ldap: Fallback option for rfc2307 schema

Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020
author: Simo Sorce <simo@redhat.com> 2013-03-15 15:27:31 -0400
committer: Jakub Hrozek <jhrozek@redhat.com> 2013-03-21 18:40:05 +0100
commit: 8acdbd4063008395547ef5582e623683d34afe17 (patch)
tree: 5963945b09f8927393c12fd36215e79029c9a9df /src/providers/ipa
parent: 8b8019fe3dd1564fba657e219ec20ff816c7ffdb (diff)
download: sssd-8acdbd4063008395547ef5582e623683d34afe17.tar.gz
sssd-8acdbd4063008395547ef5582e623683d34afe17.tar.xz
sssd-8acdbd4063008395547ef5582e623683d34afe17.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index fe9f48930..ff461db19 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -134,6 +134,7 @@ struct dp_option ipa_def_ldap_opts[] = {
     { "ldap_idmap_default_domain_sid", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_groups_use_matching_rule_in_chain", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
     { "ldap_initgroups_use_matching_rule_in_chain", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
+    { "ldap_rfc2307_fallback_to_local_users", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
     DP_OPTION_TERMINATOR
 };
author	Simo Sorce <simo@redhat.com>	2013-03-15 15:27:31 -0400
committer	Jakub Hrozek <jhrozek@redhat.com>	2013-03-21 18:40:05 +0100
commit	8acdbd4063008395547ef5582e623683d34afe17 (patch)
tree	5963945b09f8927393c12fd36215e79029c9a9df /src/providers/ipa
parent	8b8019fe3dd1564fba657e219ec20ff816c7ffdb (diff)
download	sssd-8acdbd4063008395547ef5582e623683d34afe17.tar.gz sssd-8acdbd4063008395547ef5582e623683d34afe17.tar.xz sssd-8acdbd4063008395547ef5582e623683d34afe17.zip