On 08/20/2009 10:59 AM, Sumit Bose wrote: > On Thu, Aug 20, 2009 at 10:50:29AM -0400, Stephen Gallagher wrote: >> On 08/20/2009 10:34 AM, Stephen Gallagher wrote: >>> This patch will resolve https://fedorahosted.org/sssd/ticket/95 by >>> making MPG=false an impossible configuration for the LOCAL provider. >>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> sssd-devel mailing list >>> sssd-devel@lists.fedorahosted.org >>> https://fedorahosted.org/mailman/listinfo/sssd-devel >> >> Whoops, wrong patch. Correct one attached this time (I hope) >> >> >> -- >> Stephen Gallagher >> RHCE 804006346421761 >> >> Looking to carve out IT costs? >> www.redhat.com/carveoutcosts/ > >> From a080356a3d77a79c487b83282a2e12ed52c77a3d Mon Sep 17 00:00:00 2001 >> From: Stephen Gallagher <sgall...@redhat.com> >> Date: Thu, 20 Aug 2009 10:33:00 -0400 >> Subject: [PATCH] Make the LOCAL provider always use MagicPrivateGroups >> >> --- >> server/confdb/confdb.c | 3 ++- >> 1 files changed, 2 insertions(+), 1 deletions(-) >> >> diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c >> index a44368f..1d75074 100644 >> --- a/server/confdb/confdb.c >> +++ b/server/confdb/confdb.c >> @@ -756,7 +756,8 @@ int confdb_get_domain(struct confdb_ctx *cdb, >> } >> >> /* Determine if this is domain uses MPG */ >> - if (ldb_msg_find_attr_as_bool(res->msgs[0], CONFDB_MPG, 0)) { >> + if (strcasecmp(domain->provider, "local") || >> + ldb_msg_find_attr_as_bool(res->msgs[0], CONFDB_MPG, 0)) { >> domain->mpg = true; >> } >> >> -- >> 1.6.2.5 >> > > sssd.conf(5) says: > ---- > magicPrivateGroups (bool) > ..... > Default: FALSE > ---- > > can you add add a hint that for provider=local it will always be TRUE? > > bye, > Sumit > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel
Sorry, didn't think of that. New patch attached. -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/
From 17baba6038f5be1a46009994ed9da658f77768ca Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Thu, 20 Aug 2009 10:33:00 -0400
Subject: [PATCH 1/5] Make the LOCAL provider always use MagicPrivateGroups
Also updates the manpage for sssd.conf to denote this
---
server/confdb/confdb.c | 3 ++-
server/man/sssd.conf.5.xml | 8 +++++++-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c
index a44368f..1d75074 100644
--- a/server/confdb/confdb.c
+++ b/server/confdb/confdb.c
@@ -756,7 +756,8 @@ int confdb_get_domain(struct confdb_ctx *cdb,
}
/* Determine if this is domain uses MPG */
- if (ldb_msg_find_attr_as_bool(res->msgs[0], CONFDB_MPG, 0)) {
+ if (strcasecmp(domain->provider, "local") ||
+ ldb_msg_find_attr_as_bool(res->msgs[0], CONFDB_MPG, 0)) {
domain->mpg = true;
}
diff --git a/server/man/sssd.conf.5.xml b/server/man/sssd.conf.5.xml
index 6c5ce87..5d7e090 100644
--- a/server/man/sssd.conf.5.xml
+++ b/server/man/sssd.conf.5.xml
@@ -414,7 +414,13 @@
same effect as User Private Groups
</para>
<para>
- Default: FALSE
+ Default: FALSE*
+ </para>
+ <para>
+ *Magic Private Groups are always enabled when
+ provider=local and this setting does not
+ affect that in any way. For other providers,
+ Magic Private Groups default to FALSE
</para>
</listitem>
</varlistentry>
--
1.6.2.5
signature.asc
Description: OpenPGP digital signature
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
