summaryrefslogtreecommitdiff
path: root/src/config
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2012-01-12 09:41:52 +0100
committerStephen Gallagher <sgallagh@redhat.com>2012-01-17 11:38:15 -0500
commitf643754db81eeade60485bbe3d80324d889cc4f3 (patch)
tree7810f368bf11fdc3ea98f9de642dd3ef0fca3271 /src/config
parent2be3039b8fc8ec07a323d15060123366da786dc5 (diff)
downloadsssd-f643754db81eeade60485bbe3d80324d889cc4f3.tar.gz
sssd-f643754db81eeade60485bbe3d80324d889cc4f3.tar.bz2
sssd-f643754db81eeade60485bbe3d80324d889cc4f3.zip
SUDO Integration review issues
Diffstat (limited to 'src/config')
-rw-r--r--src/config/SSSDConfig.py14
-rwxr-xr-xsrc/config/SSSDConfigTest.py8
-rw-r--r--src/config/etc/sssd.api.conf1
-rw-r--r--src/config/etc/sssd.api.d/sssd-ldap.conf14
4 files changed, 34 insertions, 3 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 44bfb69f..0a73893b 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -238,6 +238,20 @@ option_strings = {
'ldap_chpass_uri' : _('URI of an LDAP server where password changes are allowed'),
'ldap_chpass_dns_service_name' : _('DNS service name for LDAP password change server'),
+ # [provider/ldap/sudo]
+ 'ldap_sudo_search_base' : _('Base DN for sudo rules lookups'),
+ 'ldap_sudorule_object_class' : _('Object class for sudo rules'),
+ 'ldap_sudorule_name' : _('Sudo rule name'),
+ 'ldap_sudorule_command' : _('Sudo rule command attribute'),
+ 'ldap_sudorule_host' : _('Sudo rule host attribute'),
+ 'ldap_sudorule_user' : _('Sudo rule user attribute'),
+ 'ldap_sudorule_option' : _('Sudo rule option attribute'),
+ 'ldap_sudorule_runasuser' : _('Sudo rule runasuser attribute'),
+ 'ldap_sudorule_runasgroup' : _('Sudo rule runasgroup attribute'),
+ 'ldap_sudorule_notbefore' : _('Sudo rule notbefore attribute'),
+ 'ldap_sudorule_notafter' : _('Sudo rule notafter attribute'),
+ 'ldap_sudorule_order' : _('Sudo rule order attribute'),
+
# [provider/simple/access]
'simple_allow_users' : _('Comma separated list of allowed users'),
'simple_deny_users' : _('Comma separated list of prohibited users'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 8421a091..afc207c0 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -489,7 +489,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'id_provider',
'auth_provider',
'access_provider',
- 'chpass_provider']
+ 'chpass_provider',
+ 'sudo_provider']
self.assertTrue(type(options) == dict,
"Options should be a dictionary")
@@ -681,7 +682,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
control_provider_dict = {
'ipa': ['id', 'auth', 'access', 'chpass'],
'local': ['id', 'auth', 'chpass'],
- 'ldap': ['id', 'auth', 'access', 'chpass'],
+ 'ldap': ['id', 'auth', 'access', 'chpass', 'sudo'],
'krb5': ['auth', 'access', 'chpass'],
'proxy': ['id', 'auth'],
'simple': ['access'],
@@ -807,7 +808,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'id_provider',
'auth_provider',
'access_provider',
- 'chpass_provider']
+ 'chpass_provider',
+ 'sudo_provider']
self.assertTrue(type(options) == dict,
"Options should be a dictionary")
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index c2c425ce..34b67dec 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -49,6 +49,7 @@ id_provider = str, None, true
auth_provider = str, None, false
access_provider = str, None, false
chpass_provider = str, None, false
+sudo_provider = str, None, false
[domain]
# Options available to all domains
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index 9a89bfe2..b155c2bc 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -106,3 +106,17 @@ ldap_access_order = str, None, false
[provider/ldap/chpass]
ldap_chpass_uri = str, None, false
ldap_chpass_dns_service_name = str, None, false
+
+[provider/ldap/sudo]
+ldap_sudo_search_base = str, None, false
+ldap_sudorule_object_class = str, None, false
+ldap_sudorule_name = str, None, false
+ldap_sudorule_command = str, None, false
+ldap_sudorule_host = str, None, false
+ldap_sudorule_user = str, None, false
+ldap_sudorule_option = str, None, false
+ldap_sudorule_runasuser = str, None, false
+ldap_sudorule_runasgroup = str, None, false
+ldap_sudorule_notbefore = str, None, false
+ldap_sudorule_notafter = str, None, false
+ldap_sudorule_order = str, None, false