summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2010-01-07 11:49:21 -0500
committerStephen Gallagher <sgallagh@redhat.com>2010-02-05 09:43:43 -0500
commit764d6246eea5a63b203a5dc6c905b5938d9b62e4 (patch)
treeb06732b90542fd2eee99659860b24c1cb2056271
parent9705b774cef3d281acc05061327471f4fdd39958 (diff)
downloadsssd-764d6246eea5a63b203a5dc6c905b5938d9b62e4.tar.gz
sssd-764d6246eea5a63b203a5dc6c905b5938d9b62e4.tar.bz2
sssd-764d6246eea5a63b203a5dc6c905b5938d9b62e4.zip
Add mandatory flag to SSSD config schema
Also add list_mandatory_options() to both SSSDService and SSSDDomain objects. There is a new list_options_with_mandatory() function that will return a longer tuple than list_options(), including the mandatory flag directly.
-rw-r--r--server/config/SSSDConfig.py159
-rwxr-xr-xserver/config/SSSDConfigTest.py149
-rw-r--r--server/config/etc/sssd.api.conf74
-rw-r--r--server/config/etc/sssd.api.d/sssd-ipa.conf136
-rw-r--r--server/config/etc/sssd.api.d/sssd-krb5.conf16
-rw-r--r--server/config/etc/sssd.api.d/sssd-ldap.conf120
-rw-r--r--server/config/etc/sssd.api.d/sssd-local.conf4
-rw-r--r--server/config/etc/sssd.api.d/sssd-proxy.conf4
8 files changed, 455 insertions, 207 deletions
diff --git a/server/config/SSSDConfig.py b/server/config/SSSDConfig.py
index b751e4db..a004c33b 100644
--- a/server/config/SSSDConfig.py
+++ b/server/config/SSSDConfig.py
@@ -212,7 +212,8 @@ class SSSDConfigSchema(SSSDChangeConf):
# Indexes
PRIMARY_TYPE = 0
SUBTYPE = 1
- DEFAULT = 2
+ MANDATORY = 2
+ DEFAULT = 3
# Parse values
parsed_options = {}
@@ -223,24 +224,27 @@ class SSSDConfigSchema(SSSDChangeConf):
primarytype = self.type_lookup[split_option[PRIMARY_TYPE]]
subtype = self.type_lookup[split_option[SUBTYPE]]
+ mandatory = self.bool_lookup[split_option[MANDATORY]]
if option_strings.has_key(option['name']):
desc = option_strings[option['name']]
else:
desc = None
- if optionlen == 2:
+ if optionlen == 3:
# This option has no defaults
parsed_options[option['name']] = \
(primarytype,
subtype,
+ mandatory,
desc,
None)
- elif optionlen == 3:
+ elif optionlen == 4:
if type(split_option[DEFAULT]) == primarytype:
parsed_options[option['name']] = \
(primarytype,
subtype,
+ mandatory,
desc,
split_option[DEFAULT])
elif primarytype == list:
@@ -248,6 +252,7 @@ class SSSDConfigSchema(SSSDChangeConf):
parsed_options[option['name']] = \
(primarytype,
subtype,
+ mandatory,
desc,
[split_option[DEFAULT]])
else:
@@ -257,12 +262,14 @@ class SSSDConfigSchema(SSSDChangeConf):
parsed_options[option['name']] = \
(primarytype,
subtype,
+ mandatory,
desc,
[self.bool_lookup[split_option[DEFAULT].lower()]])
else:
parsed_options[option['name']] = \
(primarytype,
subtype,
+ mandatory,
desc,
[subtype(split_option[DEFAULT])])
except ValueError, KeyError:
@@ -274,18 +281,20 @@ class SSSDConfigSchema(SSSDChangeConf):
parsed_options[option['name']] = \
(primarytype,
subtype,
+ mandatory,
desc,
self.bool_lookup[split_option[DEFAULT].lower()])
else:
parsed_options[option['name']] = \
(primarytype,
subtype,
+ mandatory,
desc,
primarytype(split_option[DEFAULT]))
except ValueError, KeyError:
raise ParsingError
- elif optionlen > 3:
+ elif optionlen > 4:
if (primarytype != list):
raise ParsingError
fixed_options = []
@@ -304,6 +313,7 @@ class SSSDConfigSchema(SSSDChangeConf):
parsed_options[option['name']] = \
(primarytype,
subtype,
+ mandatory,
desc,
fixed_options)
else:
@@ -326,9 +336,9 @@ class SSSDConfigSchema(SSSDChangeConf):
raise NoSectionError(section)
schema_options = self.get_options(section)
- defaults = dict([(x,schema_options[x][3])
+ defaults = dict([(x,schema_options[x][4])
for x in schema_options.keys()
- if schema_options[x][3] != None])
+ if schema_options[x][4] != None])
return defaults
@@ -465,22 +475,23 @@ class SSSDService(SSSDConfigObject):
self.options['config_file_version'] = 2
self.hidden_options.append('config_file_version')
- def list_options(self):
+ def list_options_with_mandatory(self):
"""
- List all options that apply to this service
+ List options for the service, including the mandatory flag.
