On (11/05/15 10:47), Jakub Hrozek wrote: >Hi, > >the attached patches are a short-term fix until subdomains can be >configured separately in the config file. They add a new option >subdomain_inherit and make it possible to inherit three options we >learned our users care about for subdomains - ignore_group_members, >ldap_purge_cache_timeout and ldap_use_tokengroups.
>From 07e467c409d7b1b5386eb0221e1e873c2b71fcb1 Mon Sep 17 00:00:00 2001 >From: Jakub Hrozek <jhro...@redhat.com> >Date: Tue, 28 Apr 2015 13:48:42 +0200 >Subject: [PATCH 4/4] subdomains: Inherit cleanup period and tokengroup > settings from parent domain > >Allows the administrator to extend the functionality of >ldap_purge_cache_timeout and ldap_use_tokengroups to the subdomains. > >This is a less intrusive way of achieving: > https://fedorahosted.org/sssd/ticket/2627 >--- > src/man/sssd.conf.5.xml | 6 ++++++ > src/providers/ad/ad_subdomains.c | 4 ++++ > src/providers/ipa/ipa_subdomains.c | 4 ++++ > src/providers/ldap/ldap_common.c | 19 +++++++++++++++++++ > src/providers/ldap/ldap_common.h | 4 ++++ > 5 files changed, 37 insertions(+) > >diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml >index >98c8ea2ff1462139c398cf0be6273b985442b6b6..bc0bb94143e53ead34b43d5500b18e44f50d71ae > 100644 >--- a/src/man/sssd.conf.5.xml >+++ b/src/man/sssd.conf.5.xml >@@ -492,6 +492,12 @@ > ignore_group_members > </para> > <para> >+ ldap_purge_cache_timeout >+ </para> >+ <para> >+ ldap_use_tokengroups >+ </para> >+ <para> > Example: > <programlisting> I have another candidate. Some users does not use UPN as we expected. We might add "ldap_user_principal" as well. LS _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
