SSSD / sssd

Clone

caee982 ipa-server-mode: add IPA group memberships to AD users

5 files Authored by sbose 10 years ago, Committed by jhrozek 10 years ago,
raw patch tree parent
5 files changed. 1006 lines added. 8 lines removed.
Makefile.am
file modified
+1 -0
src/db/sysdb.h
file modified
+1 -0
src/providers/ipa/ipa_subdomains.h
file modified
+15 -0
src/providers/ipa/ipa_subdomains_ext_groups.c
file added
+924
src/providers/ipa/ipa_subdomains_id.c
file modified
+65 -8 
    ipa-server-mode: add IPA group memberships to AD users
    
    When IPA trusts an AD domain the AD user or groups can be placed into
    IPA groups e.g. to put AD users under the control of HBAC. Since IPA
    group can only have members from the IPA directory tree and the AD users
    and groups are not stored there a special IPA object called external
    group was introduced. SIDs of users and groups can be added to the
    external group and since the external groups are in the IPA directory
    tree they can be member of IPA groups.
    
    To speed things up and to remove some load from the IPA servers SSSD
    reads all external groups and stores them in memory for some time before
    rereading the data.
    
    Enhances https://fedorahosted.org/sssd/ticket/1962
file modified
+1 -0
file modified
+1 -0
file modified
+15 -0
file added
+924
file modified
+65 -8
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.