>From 07e467c409d7b1b5386eb0221e1e873c2b71fcb1 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 28 Apr 2015 13:48:42 +0200 Subject: [PATCH 4/4] subdomains: Inherit cleanup period and tokengroup settings from parent domain Allows the administrator to extend the functionality of ldap_purge_cache_timeout and ldap_use_tokengroups to the subdomains. This is a less intrusive way of achieving: https://fedorahosted.org/sssd/ticket/2627 --- src/man/sssd.conf.5.xml | 6 ++++++ src/providers/ad/ad_subdomains.c | 4 ++++ src/providers/ipa/ipa_subdomains.c | 4 ++++ src/providers/ldap/ldap_common.c | 19 +++++++++++++++++++ src/providers/ldap/ldap_common.h | 4 ++++ 5 files changed, 37 insertions(+) diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 98c8ea2ff1462139c398cf0be6273b985442b6b6..bc0bb94143e53ead34b43d5500b18e44f50d71ae 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -492,6 +492,12 @@ ignore_group_members + ldap_purge_cache_timeout + + + ldap_use_tokengroups + + Example: subdomain_inherit = ldap_purge_cache_timeout diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 5a6e9338d6dc581fba4f76e8b28f92a558eb6294..17a90d0d42561b32d345f2876dc5549a814aaf20 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -183,6 +183,10 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, return EFAULT; } + ldap_inherit_options(subdom->parent, + id_ctx->sdap_id_ctx->opts->basic, + ad_id_ctx->sdap_id_ctx->opts->basic); + /* Set up the ID mapping object */ ad_id_ctx->sdap_id_ctx->opts->idmap_ctx = id_ctx->sdap_id_ctx->opts->idmap_ctx; diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 20657ebb556f75108f64faecc6ad1ccc1d7e26fd..f996812022a7c691cad800524f997fdbb8517dce 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -232,6 +232,10 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx, return EFAULT; } + ldap_inherit_options(subdom->parent, + id_ctx->sdap_id_ctx->opts->basic, + ad_id_ctx->sdap_id_ctx->opts->basic); + ret = sdap_id_setup_tasks(be_ctx, ad_id_ctx->sdap_id_ctx, sdom, diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 8133431cc35f008768484b43cf7926d41fa0b2e0..f9bda1c5f43426c405cd03c1449cd12f9455628b 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -962,3 +962,22 @@ sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, return sdap_ctx; } + +void ldap_inherit_options(struct sss_domain_info *parent_dom, + struct dp_option *parent_opts, + struct dp_option *subdom_opts) +{ + int inherit_options[] = { + SDAP_CACHE_PURGE_TIMEOUT, + SDAP_AD_USE_TOKENGROUPS, + SDAP_OPTS_BASIC /* sentinel */ + }; + int i; + + for (i = 0; inherit_options[i] != SDAP_OPTS_BASIC; i++) { + dp_option_inherit(parent_dom, + inherit_options[i], + parent_opts, + subdom_opts); + } +} diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 57ad1b8458988d7e108f019c20f67bcde32539d4..9c52558839482a99acf4658a329c3852ef87bce3 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -328,4 +328,8 @@ sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, errno_t sdap_refresh_init(struct be_refresh_ctx *refresh_ctx, struct sdap_id_ctx *id_ctx); +void ldap_inherit_options(struct sss_domain_info *parent_dom, + struct dp_option *parent_opts, + struct dp_option *subdom_opts); + #endif /* _LDAP_COMMON_H_ */ -- 2.1.0