From 3963d3fa9e3099bc02d612b5051d8b769d6e3a75 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Sun, 10 Jun 2012 13:06:57 -0400
Subject: LDAP: Add ldap_*_use_matching_rule_in_chain options

---
 src/config/SSSDConfig/__init__.py.in     | 3 +++
 src/config/etc/sssd.api.d/sssd-ipa.conf  | 2 ++
 src/config/etc/sssd.api.d/sssd-ldap.conf | 2 ++
 3 files changed, 7 insertions(+)

(limited to 'src/config')

diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 74bdde1d..d7895b49 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -273,6 +273,9 @@ option_strings = {
     'ldap_idmap_default_domain' : _('Name of the default domain for ID-mapping'),
     'ldap_idmap_default_domain_sid' : _('SID of the default domain for ID-mapping'),
 
+    'ldap_groups_use_matching_rule_in_chain' : _('Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups'),
+    'ldap_initgroups_use_matching_rule_in_chain' : _('Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups'),
+
     # [provider/ldap/auth]
     'ldap_pwd_policy' : _('Policy to evaluate the password expiration'),
 
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index 6094a47d..24f3c688 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -118,6 +118,8 @@ ldap_idmap_range_size = int, None, false
 ldap_idmap_autorid_compat = bool, None, false
 ldap_idmap_default_domain = str, None, false
 ldap_idmap_default_domain_sid = str, None, false
+ldap_groups_use_matching_rule_in_chain = bool, None, false
+ldap_initgroups_use_matching_rule_in_chain = bool, None, false
 
 [provider/ipa/auth]
 krb5_ccachedir = str, None, false
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index a0694c70..cfd47e5e 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -111,6 +111,8 @@ ldap_idmap_range_size = int, None, false
 ldap_idmap_autorid_compat = bool, None, false
 ldap_idmap_default_domain = str, None, false
 ldap_idmap_default_domain_sid = str, None, false
+ldap_groups_use_matching_rule_in_chain = bool, None, false
+ldap_initgroups_use_matching_rule_in_chain = bool, None, false
 
 [provider/ldap/auth]
 ldap_pwd_policy = str, None, false
-- 
cgit