=== Returns ===
A dictionary of configurable options. This dictionary is keyed on the
option name with a tuple of the variable type, subtype ('None' if the
- type is not a collection type), the translated option description, and
- the default value (or 'None') as the value.
+ type is not a collection type), whether it is mandatory, the
+ translated option description, and the default value (or 'None') as
+ the value.
Example:
- { 'services' :
- (list, str, u'SSSD Services to start', ['nss', 'pam']) }
+ { 'enumerate' :
+ (bool, None, False, u'Enable enumerating all users/groups', True) }
=== Errors ===
- No Errors
+ No errors
"""
options = {}
@@ -493,6 +504,61 @@ class SSSDService(SSSDConfigObject):
return options
+ def list_options(self):
+ """
+ List all options that apply to this service
+
+ === Returns ===
+ A dictionary of configurable options. This dictionary is keyed on the
+ option name with a tuple of the variable type, subtype ('None' if the
+ type is not a collection type), the translated option description, and
+ the default value (or 'None') as the value.
+
+ Example:
+ { 'services' :
+ (list, str, u'SSSD Services to start', ['nss', 'pam']) }
+
+ === Errors ===
+ No Errors
+ """
+ options = self.list_options_with_mandatory()
+
+ # Filter out the mandatory field to maintain compatibility
+ # with older versions of the API
+ filtered_options = {}
+ for key in options.keys():
+ filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4])
+
+ return filtered_options
+
+ def list_mandatory_options(self):
+ """
+ List all mandatory options that apply to this service
+
+ === Returns ===
+ A dictionary of configurable options. This dictionary is keyed on the
+ option name with a tuple of the variable type, subtype ('None' if the
+ type is not a collection type), the translated option description, and
+ the default value (or 'None') as the value.
+
+ Example:
+ { 'services' :
+ (list, str, u'SSSD Services to start', ['nss', 'pam']) }
+
+ === Errors ===
+ No Errors
+ """
+ options = self.list_options_with_mandatory()
+
+ # Filter out the mandatory field to maintain compatibility
+ # with older versions of the API
+ filtered_options = {}
+ for key in options.keys():
+ if options[key][2]:
+ filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4])
+
+ return filtered_options
+
def set_option(self, optionname, value):
"""
Set a service option to the specified value (or values)
@@ -636,19 +702,21 @@ class SSSDDomain(SSSDConfigObject):
"""
self.active = bool(active)
- def list_options(self):
+ def list_options_with_mandatory(self):
"""
- List options available for the currently-configured providers.
+ List options for the currently-configured providers, including the
+ mandatory flag
=== Returns ===
A dictionary of configurable options. This dictionary is keyed on the
option name with a tuple of the variable type, subtype ('None' if the
- type is not a collection type), the translated option description, and
- the default value (or 'None') as the value.
+ type is not a collection type), whether it is mandatory, the
+ translated option description, and the default value (or 'None') as
+ the value.
Example:
{ 'enumerate' :
- (bool, None, u'Enable enumerating all users/groups', True) }
+ (bool, None, False, u'Enable enumerating all users/groups', True) }
=== Errors ===
No errors
@@ -670,6 +738,61 @@ class SSSDDomain(SSSDConfigObject):
options.update(schema_options)
return options
+ def list_options(self):
+ """
+ List options available for the currently-configured providers.
