summaryrefslogtreecommitdiff
path: root/src/config
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-06-12 12:17:08 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-28 20:20:59 +0200
commiteceefd520802efe356d413a13247c5f68d8e27c8 (patch)
tree14f520294b333301469dec188fe047a19e047608 /src/config
parentd064fef06dcbcb5f6c1be03e286b1a3433d6dfd7 (diff)
downloadsssd-eceefd520802efe356d413a13247c5f68d8e27c8.tar.gz
sssd-eceefd520802efe356d413a13247c5f68d8e27c8.tar.bz2
sssd-eceefd520802efe356d413a13247c5f68d8e27c8.zip
Add now options ldap_min_id and ldap_max_id
Currently the range for Posix IDs stored in an LDAP server is unbound. This might lead to conflicts in a setup with AD and trusts when the configured domain uses IDs from LDAP. With the two noe options this conflict can be avoided.
Diffstat (limited to 'src/config')
-rw-r--r--src/config/SSSDConfig/__init__.py.in2
-rw-r--r--src/config/etc/sssd.api.d/sssd-ldap.conf2
2 files changed, 4 insertions, 0 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 4d7629e1..1bc4f1bf 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -309,6 +309,8 @@ option_strings = {
'ldap_groups_use_matching_rule_in_chain' : _('Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups'),
'ldap_initgroups_use_matching_rule_in_chain' : _('Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups'),
+ 'ldap_min_id' : _('Set lower boundary for allowed IDs from the LDAP server'),
+ 'ldap_max_id' : _('Set upper boundary for allowed IDs from the LDAP server'),
# [provider/ldap/auth]
'ldap_pwd_policy' : _('Policy to evaluate the password expiration'),
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index 870cf20f..eb239664 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -117,6 +117,8 @@ ldap_idmap_default_domain_sid = str, None, false
ldap_groups_use_matching_rule_in_chain = bool, None, false
ldap_initgroups_use_matching_rule_in_chain = bool, None, false
ldap_rfc2307_fallback_to_local_users = bool, None, false
+ldap_min_id = int, None, false
+ldap_max_id = int, None, false
[provider/ldap/auth]
ldap_pwd_policy = str, None, false