diff options
author | Pavel Březina <pbrezina@redhat.com> | 2012-06-26 09:48:15 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-06-29 11:37:18 -0400 |
commit | 9af677f3bae3a7c1386867e4d42970555b3d6b9a (patch) | |
tree | b1a464e6a2f5d70afddca3875d126521c952276e /src/config | |
parent | 7b74632f498dd1edf69294b597a4d92ec6d73b9f (diff) | |
download | sssd-9af677f3bae3a7c1386867e4d42970555b3d6b9a.tar.gz sssd-9af677f3bae3a7c1386867e4d42970555b3d6b9a.tar.bz2 sssd-9af677f3bae3a7c1386867e4d42970555b3d6b9a.zip |
sudo: add host info options
Adds some option that allows to manually configure a host filter.
ldap_sudo_use_host_filter - if false, we will download all rules regardless their sudoHost attribute
ldap_sudo_hostnames - list hostnames and/or fqdn that should be downloaded, separated with spaces
ldap_sudo_ip - list of IPv4/6 address and/or network that should be downloaded, separated with spaces
ldap_sudo_include_netgroups - include rules that contains netgroup in sudoHost
ldap_sudo_include_regexp - include rules that contains regular expression in sudoHost
Diffstat (limited to 'src/config')
-rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 5 | ||||
-rw-r--r-- | src/config/etc/sssd.api.d/sssd-ldap.conf | 5 |
2 files changed, 10 insertions, 0 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 2bd6e349..99ccc5ab 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -294,6 +294,11 @@ option_strings = { 'ldap_sudo_search_base' : _('Base DN for sudo rules lookups'), 'ldap_sudo_full_refresh_interval' : _('Automatic full refresh period'), 'ldap_sudo_smart_refresh_interval' : _('Automatic smart refresh period'), + 'ldap_sudo_use_host_filter' : _('Whether to filter rules by hostname, IP addresses and network'), + 'ldap_sudo_hostnames' : _('Hostnames and/or fully qualified domain names of this machine to filter sudo rules'), + 'ldap_sudo_ip' : _('IPv4 or IPv6 addresses or network of this machine to filter sudo rules'), + 'ldap_sudo_include_netgroups' : _('Whether to include rules that contains netgroup in host attribute'), + 'ldap_sudo_include_regexp' : _('Whether to include rules that contains regular expression in host attribute'), 'ldap_sudorule_object_class' : _('Object class for sudo rules'), 'ldap_sudorule_name' : _('Sudo rule name'), 'ldap_sudorule_command' : _('Sudo rule command attribute'), diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 6838a71f..2af849ff 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -130,6 +130,11 @@ ldap_chpass_dns_service_name = str, None, false ldap_sudo_search_base = str, None, false ldap_sudo_full_refresh_interval = int, None, false ldap_sudo_smart_refresh_interval = int, None, false +ldap_sudo_use_host_filter = bool, None, false +ldap_sudo_hostnames = str, None, false +ldap_sudo_ip = str, None, false +ldap_sudo_include_netgroups = bool, None, false +ldap_sudo_include_regexp = bool, None, false ldap_sudorule_object_class = str, None, false ldap_sudorule_name = str, None, false ldap_sudorule_command = str, None, false |