From 69994add9cd4e57d40b3b7a0b1783ef2d0aa974c Mon Sep 17 00:00:00 2001
From: Pavel Reichl <preichl@redhat.com>
Date: Wed, 21 May 2014 09:30:13 +0100
Subject: SDAP: Add option to disable use of Token-Groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Disabling use of Token-Groups is mandatory if expansion of nested groups is not
desired (ldap_group_nesting_level = 0) for AD provider.

Resolves:
https://fedorahosted.org/sssd/ticket/2294

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/config/etc/sssd.api.d/sssd-ad.conf   | 1 +
 src/config/etc/sssd.api.d/sssd-ipa.conf  | 1 +
 src/config/etc/sssd.api.d/sssd-ldap.conf | 1 +
 3 files changed, 3 insertions(+)

(limited to 'src/config/etc/sssd.api.d')

diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
index b70e74c0a..33d460e82 100644
--- a/src/config/etc/sssd.api.d/sssd-ad.conf
+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
@@ -111,6 +111,7 @@ ldap_idmap_default_domain = str, None, false
 ldap_idmap_default_domain_sid = str, None, false
 ldap_groups_use_matching_rule_in_chain = bool, None, false
 ldap_initgroups_use_matching_rule_in_chain = bool, None, false
+ldap_use_tokengroups = bool, None, false
 ldap_rfc2307_fallback_to_local_users = bool, None, false
 
 [provider/ad/auth]
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index 3a3f6a4cf..11484e7d4 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -129,6 +129,7 @@ ldap_idmap_default_domain = str, None, false
 ldap_idmap_default_domain_sid = str, None, false
 ldap_groups_use_matching_rule_in_chain = bool, None, false
 ldap_initgroups_use_matching_rule_in_chain = bool, None, false
+ldap_use_tokengroups = bool, None, false
 ldap_rfc2307_fallback_to_local_users = bool, None, false
 ipa_server_mode = bool, None, false
 
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index 0057c080f..fa9cdd698 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -118,6 +118,7 @@ ldap_idmap_default_domain = str, None, false
 ldap_idmap_default_domain_sid = str, None, false
 ldap_groups_use_matching_rule_in_chain = bool, None, false
 ldap_initgroups_use_matching_rule_in_chain = bool, None, false
+ldap_use_tokengroups = bool, None, false
 ldap_rfc2307_fallback_to_local_users = bool, None, false
 ldap_min_id = int, None, false
 ldap_max_id = int, None, false
-- 
cgit