+
+ === Returns ===
+ A dictionary of configurable options. This dictionary is keyed on the
+ option name with a tuple of the variable type, subtype ('None' if the
+ type is not a collection type), the translated option description, and
+ the default value (or 'None') as the value.
+
+ Example:
+ { 'enumerate' :
+ (bool, None, u'Enable enumerating all users/groups', True) }
+
+ === Errors ===
+ No errors
+ """
+ options = self.list_options_with_mandatory()
+
+ # Filter out the mandatory field to maintain compatibility
+ # with older versions of the API
+ filtered_options = {}
+ for key in options.keys():
+ filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4])
+
+ return filtered_options
+
+ def list_mandatory_options(self):
+ """
+ List mandatory options for the currently-configured providers.
+
+ === Returns ===
+ A dictionary of configurable options. This dictionary is keyed on the
+ option name with a tuple of the variable type, subtype ('None' if the
+ type is not a collection type), the translated option description, and
+ the default value (or 'None') as the value.
+
+ Example:
+ { 'enumerate' :
+ (bool, None, u'Enable enumerating all users/groups', True) }
+
+ === Errors ===
+ No errors
+ """
+ options = self.list_options_with_mandatory()
+
+ # Filter out the mandatory field to maintain compatibility
+ # with older versions of the API
+ filtered_options = {}
+ for key in options.keys():
+ if options[key][2]:
+ filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4])
+
+ return filtered_options
+
def list_provider_options(self, provider, provider_type=None):
"""
If provider_type is specified, list all options applicable to that
diff --git a/server/config/SSSDConfigTest.py b/server/config/SSSDConfigTest.py
index 060bc673..153146f8 100755
--- a/server/config/SSSDConfigTest.py
+++ b/server/config/SSSDConfigTest.py
@@ -241,10 +241,44 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
"list_options is requiring a %s" %
options['reconnection_retries'][1])
- self.assertTrue(options['reconnection_retries'][0] == int,
- "reconnection_retries should default to 2. " +
- "list_options specifies %d" %
- options['reconnection_retries'][3])
+ self.assertTrue(options['reconnection_retries'][3] == None,
+ "reconnection_retries should have no default")
+
+ self.assertTrue(type(options['services']) == tuple,
+ "Option values should be a tuple")
+
+ self.assertTrue(options['services'][0] == list,
+ "services should require an list. " +
+ "list_options is requiring a %s" %
+ options['services'][0])
+
+ self.assertTrue(options['services'][1] == str,
+ "services should require a subtype of str. " +
+ "list_options is requiring a %s" %
+ options['services'][1])
+
+ def testListMandatoryOptions(self):
+ service = SSSDConfig.SSSDService('sssd', self.schema)
+
+ options = service.list_mandatory_options()
+ control_list = [
+ 'services',
+ 'domains']
+
+ self.assertTrue(type(options) == dict,
+ "Options should be a dictionary")
+
+ # Ensure that all of the expected defaults are there
+ for option in control_list:
+ self.assertTrue(option in options.keys(),
+ "Option [%s] missing" %
+ option)
+
+ # Ensure that there aren't any unexpected options listed
+ for option in options.keys():
+ self.assertTrue(option in control_list,
+ 'Option [%s] unexpectedly found' %
+ option)
self.assertTrue(type(options['services']) == tuple,
"Option values should be a tuple")
@@ -299,9 +333,7 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
options = service.get_all_options()
control_list = [
'config_file_version',
- 'services',
- 'debug_level',
- 'reconnection_retries']
+ 'services']
self.assertTrue(type(options) == dict,
"Options should be a dictionary")
