summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/config/SSSDConfig.py4
-rw-r--r--src/config/etc/sssd.api.d/sssd-ipa.conf3
-rw-r--r--src/config/etc/sssd.api.d/sssd-ldap.conf3
-rw-r--r--src/providers/ipa/ipa_opts.h3
-rw-r--r--src/providers/ldap/ldap_opts.h3
-rw-r--r--src/providers/ldap/sdap.h3
6 files changed, 19 insertions, 0 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 46ca838e..a48602b2 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -261,6 +261,10 @@ option_strings = {
'ldap_service_proto' : _('Service protocol attribute'),
#replaced by ldap_entry_usn# 'ldap_service_entry_usn' : _('Service entryUSN attribute'),
+ 'ldap_idmap_range_min' : _('Lower bound for ID-mapping'),
+ 'ldap_idmap_range_max' : _('Upper bound for ID-mapping'),
+ 'ldap_idmap_range_size' : _('Number of IDs for each slice when ID-mapping'),
+
# [provider/ldap/auth]
'ldap_pwd_policy' : _('Policy to evaluate the password expiration'),
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index 162dab57..1cad031f 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -110,6 +110,9 @@ ldap_service_entry_usn = str, None, false
ipa_host_object_class = str, None, false
ipa_host_fqdn = str, None, false
ipa_host_ssh_public_key = str, None, false
+ldap_idmap_range_min = int, None, false
+ldap_idmap_range_max = int, None, false
+ldap_idmap_range_size = int, None, false
[provider/ipa/auth]
krb5_ccachedir = str, None, false
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index 766216f6..79518155 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -104,6 +104,9 @@ ldap_service_port = str, None, false
ldap_service_proto = str, None, false
ldap_service_search_base = str, None, false
ldap_service_entry_usn = str, None, false
+ldap_idmap_range_min = int, None, false
+ldap_idmap_range_max = int, None, false
+ldap_idmap_range_size = int, None, false
[provider/ldap/auth]
ldap_pwd_policy = str, None, false
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index 75ce632e..866bd3ce 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -114,6 +114,9 @@ struct dp_option ipa_def_ldap_opts[] = {
{ "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
{ "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER },
{ "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
+ { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 100001 }, NULL_NUMBER },
+ { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000100000LL }, NULL_NUMBER },
+ { "ldap_idmap_range_size", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER },
DP_OPTION_TERMINATOR
};
diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h
index 1f9ca57a..a4c78069 100644
--- a/src/providers/ldap/ldap_opts.h
+++ b/src/providers/ldap/ldap_opts.h
@@ -96,6 +96,9 @@ struct dp_option default_basic_opts[] = {
{ "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
{ "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER },
{ "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
+ { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 100001 }, NULL_NUMBER },
+ { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000100000LL }, NULL_NUMBER },
+ { "ldap_idmap_range_size", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER },
DP_OPTION_TERMINATOR
};
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 9ef88004..71ae246d 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -211,6 +211,9 @@ enum sdap_basic_opt {
SDAP_SASL_CANONICALIZE,
SDAP_EXPIRE_TIMEOUT,
SDAP_DISABLE_PAGING,
+ SDAP_IDMAP_LOWER,
+ SDAP_IDMAP_UPPER,
+ SDAP_IDMAP_RANGESIZE,
SDAP_OPTS_BASIC /* opts counter */
};