From af81aaa57f82eab78647113c391bd84247f96150 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 16 Feb 2010 14:11:00 +0100
Subject: Better cleanup task handling

Implements a different mechanism for cleanup task. Instead of just
deleting expired entries, this patch adds a new option
account_cache_expiration for domains. If an entry is expired and the last
login was more days in the past that account_cache_expiration, the entry is
deleted.

Groups are deleted if they are expired and and no user references them
(no user has memberof: attribute pointing at that group).

The parameter account_cache_expiration is not LDAP-specific, so that other
future backends might use the same timeout setting.

Fixes: #391
---
 src/config/SSSDConfig.py     | 1 +
 src/config/SSSDConfigTest.py | 2 ++
 src/config/etc/sssd.api.conf | 1 +
 3 files changed, 4 insertions(+)

(limited to 'src/config')

diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 471ecb6c5..2697c71ba 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -80,6 +80,7 @@ option_strings = {
     'use_fully_qualified_names' : _('Display users/groups in fully-qualified form'),
     'entry_cache_timeout' : _('Entry cache timeout length (seconds)'),
     'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'),
+    'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'),
 
     # [provider/ipa]
     'ipa_domain' : _('IPA domain'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index eed1de311..9f9e75f56 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -415,6 +415,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'use_fully_qualified_names',
             'entry_cache_timeout',
             'lookup_family_order',
+            'account_cache_expiration',
             'id_provider',
             'auth_provider',
             'access_provider',
@@ -725,6 +726,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
             'store_legacy_passwords',
             'use_fully_qualified_names',
             'entry_cache_timeout',
+            'account_cache_expiration',
             'lookup_family_order',
             'id_provider',
             'auth_provider',
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 35890acc0..14ec30835 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -55,6 +55,7 @@ store_legacy_passwords = bool, None, false
 use_fully_qualified_names = bool, None, false
 entry_cache_timeout = int, None, false
 lookup_family_order = str, None, false
+account_cache_expiration = int, None, false
 
 # Special providers
 [provider/permit]
-- 
cgit