@@ -322,8 +354,8 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
service = SSSDConfig.SSSDService('sssd', self.schema)
# Positive test - Remove an option that exists
- self.assertEqual(service.get_option('debug_level'), 0)
- service.remove_option('debug_level')
+ self.assertEqual(service.get_option('services'), ['nss', 'pam'])
+ service.remove_option('services')
self.assertRaises(SSSDConfig.NoOptionError, service.get_option, 'debug_level')
# Positive test - Remove an option that doesn't exist
@@ -489,6 +521,101 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'Option [%s] unexpectedly found' %
option)
+ def testListMandatoryOptions(self):
+ domain = SSSDConfig.SSSDDomain('sssd', self.schema)
+
+ # First test default options
+ options = domain.list_mandatory_options()
+ control_list = [
+ 'cache_credentials',
+ 'min_id',
+ 'id_provider',
+ 'auth_provider']
+
+ self.assertTrue(type(options) == dict,
+ "Options should be a dictionary")
+
+ # Ensure that all of the expected defaults are there
+ for option in control_list:
+ self.assertTrue(option in options.keys(),
+ "Option [%s] missing" %
+ option)
+
+ # Ensure that there aren't any unexpected options listed
+ for option in options.keys():
+ self.assertTrue(option in control_list,
+ 'Option [%s] unexpectedly found' %
+ option)
+
+ # Add a provider and verify that the new options appear
+ domain.add_provider('local', 'id')
+ control_list.extend(
+ ['default_shell',
+ 'base_directory'])
+
+ options = domain.list_mandatory_options()
+
+ self.assertTrue(type(options) == dict,
+ "Options should be a dictionary")
+
+ # Ensure that all of the expected defaults are there
+ for option in control_list:
+ self.assertTrue(option in options.keys(),
+ "Option [%s] missing" %
+ option)
+
+ # Ensure that there aren't any unexpected options listed
+ for option in options.keys():
+ self.assertTrue(option in control_list,
+ 'Option [%s] unexpectedly found' %
+ option)
+
+ # Add a provider that has global options and verify that
+ # The new options appear.
+ domain.add_provider('krb5', 'auth')
+
+ backup_list = control_list[:]
+ control_list.extend(
+ ['krb5_kdcip',
+ 'krb5_realm'])
+
+ options = domain.list_mandatory_options()
+
+ self.assertTrue(type(options) == dict,
+ "Options should be a dictionary")
+
+ # Ensure that all of the expected defaults are there
+ for option in control_list:
+ self.assertTrue(option in options.keys(),
+ "Option [%s] missing" %
+ option)
+
+ # Ensure that there aren't any unexpected options listed
+ for option in options.keys():
+ self.assertTrue(option in control_list,
+ 'Option [%s] unexpectedly found' %
+ option)
+
+ # Remove the auth domain and verify that the options
+ # revert to the backup_list
+ domain.remove_provider('auth')
+ options = domain.list_mandatory_options()
+
+ self.assertTrue(type(options) == dict,
+ "Options should be a dictionary")
+
+ # Ensure that all of the expected defaults are there
+ for option in backup_list:
+ self.assertTrue(option in options.keys(),
+ "Option [%s] missing" %
+ option)
+
+ # Ensure that there aren't any unexpected options listed
+ for option in options.keys():
+ self.assertTrue(option in backup_list,
+ 'Option [%s] unexpectedly found' %
+ option)
+
def testListProviders(self):
domain = SSSDConfig.SSSDDomain('sssd', self.schema)
@@ -930,9 +1057,7 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
control_list = [
'config_file_version',
- 'services',
- 'debug_level',
- 'reconnection_retries']
+ 'services']
for option in control_list:
self.assertTrue(sssdconfig.has_option('sssd', option),
"Option [%s] missing from [sssd]" %
diff --git a/server/config/etc/sssd.api.conf b/server/config/etc/sssd.api.conf
