From b1b7648169d0f3b3c88dea3e6642422a29ad373c Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Sun, 24 Mar 2013 19:59:34 +0100 Subject: Implement a nss_nested_groups configuration option This option can be used in both nslcd and pynslcd to enable recursive group member lookups. By default the functionality is disabled. This also updates the documentation. --- nslcd/cfg.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'nslcd/cfg.c') diff --git a/nslcd/cfg.c b/nslcd/cfg.c index c2b9674..056b6e2 100644 --- a/nslcd/cfg.c +++ b/nslcd/cfg.c @@ -1089,6 +1089,7 @@ static void cfg_defaults(struct ldap_config *cfg) cfg->pagesize = 0; cfg->nss_initgroups_ignoreusers = NULL; cfg->nss_min_uid = 0; + cfg->nss_nested_groups = 0; cfg->validnames_str = NULL; handle_validnames(__FILE__, __LINE__, "", "/^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i", @@ -1408,6 +1409,11 @@ static void cfg_read(const char *filename, struct ldap_config *cfg) cfg->nss_min_uid = get_int(filename, lnr, keyword, &line); get_eol(filename, lnr, keyword, &line); } + else if (strcasecmp(keyword, "nss_nested_groups") == 0) + { + cfg->nss_nested_groups = get_boolean(filename, lnr, keyword, &line); + get_eol(filename, lnr, keyword, &line); + } else if (strcasecmp(keyword, "validnames") == 0) { handle_validnames(filename, lnr, keyword, line, cfg); @@ -1671,6 +1677,7 @@ static void cfg_dump(void) log_log(LOG_DEBUG, "CFG: nss_initgroups_ignoreusers %s", buffer); } log_log(LOG_DEBUG, "CFG: nss_min_uid %d", nslcd_cfg->nss_min_uid); + log_log(LOG_DEBUG, "CFG: nss_nested_groups %s", print_boolean(nslcd_cfg->nss_nested_groups)); log_log(LOG_DEBUG, "CFG: validnames %s", nslcd_cfg->validnames_str); log_log(LOG_DEBUG, "CFG: ignorecase %s", print_boolean(nslcd_cfg->ignorecase)); for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++) -- cgit v1.2.3