From 855abda5ed5a0dcae499632ed5ead1d4cd293b48 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Tue, 8 Jun 2010 08:14:35 -0400 Subject: Change default min_id to 1 Also update manpage for min_id/max_id to be more clear about how it relates to primary GID. --- src/confdb/confdb.h | 2 +- src/config/SSSDConfigTest.py | 7 +++---- src/config/etc/sssd.api.conf | 2 +- src/man/sssd.conf.5.xml | 14 +++++++++++--- 4 files changed, 16 insertions(+), 9 deletions(-) diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index be4dfb6f..ae7502f8 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -39,7 +39,7 @@ #define CONFDB_FILE "config.ldb" #define CONFDB_DEFAULT_CONFIG_FILE SSSD_CONF_DIR"/sssd.conf" -#define SSSD_MIN_ID 1000 +#define SSSD_MIN_ID 1 /* Configuration options */ diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 04d438e0..ea897d71 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -595,7 +595,6 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): options = domain.list_mandatory_options() control_list = [ 'cache_credentials', - 'min_id', 'id_provider', 'auth_provider'] @@ -989,9 +988,9 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): domain = SSSDConfig.SSSDDomain('sssd', self.schema) # Positive test - Remove existing option - self.assertTrue('min_id' in domain.get_all_options().keys()) - domain.remove_option('min_id') - self.assertFalse('min_id' in domain.get_all_options().keys()) + self.assertTrue('cache_credentials' in domain.get_all_options().keys()) + domain.remove_option('cache_credentials') + self.assertFalse('cache_credentials' in domain.get_all_options().keys()) # Positive test - Remove unset but valid option self.assertFalse('max_id' in domain.get_all_options().keys()) diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 7d0e20c7..f0ef4114 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -46,7 +46,7 @@ chpass_provider = str, None, false debug_level = int, None, false, 0 debug_timestamps = bool, None, false command = str, None, false -min_id = int, None, true, 1000 +min_id = int, None, false max_id = int, None, false timeout = int, None, false enumerate = bool, None, false diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index bd2d3acd..497fae63 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -396,11 +396,19 @@ min_id,max_id (integer) - UID limits for the domain. If a domain contains - entry that is outside these limits, it is ignored + UID and GID limits for the domain. If a domain + contains an entry that is outside these limits, it + is ignored. - Default: 1000 for min_id, 0 (no limit) for max_id + For users, this affects the primary GID limit. The + user will not be returned to NSS if either the + UID or the primary GID is outside the range. For + non-primary group memberships, those that are in + range will be reported as expected. + + + Default: 1 for min_id, 0 (no limit) for max_id -- cgit