Add ignore_group_members option.

https://fedorahosted.org/sssd/ticket/1376
author: Paul B. Henson <henson@acm.org> 2012-11-13 03:31:43 -0800
committer: Jakub Hrozek <jhrozek@redhat.com> 2012-11-15 20:03:27 +0100
commit: 59f136cd254d1acf2991c97221eb08803784777d (patch)
tree: 6e97ba0d904277489ba88f4fd5a0ae9b23424dbb /src/providers
parent: 32f763808dc741289ca03248b89fe526494b645a (diff)
download: sssd-59f136cd254d1acf2991c97221eb08803784777d.tar.gz
sssd-59f136cd254d1acf2991c97221eb08803784777d.tar.bz2
sssd-59f136cd254d1acf2991c97221eb08803784777d.zip
2 files changed, 13 insertions, 2 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index b8520df8..0c2d63d3 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -340,6 +340,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
     enum idmap_error_code err;
     char *sid;
     bool use_id_mapping = dp_opt_get_bool(ctx->opts->basic, SDAP_ID_MAPPING);
+    const char *member_filter[2];
 
     req = tevent_req_create(memctx, &state, struct groups_get_state);
     if (!req) return NULL;
@@ -438,9 +439,15 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
         goto fail;
     }
 
+    member_filter[0] = (const char *)ctx->opts->group_map[SDAP_AT_GROUP_MEMBER].name;
+    member_filter[1] = NULL;
+
     /* TODO: handle attrs_type */
     ret = build_attrs_from_map(state, ctx->opts->group_map, SDAP_OPTS_GROUP,
-                               NULL, &state->attrs, NULL);
+                               state->domain->ignore_group_members ?
+                                   (const char **)member_filter : NULL,
+                               &state->attrs, NULL);
+
     if (ret != EOK) goto fail;
 
     ret = groups_get_retry(req);
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index f0185e41..67dddae7 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -1648,8 +1648,12 @@ static void sdap_get_groups_done(struct tevent_req *subreq)
     if (state->check_count == 0) {
         DEBUG(9, ("All groups processed\n"));
 
+        /* If ignore_group_members is set for the domain, don't update
+         * group memberships in the cache.
+         */
         ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts,
-                               state->groups, state->count, true, NULL,
+                               state->groups, state->count,
+                               !state->dom->ignore_group_members, NULL,
                                &state->higher_usn);
         if (ret) {
             DEBUG(2, ("Failed to store groups.\n"));
author	Paul B. Henson <henson@acm.org>	2012-11-13 03:31:43 -0800
committer	Jakub Hrozek <jhrozek@redhat.com>	2012-11-15 20:03:27 +0100
commit	59f136cd254d1acf2991c97221eb08803784777d (patch)
tree	6e97ba0d904277489ba88f4fd5a0ae9b23424dbb /src/providers
parent	32f763808dc741289ca03248b89fe526494b645a (diff)
download	sssd-59f136cd254d1acf2991c97221eb08803784777d.tar.gz sssd-59f136cd254d1acf2991c97221eb08803784777d.tar.bz2 sssd-59f136cd254d1acf2991c97221eb08803784777d.zip