index 20932679..19053538 100644
--- a/server/config/etc/sssd.api.conf
+++ b/server/config/etc/sssd.api.conf
@@ -1,59 +1,59 @@
# Format:
-# option = type, subtype[, default]
+# option = type, subtype, mandatory[, default]
[service]
# Options available to all services
-debug_level = int, None
-debug_timestamps = bool, None
-debug_to_files = bool, None
-command = str, None
-reconnection_retries = int, None
+debug_level = int, None, false
+debug_timestamps = bool, None, false
+debug_to_files = bool, None, false
+command = str, None, false
+reconnection_retries = int, None, false
[sssd]
# Monitor service
-services = list, str, nss, pam
-domains = list, str
-timeout = int, None
-sbus_timeout = int, None
-re_expression = str, None
-full_name_format = str, None
+services = list, str, true, nss, pam
+domains = list, str, true
+timeout = int, None, false
+sbus_timeout = int, None, false
+re_expression = str, None, false
+full_name_format = str, None, false
[nss]
# Name service
-enum_cache_timeout = int, None
-entry_cache_no_wait_percentage = int, None
-entry_negative_timeout = int, None
-filter_users = list, str
-filter_groups = list, str
-filter_users_in_groups = bool, None
-pwfield = str, None
+enum_cache_timeout = int, None, false
+entry_cache_no_wait_percentage = int, None, false
+entry_negative_timeout = int, None, false
+filter_users = list, str, false
+filter_groups = list, str, false
+filter_users_in_groups = bool, None, false
+pwfield = str, None, false
[pam]
# Authentication service
-offline_credentials_expiration = int, None
-offline_failed_login_attempts = int, None
-offline_failed_login_delay = int, None
+offline_credentials_expiration = int, None, false
+offline_failed_login_attempts = int, None, false
+offline_failed_login_delay = int, None, false
[provider]
#Available provider types
-id_provider = str, None
-auth_provider = str, None
-access_provider = str, None
-chpass_provider = str, None
+id_provider = str, None, true
+auth_provider = str, None, true
+access_provider = str, None, false
+chpass_provider = str, None, false
[domain]
# Options available to all domains
-debug_level = int, None
-debug_timestamps = bool, None
-command = str, None
-min_id = int, None, 1000
-max_id = int, None
-timeout = int, None
-enumerate = bool, None, true
-cache_credentials = bool, None, false
-store_legacy_passwords = bool, None
-use_fully_qualified_names = bool, None
-entry_cache_timeout = int, None
+debug_level = int, None, false, 0
+debug_timestamps = bool, None, false
+command = str, None, false
+min_id = int, None, true, 1000
+max_id = int, None, false
+timeout = int, None, false
+enumerate = bool, None, false
+cache_credentials = bool, None, true, false
+store_legacy_passwords = bool, None, false
+use_fully_qualified_names = bool, None, false
+entry_cache_timeout = int, None, false
# Special providers
[provider/permit]
diff --git a/server/config/etc/sssd.api.d/sssd-ipa.conf b/server/config/etc/sssd.api.d/sssd-ipa.conf
index 7c1a8271..c2a12d5a 100644
--- a/server/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/server/config/etc/sssd.api.d/sssd-ipa.conf
@@ -1,77 +1,77 @@
[provider/ipa]
-ipa_domain = str, None
-ipa_server = str, None
-ipa_hostname = str, None
-ldap_uri = str, None
-ldap_search_base = str, None
-ldap_schema = str, None
-ldap_default_bind_dn = str, None
-ldap_default_authtok_type = str, None
-ldap_default_authtok = str, None
-ldap_network_timeout = int, None
-ldap_opt_timeout = int, None
-ldap_offline_timeout = int, None
-ldap_tls_cacert = str, None
-ldap_tls_reqcert = str, None
-ldap_sasl_mech = str, None
-ldap_sasl_authid = str, None
-krb5_kdcip = str, None
-krb5_realm = str, None
-krb5_auth_timeout = int, None
