From 13c88d62a09c152983abc99d989bb077fa987acb Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Sun, 22 Apr 2012 13:57:54 -0400 Subject: LDAP: Add ID mapping range settings --- src/config/SSSDConfig.py | 4 ++++ src/config/etc/sssd.api.d/sssd-ipa.conf | 3 +++ src/config/etc/sssd.api.d/sssd-ldap.conf | 3 +++ src/providers/ipa/ipa_opts.h | 3 +++ src/providers/ldap/ldap_opts.h | 3 +++ src/providers/ldap/sdap.h | 3 +++ 6 files changed, 19 insertions(+) diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index 46ca838e0..a48602b28 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -261,6 +261,10 @@ option_strings = { 'ldap_service_proto' : _('Service protocol attribute'), #replaced by ldap_entry_usn# 'ldap_service_entry_usn' : _('Service entryUSN attribute'), + 'ldap_idmap_range_min' : _('Lower bound for ID-mapping'), + 'ldap_idmap_range_max' : _('Upper bound for ID-mapping'), + 'ldap_idmap_range_size' : _('Number of IDs for each slice when ID-mapping'), + # [provider/ldap/auth] 'ldap_pwd_policy' : _('Policy to evaluate the password expiration'), diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index 162dab579..1cad031fc 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -110,6 +110,9 @@ ldap_service_entry_usn = str, None, false ipa_host_object_class = str, None, false ipa_host_fqdn = str, None, false ipa_host_ssh_public_key = str, None, false +ldap_idmap_range_min = int, None, false +ldap_idmap_range_max = int, None, false +ldap_idmap_range_size = int, None, false [provider/ipa/auth] krb5_ccachedir = str, None, false diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 766216f64..795181554 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -104,6 +104,9 @@ ldap_service_port = str, None, false ldap_service_proto = str, None, false ldap_service_search_base = str, None, false ldap_service_entry_usn = str, None, false +ldap_idmap_range_min = int, None, false +ldap_idmap_range_max = int, None, false +ldap_idmap_range_size = int, None, false [provider/ldap/auth] ldap_pwd_policy = str, None, false diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index 75ce632e0..866bd3ce0 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -114,6 +114,9 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 100001 }, NULL_NUMBER }, + { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000100000LL }, NULL_NUMBER }, + { "ldap_idmap_range_size", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, DP_OPTION_TERMINATOR }; diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h index 1f9ca57a8..a4c780691 100644 --- a/src/providers/ldap/ldap_opts.h +++ b/src/providers/ldap/ldap_opts.h @@ -96,6 +96,9 @@ struct dp_option default_basic_opts[] = { { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 100001 }, NULL_NUMBER }, + { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000100000LL }, NULL_NUMBER }, + { "ldap_idmap_range_size", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, DP_OPTION_TERMINATOR }; diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 9ef880042..71ae246d0 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -211,6 +211,9 @@ enum sdap_basic_opt { SDAP_SASL_CANONICALIZE, SDAP_EXPIRE_TIMEOUT, SDAP_DISABLE_PAGING, + SDAP_IDMAP_LOWER, + SDAP_IDMAP_UPPER, + SDAP_IDMAP_RANGESIZE, SDAP_OPTS_BASIC /* opts counter */ }; -- cgit