>From 59586d5fcd4fd81b72b98f98b01e76aa633b06a5 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 28 Apr 2015 17:04:51 +0200 Subject: [PATCH 4/5] UTIL: Inherit ignore_group_members Resolves: https://fedorahosted.org/sssd/ticket/2644 Allows the administrators to extend ignore_group_members to subdomains as well by setting: subdomain_inherit = ignore_group_members in the domain section. --- src/man/sssd.conf.5.xml | 4 ++++ src/util/domain_info_utils.c | 9 +++++++++ 2 files changed, 13 insertions(+) diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 7d0ba057437f6b4b053b5ce3abec9d5324124d14..55623991c981615e2ad552d7bc5ca956bd45cc62 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -486,6 +486,10 @@ Specifies a list of configuration parameters that should be inherited by a subdomain. Please note that only selected parameters can be inherited. + Currently the following options can be inherited: + + + ignore_group_members Example: diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index dc306848c3b3ba87a5ada1867878e13826da00a8..073ba3c6a2a46c51f762c3afebeebcd3a0e8b7c4 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -206,6 +206,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, const char *forest) { struct sss_domain_info *dom; + bool inherit_option; DEBUG(SSSDBG_TRACE_FUNC, "Creating [%s] as subdomain of [%s]!\n", name, parent->name); @@ -281,6 +282,14 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, dom->enumerate = enumerate; dom->fqnames = true; dom->mpg = mpg; + /* If the parent domain filters out group members, the subdomain should + * as well if configured */ + inherit_option = string_in_list(CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS, + parent->sd_inherit, false); + if (inherit_option) { + dom->ignore_group_members = parent->ignore_group_members; + } + /* If the parent domain explicitly limits ID ranges, the subdomain * should honour the limits as well. */ -- 2.1.0