-ldap_krb5_keytab = str, None
-ldap_krb5_init_creds = bool, None
-ldap_entry_usn = str, None
-ldap_rootdse_last_usn = str, None
-ldap_referrals = bool, None
+ipa_domain = str, None, true
+ipa_server = str, None, true
+ipa_hostname = str, None, false
+ldap_uri = str, None, false
+ldap_search_base = str, None, false
+ldap_schema = str, None, false
+ldap_default_bind_dn = str, None, false
+ldap_default_authtok_type = str, None, false
+ldap_default_authtok = str, None, false
+ldap_network_timeout = int, None, false
+ldap_opt_timeout = int, None, false
+ldap_offline_timeout = int, None, false
+ldap_tls_cacert = str, None, false
+ldap_tls_reqcert = str, None, false
+ldap_sasl_mech = str, None, false
+ldap_sasl_authid = str, None, false
+krb5_kdcip = str, None, false
+krb5_realm = str, None, false
+krb5_auth_timeout = int, None, false
+ldap_krb5_keytab = str, None, false
+ldap_krb5_init_creds = bool, None, false
+ldap_entry_usn = str, None, false
+ldap_rootdse_last_usn = str, None, false
+ldap_referrals = bool, None, false
[provider/ipa/id]
-ldap_search_timeout = int, None
-ldap_enumeration_refresh_timeout = int, None
-ldap_purge_cache_timeout = int, None
-ldap_id_use_start_tls = bool, None
-ldap_user_search_base = str, None
-ldap_user_search_scope = str, None
-ldap_user_search_filter = str, None
-ldap_user_object_class = str, None
-ldap_user_name = str, None
-ldap_user_uid_number = str, None
-ldap_user_gid_number = str, None
-ldap_user_gecos = str, None
-ldap_user_homedir = str, None
-ldap_user_shell = str, None
-ldap_user_uuid = str, None
-ldap_user_principal = str, None
-ldap_user_fullname = str, None
-ldap_user_member_of = str, None
-ldap_user_modify_timestamp = str, None
-ldap_user_shadow_last_change = str, None
-ldap_user_shadow_min = str, None
-ldap_user_shadow_max = str, None
-ldap_user_shadow_warning = str, None
-ldap_user_shadow_inactive = str, None
-ldap_user_shadow_expire = str, None
-ldap_user_shadow_flag = str, None
-ldap_user_krb_last_pwd_change = str, None
-ldap_user_krb_password_expiration = str, None
-ldap_pwd_attribute = str, None
-ldap_group_search_base = str, None
-ldap_group_search_scope = str, None
-ldap_group_search_filter = str, None
-ldap_group_object_class = str, None
-ldap_group_name = str, None
-ldap_group_gid_number = str, None
-ldap_group_member = str, None
-ldap_group_uuid = str, None
-ldap_group_modify_timestamp = str, None
-ldap_force_upper_case_realm = bool, None
+ldap_search_timeout = int, None, false
+ldap_enumeration_refresh_timeout = int, None, false
+ldap_purge_cache_timeout = int, None, false
+ldap_id_use_start_tls = bool, None, false
+ldap_user_search_base = str, None, false
+ldap_user_search_scope = str, None, false
+ldap_user_search_filter = str, None, false
+ldap_user_object_class = str, None, false
+ldap_user_name = str, None, false
+ldap_user_uid_number = str, None, false
+ldap_user_gid_number = str, None, false
+ldap_user_gecos = str, None, false
+ldap_user_homedir = str, None, false
+ldap_user_shell = str, None, false
+ldap_user_uuid = str, None, false
+ldap_user_principal = str, None, false
+ldap_user_fullname = str, None, false
+ldap_user_member_of = str, None, false
+ldap_user_modify_timestamp = str, None, false
+ldap_user_shadow_last_change = str, None, false
+ldap_user_shadow_min = str, None, false
+ldap_user_shadow_max = str, None, false
+ldap_user_shadow_warning = str, None, false
+ldap_user_shadow_inactive = str, None, false
+ldap_user_shadow_expire = str, None, false
+ldap_user_shadow_flag = str, None, false
+ldap_user_krb_last_pwd_change = str, None, false
+ldap_user_krb_password_expiration = str, None, false
+ldap_pwd_attribute = str, None, false
