From 1933ff17513da1d979dd22776a03478341ef5e6b Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 11 Jul 2013 10:06:09 -0400
Subject: Netgroups should ignore the 'use_fully_qualified_names' setting

Netgroups often have memberNisNetgroup entries included in them
that will never process correctly if we require fully-qualified
names on the nested lookup. This patch alters the behavior of
netgroup lookups to check *all* domains for an unqualified
netgroup name, instead of only the ones not requiring fully-
qualified names.

https://fedorahosted.org/sssd/ticket/2013
---
 src/man/sssd.conf.5.xml | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/man')

diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 4f01794d6..31150a6aa 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -1212,6 +1212,13 @@ override_homedir = /home/%u
                             wouldn't find the user while <command>getent
                             passwd test@LOCAL</command> would.
                         </para>
+                        <para>
+                            NOTE: This option has no effect on netgroup
+                            lookups due to their tendency to include nested
+                            netgroups without qualified names. For netgroups,
+                            all domains will be searched when an unqualified
+                            name is requested.
+                        </para>
                         <para>
                             Default: FALSE
                         </para>
-- 
cgit