freeipa/doc/designs
Christian Heimes 1c4ae37293 Add basic support for subordinate user/group ids
New LDAP object class "ipaUserSubordinate" with four new fields:
- ipasubuidnumber / ipasubuidcount
- ipasubgidnumber / ipasgbuidcount

New self-service permission to add subids.

New command user-auto-subid to auto-assign subid

The code hard-codes counts to 65536, sets subgid equal to subuid, and
does not allow removal of subids. There is also a hack that emulates a
DNA plugin with step interval 65536 for testing.

Work around problem with older SSSD clients that fail with unknown
idrange type "ipa-local-subid", see: https://github.com/SSSD/sssd/issues/5571

Related: https://pagure.io/freeipa/issue/8361
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-07-09 09:47:30 -04:00
..
adtrust Design doc for idrange option "auto-private-groups" 2021-04-19 17:14:23 +02:00
disable-stale-users.md DSU: add Design for Disable Stale Users 2019-11-23 00:12:24 +01:00
expiring-password-notification.md IPA-EPN: Add design draft 2020-04-28 09:32:19 -04:00
extdom-plugin-protocol.md extdom: add extdom protocol documentation 2019-09-12 10:48:13 +03:00
hidden-replicas.md Add explicit syntax language to code blocks 2020-03-21 07:42:20 +02:00
index.rst Add basic support for subordinate user/group ids 2021-07-09 09:47:30 -04:00
krb-ticket-policy.md Update kdcpolicy design doc for jitter implementation 2020-11-17 14:27:28 +02:00
ldap_pam_passthrough.md Design doc to allow LDAP bind using the RADIUS auth type 2021-06-11 09:23:56 -04:00
ldapi-autobind-services.md Add design for LDAPI autobind 2021-06-15 14:13:16 +03:00
libpwquality.md Requirements and design for libpwquality integration 2020-10-23 09:32:52 -04:00
membermanager.md Add explicit syntax language to code blocks 2020-03-21 07:42:20 +02:00
subordinate-ids.md Add basic support for subordinate user/group ids 2021-07-09 09:47:30 -04:00