From 59f136cd254d1acf2991c97221eb08803784777d Mon Sep 17 00:00:00 2001
From: "Paul B. Henson" <henson@acm.org>
Date: Tue, 13 Nov 2012 03:31:43 -0800
Subject: Add ignore_group_members option.

https://fedorahosted.org/sssd/ticket/1376
---
 src/providers/ldap/sdap_async_groups.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/providers/ldap/sdap_async_groups.c')

diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index f0185e41..67dddae7 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -1648,8 +1648,12 @@ static void sdap_get_groups_done(struct tevent_req *subreq)
     if (state->check_count == 0) {
         DEBUG(9, ("All groups processed\n"));
 
+        /* If ignore_group_members is set for the domain, don't update
+         * group memberships in the cache.
+         */
         ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts,
-                               state->groups, state->count, true, NULL,
+                               state->groups, state->count,
+                               !state->dom->ignore_group_members, NULL,
                                &state->higher_usn);
         if (ret) {
             DEBUG(2, ("Failed to store groups.\n"));
-- 
cgit