diff options
author | Sumit Bose <sbose@redhat.com> | 2013-08-19 17:15:47 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-28 17:30:07 +0200 |
commit | caee9828ee30609e9f433957dbb3d0163390a207 (patch) | |
tree | 323dc74055327b86a47e2e32ffb14a66b25a5971 /src/db | |
parent | b8d0374cd23db90fce203292ff547641f62e338a (diff) | |
download | sssd-caee9828ee30609e9f433957dbb3d0163390a207.tar.gz sssd-caee9828ee30609e9f433957dbb3d0163390a207.tar.bz2 sssd-caee9828ee30609e9f433957dbb3d0163390a207.zip |
ipa-server-mode: add IPA group memberships to AD users
When IPA trusts an AD domain the AD user or groups can be placed into
IPA groups e.g. to put AD users under the control of HBAC. Since IPA
group can only have members from the IPA directory tree and the AD users
and groups are not stored there a special IPA object called external
group was introduced. SIDs of users and groups can be added to the
external group and since the external groups are in the IPA directory
tree they can be member of IPA groups.
To speed things up and to remove some load from the IPA servers SSSD
reads all external groups and stores them in memory for some time before
rereading the data.
Enhances https://fedorahosted.org/sssd/ticket/1962
Diffstat (limited to 'src/db')
-rw-r--r-- | src/db/sysdb.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 96679007..b91596c4 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -171,6 +171,7 @@ SYSDB_HOMEDIR, SYSDB_SHELL, \ SYSDB_DEFAULT_ATTRS, \ SYSDB_PRIMARY_GROUP_GIDNUM, \ + SYSDB_SID_STR, \ NULL} #define SYSDB_GRSRC_ATTRS {SYSDB_NAME, SYSDB_GIDNUM, \ SYSDB_MEMBERUID, \ |