diff options
author | Pavel Březina <pbrezina@redhat.com> | 2012-01-12 09:41:52 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-01-17 11:38:15 -0500 |
commit | f643754db81eeade60485bbe3d80324d889cc4f3 (patch) | |
tree | 7810f368bf11fdc3ea98f9de642dd3ef0fca3271 /src/config | |
parent | 2be3039b8fc8ec07a323d15060123366da786dc5 (diff) | |
download | sssd-f643754db81eeade60485bbe3d80324d889cc4f3.tar.gz sssd-f643754db81eeade60485bbe3d80324d889cc4f3.tar.bz2 sssd-f643754db81eeade60485bbe3d80324d889cc4f3.zip |
SUDO Integration review issues
Diffstat (limited to 'src/config')
-rw-r--r-- | src/config/SSSDConfig.py | 14 | ||||
-rwxr-xr-x | src/config/SSSDConfigTest.py | 8 | ||||
-rw-r--r-- | src/config/etc/sssd.api.conf | 1 | ||||
-rw-r--r-- | src/config/etc/sssd.api.d/sssd-ldap.conf | 14 |
4 files changed, 34 insertions, 3 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index 44bfb69f..0a73893b 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -238,6 +238,20 @@ option_strings = { 'ldap_chpass_uri' : _('URI of an LDAP server where password changes are allowed'), 'ldap_chpass_dns_service_name' : _('DNS service name for LDAP password change server'), + # [provider/ldap/sudo] + 'ldap_sudo_search_base' : _('Base DN for sudo rules lookups'), + 'ldap_sudorule_object_class' : _('Object class for sudo rules'), + 'ldap_sudorule_name' : _('Sudo rule name'), + 'ldap_sudorule_command' : _('Sudo rule command attribute'), + 'ldap_sudorule_host' : _('Sudo rule host attribute'), + 'ldap_sudorule_user' : _('Sudo rule user attribute'), + 'ldap_sudorule_option' : _('Sudo rule option attribute'), + 'ldap_sudorule_runasuser' : _('Sudo rule runasuser attribute'), + 'ldap_sudorule_runasgroup' : _('Sudo rule runasgroup attribute'), + 'ldap_sudorule_notbefore' : _('Sudo rule notbefore attribute'), + 'ldap_sudorule_notafter' : _('Sudo rule notafter attribute'), + 'ldap_sudorule_order' : _('Sudo rule order attribute'), + # [provider/simple/access] 'simple_allow_users' : _('Comma separated list of allowed users'), 'simple_deny_users' : _('Comma separated list of prohibited users'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 8421a091..afc207c0 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -489,7 +489,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'id_provider', 'auth_provider', 'access_provider', - 'chpass_provider'] + 'chpass_provider', + 'sudo_provider'] self.assertTrue(type(options) == dict, "Options should be a dictionary") @@ -681,7 +682,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): control_provider_dict = { 'ipa': ['id', 'auth', 'access', 'chpass'], 'local': ['id', 'auth', 'chpass'], - 'ldap': ['id', 'auth', 'access', 'chpass'], + 'ldap': ['id', 'auth', 'access', 'chpass', 'sudo'], 'krb5': ['auth', 'access', 'chpass'], 'proxy': ['id', 'auth'], 'simple': ['access'], @@ -807,7 +808,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'id_provider', 'auth_provider', 'access_provider', - 'chpass_provider'] + 'chpass_provider', + 'sudo_provider'] self.assertTrue(type(options) == dict, "Options should be a dictionary") diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index c2c425ce..34b67dec 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -49,6 +49,7 @@ id_provider = str, None, true auth_provider = str, None, false access_provider = str, None, false chpass_provider = str, None, false +sudo_provider = str, None, false [domain] # Options available to all domains diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 9a89bfe2..b155c2bc 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -106,3 +106,17 @@ ldap_access_order = str, None, false [provider/ldap/chpass] ldap_chpass_uri = str, None, false ldap_chpass_dns_service_name = str, None, false + +[provider/ldap/sudo] +ldap_sudo_search_base = str, None, false +ldap_sudorule_object_class = str, None, false +ldap_sudorule_name = str, None, false +ldap_sudorule_command = str, None, false +ldap_sudorule_host = str, None, false +ldap_sudorule_user = str, None, false +ldap_sudorule_option = str, None, false +ldap_sudorule_runasuser = str, None, false +ldap_sudorule_runasgroup = str, None, false +ldap_sudorule_notbefore = str, None, false +ldap_sudorule_notafter = str, None, false +ldap_sudorule_order = str, None, false |