From caee9828ee30609e9f433957dbb3d0163390a207 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 19 Aug 2013 17:15:47 +0200
Subject: ipa-server-mode: add IPA group memberships to AD users

When IPA trusts an AD domain the AD user or groups can be placed into
IPA groups e.g. to put AD users under the control of HBAC. Since IPA
group can only have members from the IPA directory tree and the AD users
and groups are not stored there a special IPA object called external
group was introduced. SIDs of users and groups can be added to the
external group and since the external groups are in the IPA directory
tree they can be member of IPA groups.

To speed things up and to remove some load from the IPA servers SSSD
reads all external groups and stores them in memory for some time before
rereading the data.

Enhances https://fedorahosted.org/sssd/ticket/1962
---
 Makefile.am | 1 +
 1 file changed, 1 insertion(+)

(limited to 'Makefile.am')

diff --git a/Makefile.am b/Makefile.am
index c3f3c4a54..3dd81ad07 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1565,6 +1565,7 @@ libsss_ipa_la_SOURCES = \
     src/providers/ipa/ipa_hosts.c \
     src/providers/ipa/ipa_subdomains.c \
     src/providers/ipa/ipa_subdomains_id.c \
+    src/providers/ipa/ipa_subdomains_ext_groups.c \
     src/providers/ipa/ipa_s2n_exop.c \
     src/providers/ipa/ipa_hbac_hosts.c \
     src/providers/ipa/ipa_hbac_private.h \
-- 
cgit