+ldap_group_search_base = str, None, false
+ldap_group_search_scope = str, None, false
+ldap_group_search_filter = str, None, false
+ldap_group_object_class = str, None, false
+ldap_group_name = str, None, false
+ldap_group_gid_number = str, None, false
+ldap_group_member = str, None, false
+ldap_group_uuid = str, None, false
+ldap_group_modify_timestamp = str, None, false
+ldap_force_upper_case_realm = bool, None, false
[provider/ipa/auth]
-krb5_ccachedir = str, None
-krb5_ccname_template = str, None
-krb5_keytab = str, None
-krb5_validate = bool, None
+krb5_ccachedir = str, None, false
+krb5_ccname_template = str, None, false
+krb5_keytab = str, None, false
+krb5_validate = bool, None, false
[provider/ipa/access]
[provider/ipa/chpass]
-krb5_changepw_principal = str, None
+krb5_changepw_principal = str, None, false
diff --git a/server/config/etc/sssd.api.d/sssd-krb5.conf b/server/config/etc/sssd.api.d/sssd-krb5.conf
index 0cf0e727..7ba0ab32 100644
--- a/server/config/etc/sssd.api.d/sssd-krb5.conf
+++ b/server/config/etc/sssd.api.d/sssd-krb5.conf
@@ -1,13 +1,13 @@
[provider/krb5]
-krb5_kdcip = str, None
-krb5_realm = str, None
-krb5_auth_timeout = int, None
+krb5_kdcip = str, None, true
+krb5_realm = str, None, true
+krb5_auth_timeout = int, None, false
[provider/krb5/auth]
-krb5_ccachedir = str, None
-krb5_ccname_template = str, None
-krb5_keytab = str, None
-krb5_validate = bool, None
+krb5_ccachedir = str, None, false
+krb5_ccname_template = str, None, false
+krb5_keytab = str, None, false
+krb5_validate = bool, None, false
[provider/krb5/chpass]
-krb5_changepw_principal = str, None
+krb5_changepw_principal = str, None, false
diff --git a/server/config/etc/sssd.api.d/sssd-ldap.conf b/server/config/etc/sssd.api.d/sssd-ldap.conf
index 73b8b0dc..6758ab49 100644
--- a/server/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/server/config/etc/sssd.api.d/sssd-ldap.conf
@@ -1,68 +1,68 @@
[provider/ldap]
-ldap_uri = str, None
-ldap_search_base = str, None
-ldap_schema = str, None, rfc2307
-ldap_default_bind_dn = str, None
-ldap_default_authtok_type = str, None
-ldap_default_authtok = str, None
-ldap_network_timeout = int, None
-ldap_opt_timeout = int, None
-ldap_offline_timeout = int, None
-ldap_tls_cacert = str, None
-ldap_tls_reqcert = str, None
-ldap_sasl_mech = str, None
-ldap_sasl_authid = str, None
-krb5_kdcip = str, None
-krb5_realm = str, None
-ldap_krb5_keytab = str, None
-ldap_krb5_init_creds = bool, None
-ldap_entry_usn = str, None
-ldap_rootdse_last_usn = str, None
-ldap_referrals = bool, None
+ldap_uri = str, None, true
+ldap_search_base = str, None, true
+ldap_schema = str, None, true, rfc2307
+ldap_default_bind_dn = str, None, false
+ldap_default_authtok_type = str, None, false
+ldap_default_authtok = str, None, false
+ldap_network_timeout = int, None, false
+ldap_opt_timeout = int, None, false
+ldap_offline_timeout = int, None, false
+ldap_tls_cacert = str, None, false
+ldap_tls_reqcert = str, None, false
+ldap_sasl_mech = str, None, false
+ldap_sasl_authid = str, None, false
+krb5_kdcip = str, None, false
+krb5_realm = str, None, false
+ldap_krb5_keytab = str, None, false
+ldap_krb5_init_creds = bool, None, false
+ldap_entry_usn = str, None, false
+ldap_rootdse_last_usn = str, None, false
+ldap_referrals = bool, None, false
[provider/ldap/id]
-ldap_search_timeout = int, None
-ldap_enumeration_refresh_timeout = int, None
-ldap_purge_cache_timeout = int, None
-ldap_id_use_start_tls = bool, None, false
-ldap_user_search_base = str, None
-ldap_user_search_scope = str, None
-ldap_user_search_filter = str, None
-ldap_user_object_class = str, None
-ldap_user_name = str, None
-ldap_user_uid_number = str, None
-ldap_user_gid_number = str, None
