Adding option to disable retrieving large AD groups.

This commit adds new option ldap_disable_range_retrieval with default value
FALSE. If this option is enabled, large groups(>1500) will not be retrieved and
behaviour will be similar like was before commit ae8d047122c
"LDAP: Handle very large Active Directory groups"

https://fedorahosted.org/sssd/ticket/1823

2 files changed, 2 insertions, 0 deletions

diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 3c6d84c5d..458bd4c48 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -208,6 +208,7 @@ option_strings = {
     'ldap_connection_expiration_timeout' : _('How long to retain a connection to the LDAP server before disconnecting'),
 
     'ldap_disable_paging' : _('Disable the LDAP paging control'),
+    'ldap_disable_range_retrieval' : _('Disable Active Directory range retrieval'),
 
     # [provider/ldap/id]
     'ldap_search_timeout' : _('Length of time to wait for a search request'),
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index 40e2aa09d..14e979da3 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -35,6 +35,7 @@ ldap_sasl_canonicalize = bool, None, false
 ldap_sasl_minssf = int, None, false
 ldap_connection_expire_timeout = int, None, false
 ldap_disable_paging = bool, None, false
+ldap_disable_range_retrieval = bool, None, false
 
 [provider/ldap/id]
 ldap_search_timeout = int, None, false