig.py | 1 | ||||
| -rwxr-xr-x | src/config/SSSDConfigTest.py | 2 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.conf | 1 |
3 files changed, 4 insertions, 0 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index 471ecb6c5..2697c71ba 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -80,6 +80,7 @@ option_strings = { 'use_fully_qualified_names' : _('Display users/groups in fully-qualified form'), 'entry_cache_timeout' : _('Entry cache timeout length (seconds)'), 'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'), + 'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index eed1de311..9f9e75f56 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -415,6 +415,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'use_fully_qualified_names', 'entry_cache_timeout', 'lookup_family_order', + 'account_cache_expiration', 'id_provider', 'auth_provider', 'access_provider', @@ -725,6 +726,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'store_legacy_passwords', 'use_fully_qualified_names', 'entry_cache_timeout', + 'account_cache_expiration', 'lookup_family_order', 'id_provider', 'auth_provider', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 35890acc0..14ec30835 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -55,6 +55,7 @@ store_legacy_passwords = bool, None, false use_fully_qualified_names = bool, None, false entry_cache_timeout = int, None, false lookup_family_order = str, None, false +account_cache_expiration = int, None, false # Special providers [provider/permit] |