-ldap_user_gecos = str, None
-ldap_user_homedir = str, None
-ldap_user_shell = str, None
-ldap_user_uuid = str, None
-ldap_user_principal = str, None
-ldap_user_fullname = str, None
-ldap_user_member_of = str, None
-ldap_user_modify_timestamp = str, None
-ldap_user_shadow_last_change = str, None
-ldap_user_shadow_min = str, None
-ldap_user_shadow_max = str, None
-ldap_user_shadow_warning = str, None
-ldap_user_shadow_inactive = str, None
-ldap_user_shadow_expire = str, None
-ldap_user_shadow_flag = str, None
-ldap_user_krb_last_pwd_change = str, None
-ldap_user_krb_password_expiration = str, None
-ldap_pwd_attribute = str, None
-ldap_group_search_base = str, None
-ldap_group_search_scope = str, None
-ldap_group_search_filter = str, None
-ldap_group_object_class = str, None
-ldap_group_name = str, None
-ldap_group_gid_number = str, None
-ldap_group_member = str, None
-ldap_group_uuid = str, None
-ldap_group_modify_timestamp = str, None
-ldap_force_upper_case_realm = bool, None
+ldap_search_timeout = int, None, false
+ldap_enumeration_refresh_timeout = int, None, false
+ldap_purge_cache_timeout = int, None, false
+ldap_id_use_start_tls = bool, None, true, false
+ldap_user_search_base = str, None, false
+ldap_user_search_scope = str, None, false
+ldap_user_search_filter = str, None, false
+ldap_user_object_class = str, None, false
+ldap_user_name = str, None, false
+ldap_user_uid_number = str, None, false
+ldap_user_gid_number = str, None, false
+ldap_user_gecos = str, None, false
+ldap_user_homedir = str, None, false
+ldap_user_shell = str, None, false
+ldap_user_uuid = str, None, false
+ldap_user_principal = str, None, false
+ldap_user_fullname = str, None, false
+ldap_user_member_of = str, None, false
+ldap_user_modify_timestamp = str, None, false
+ldap_user_shadow_last_change = str, None, false
+ldap_user_shadow_min = str, None, false
+ldap_user_shadow_max = str, None, false
+ldap_user_shadow_warning = str, None, false
+ldap_user_shadow_inactive = str, None, false
+ldap_user_shadow_expire = str, None, false
+ldap_user_shadow_flag = str, None, false
+ldap_user_krb_last_pwd_change = str, None, false
+ldap_user_krb_password_expiration = str, None, false
+ldap_pwd_attribute = str, None, false
+ldap_group_search_base = str, None, false
+ldap_group_search_scope = str, None, false
+ldap_group_search_filter = str, None, false
+ldap_group_object_class = str, None, false
+ldap_group_name = str, None, false
+ldap_group_gid_number = str, None, false
+ldap_group_member = str, None, false
+ldap_group_uuid = str, None, false
+ldap_group_modify_timestamp = str, None, false
+ldap_force_upper_case_realm = bool, None, false
[provider/ldap/auth]
-ldap_pwd_policy = str, None
+ldap_pwd_policy = str, None, false
[provider/ldap/chpass]
diff --git a/server/config/etc/sssd.api.d/sssd-local.conf b/server/config/etc/sssd.api.d/sssd-local.conf
index 44e25221..0686f082 100644
--- a/server/config/etc/sssd.api.d/sssd-local.conf
+++ b/server/config/etc/sssd.api.d/sssd-local.conf
@@ -1,8 +1,8 @@
[provider/local]
[provider/local/id]
-default_shell = str, None, /bin/bash
-base_directory = str, None, /home
+default_shell = str, None, true, /bin/bash
+base_directory = str, None, true, /home
[provider/local/auth]
diff --git a/server/config/etc/sssd.api.d/sssd-proxy.conf b/server/config/etc/sssd.api.d/sssd-proxy.conf
index cc34eea2..7ecf6b33 100644
--- a/server/config/etc/sssd.api.d/sssd-proxy.conf
+++ b/server/config/etc/sssd.api.d/sssd-proxy.conf
@@ -1,7 +1,7 @@
[provider/proxy]
[provider/proxy/id]
-proxy_lib_name = str, None
+proxy_lib_name = str, None, true
[provider/proxy/auth]
-proxy_pam_target = str, None
+proxy_pam_target = str, None, true