diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2013-05-14 18:00:10 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-05-23 11:52:21 +0200 |
commit | c13eb9379fbe9958a4f810ba14171a3d5335d62e (patch) | |
tree | 812253b5bae16635799d883e0fbed27acb1545ec /src/config | |
parent | 200d054efd449435e2bc9d8f7a00fee2183d9c75 (diff) | |
download | sssd-c13eb9379fbe9958a4f810ba14171a3d5335d62e.tar.gz sssd-c13eb9379fbe9958a4f810ba14171a3d5335d62e.tar.xz sssd-c13eb9379fbe9958a4f810ba14171a3d5335d62e.zip |
Adding option to disable retrieving large AD groups.
This commit adds new option ldap_disable_range_retrieval with default value
FALSE. If this option is enabled, large groups(>1500) will not be retrieved and
behaviour will be similar like was before commit ae8d047122c
"LDAP: Handle very large Active Directory groups"
https://fedorahosted.org/sssd/ticket/1823
Diffstat (limited to 'src/config')
-rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 1 | ||||
-rw-r--r-- | src/config/etc/sssd.api.d/sssd-ldap.conf | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 3c6d84c5d..458bd4c48 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -208,6 +208,7 @@ option_strings = { 'ldap_connection_expiration_timeout' : _('How long to retain a connection to the LDAP server before disconnecting'), 'ldap_disable_paging' : _('Disable the LDAP paging control'), + 'ldap_disable_range_retrieval' : _('Disable Active Directory range retrieval'), # [provider/ldap/id] 'ldap_search_timeout' : _('Length of time to wait for a search request'), diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 40e2aa09d..14e979da3 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -35,6 +35,7 @@ ldap_sasl_canonicalize = bool, None, false ldap_sasl_minssf = int, None, false ldap_connection_expire_timeout = int, None, false ldap_disable_paging = bool, None, false +ldap_disable_range_retrieval = bool, None, false [provider/ldap/id] ldap_search_timeout = int, None, false |