diff options
| -rw-r--r-- | src/man/sssd.conf.5.xml | 4 | ||||
| -rw-r--r-- | src/util/domain_info_utils.c | 9 |
2 files changed, 13 insertions, 0 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index f7d688a67..19995be0c 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -483,6 +483,10 @@ Specifies a list of configuration parameters that should be inherited by a subdomain. Please note that only selected parameters can be inherited. + Currently the following options can be inherited: + </para> + <para> + ignore_group_members </para> <para> Example: diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index e0f1120e3..75eca8a9e 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -206,6 +206,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, const char *forest) { struct sss_domain_info *dom; + bool inherit_option; DEBUG(SSSDBG_TRACE_FUNC, "Creating [%s] as subdomain of [%s]!\n", name, parent->name); @@ -281,6 +282,14 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, dom->enumerate = enumerate; dom->fqnames = true; dom->mpg = mpg; + /* If the parent domain filters out group members, the subdomain should + * as well if configured */ + inherit_option = string_in_list(CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS, + parent->sd_inherit, false); + if (inherit_option) { + dom->ignore_group_members = parent->ignore_group_members; + } + /* If the parent domain explicitly limits ID ranges, the subdomain * should honour the limits as well. */ |