Avoid LDAP lookups for local groups
Currently we see LDAP lookups for all local groups with openLDAP
and Active Directory configuration.
this commit updates config with "nss_initgroups_ignoreusers ALLLOCAL"
this option filters out all LDAP lookups for all local groups.
update LDAP config with nss_initgroups_ignoreusers ALLLOCAL
while creating configuration for openLDAP and active directory.
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Change-Id: I547a59d4d26a087503375ce18d90e6492ec73103
diff --git a/phosphor-ldap-config/ldap_config.cpp b/phosphor-ldap-config/ldap_config.cpp
index ab63792..b602e88 100644
--- a/phosphor-ldap-config/ldap_config.cpp
+++ b/phosphor-ldap-config/ldap_config.cpp
@@ -275,6 +275,7 @@
"objectSid:S-1-5-21-3623811015-3361044348-30300820\n";
confData << "map group cn "
<< ConfigIface::userNameAttribute() << "\n";
+ confData << "nss_initgroups_ignoreusers ALLLOCAL\n";
}
else if (lDAPType() == ConfigIface::Type::OpenLdap)
{
@@ -293,6 +294,7 @@
<< ConfigIface::userNameAttribute() << "\n";
confData << "map passwd gidNumber "
<< ConfigIface::groupNameAttribute() << "\n";
+ confData << "nss_initgroups_ignoreusers ALLLOCAL\n";
}
try
{