diff options
author | Paul B. Henson <henson@acm.org> | 2012-11-13 03:31:43 -0800 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-05-31 21:34:04 +0200 |
commit | 868bf88fdf1adde15f6c3423d199d62290861c37 (patch) | |
tree | 8f56640d7e2e429d778e2dd7a5eb0d4f22d754db /src/providers | |
parent | c13eb9379fbe9958a4f810ba14171a3d5335d62e (diff) | |
download | sssd-868bf88fdf1adde15f6c3423d199d62290861c37.tar.gz sssd-868bf88fdf1adde15f6c3423d199d62290861c37.tar.xz sssd-868bf88fdf1adde15f6c3423d199d62290861c37.zip |
Add ignore_group_members option.
https://fedorahosted.org/sssd/ticket/1376
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/ldap_id.c | 9 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 6 |
2 files changed, 13 insertions, 2 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index d8dc3b299..d4f9d2d8a 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -379,6 +379,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, enum idmap_error_code err; char *sid; bool use_id_mapping = dp_opt_get_bool(ctx->opts->basic, SDAP_ID_MAPPING); + const char *member_filter[2]; req = tevent_req_create(memctx, &state, struct groups_get_state); if (!req) return NULL; @@ -477,9 +478,15 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, goto fail; } + member_filter[0] = (const char *)ctx->opts->group_map[SDAP_AT_GROUP_MEMBER].name; + member_filter[1] = NULL; + /* TODO: handle attrs_type */ ret = build_attrs_from_map(state, ctx->opts->group_map, SDAP_OPTS_GROUP, - NULL, &state->attrs, NULL); + state->domain->ignore_group_members ? + (const char **)member_filter : NULL, + &state->attrs, NULL); + if (ret != EOK) goto fail; ret = groups_get_retry(req); diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 42802f58d..f52bbb6e3 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -1799,8 +1799,12 @@ static void sdap_get_groups_done(struct tevent_req *subreq) if (state->check_count == 0) { DEBUG(9, ("All groups processed\n")); + /* If ignore_group_members is set for the domain, don't update + * group memberships in the cache. + */ ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts, - state->groups, state->count, true, NULL, + state->groups, state->count, + !state->dom->ignore_group_members, NULL, &state->higher_usn); if (ret) { DEBUG(2, ("Failed to store groups.\n")); |