summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--server/config/SSSDConfigTest.py29
-rw-r--r--server/config/etc/sssd.api.conf25
-rw-r--r--server/config/etc/sssd.api.d/sssd-ldap.conf35
3 files changed, 68 insertions, 21 deletions
diff --git a/server/config/SSSDConfigTest.py b/server/config/SSSDConfigTest.py
index b597f760..2a00a99f 100644
--- a/server/config/SSSDConfigTest.py
+++ b/server/config/SSSDConfigTest.py
@@ -204,10 +204,13 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
'config_file_version',
'services',
'domains',
+ 'timeout',
'sbus_timeout',
're_expression',
'full_name_format',
'debug_level',
+ 'debug_timestamps',
+ 'debug_to_files',
'command',
'reconnection_retries']
@@ -313,9 +316,6 @@ class SSSDConfigTestSSSDService(unittest.TestCase):
control_list = [
'config_file_version',
'services',
- 'sbus_timeout',
- 're_expression',
- 'full_name_format',
'debug_level',
'reconnection_retries']
@@ -413,9 +413,11 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'min_id',
'max_id',
'timeout',
+ 'command',
'magic_private_groups',
'enumerate',
'cache_credentials',
+ 'store_legacy_passwords',
'use_fully_qualified_names',
'id_provider',
'auth_provider',
@@ -526,13 +528,23 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
domain = SSSDConfig.SSSDDomain('sssd', self.schema)
control_provider_dict = {
+ 'local': ('id', 'auth', 'access', 'chpass'),
+ 'ldap': ('id', 'auth', 'chpass'),
'krb5': ('auth', 'access', 'chpass'),
- 'local': ('auth', 'chpass', 'access', 'id'),
- 'ldap': ('id', 'auth')}
+ 'proxy': ('id', 'auth')}
providers = domain.list_providers()
- self.assertEqual(providers, control_provider_dict)
+ # Ensure that all of the expected defaults are there
+ for provider in control_provider_dict.keys():
+ for ptype in control_provider_dict[provider]:
+ self.assertTrue(providers.has_key(provider))
+ self.assertTrue(ptype in providers[provider])
+
+ for provider in providers.keys():
+ for ptype in providers[provider]:
+ self.assertTrue(control_provider_dict.has_key(provider))
+ self.assertTrue(ptype in control_provider_dict[provider])
def testListProviderOptions(self):
domain = SSSDConfig.SSSDDomain('sssd', self.schema)
@@ -620,9 +632,11 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'min_id',
'max_id',
'timeout',
+ 'command',
'magic_private_groups',
'enumerate',
'cache_credentials',
+ 'store_legacy_passwords',
'use_fully_qualified_names',
'id_provider',
'auth_provider',
@@ -943,9 +957,6 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
control_list = [
'config_file_version',
'services',
- 'sbus_timeout',
- 're_expression',
- 'full_name_format',
'debug_level',
'reconnection_retries']
for option in control_list:
diff --git a/server/config/etc/sssd.api.conf b/server/config/etc/sssd.api.conf
index 04634ca5..99e87b91 100644
--- a/server/config/etc/sssd.api.conf
+++ b/server/config/etc/sssd.api.conf
@@ -4,6 +4,8 @@
[service]
# Options available to all services
debug_level = int, None, 0
+debug_timestamps = bool, None
+debug_to_files = bool, None
command = str, None
reconnection_retries = int, None, 3
@@ -12,19 +14,20 @@ reconnection_retries = int, None, 3
config_file_version = int, None, 2
services = list, str, nss, pam
domains = list, str
-sbus_timeout = int, None, -1
-re_expression = str, None, (?P<name>[^@]+)@?(?P<domain>[^@]*$)
-full_name_format = str, None, %1$s@%2$s
+timeout = int, None
+sbus_timeout = int, None
+re_expression = str, None
+full_name_format = str, None
[nss]
# Name service
-nss_enum_cache_timeout = int, None
-nss_entry_cache_timeout = int, None
-nss_entry_cache_no_wait_timeout = int, None
-nss_entry_negative_timeout = int, None
-nss_filter_users = list, str, root
-nss_filter_groups = list, str, root
-nss_filter_users_in_groups = bool, None, true
+enum_cache_timeout = int, None
+entry_cache_timeout = int, None
+entry_cache_no_wait_timeout = int, None
+entry_negative_timeout = int, None
+filter_users = list, str, root
+filter_groups = list, str, root
+filter_users_in_groups = bool, None, true
[pam]
# Authentication service
@@ -39,10 +42,12 @@ chpass_provider = str, None
[domain]
# Options available to all domains
debug_level = int, None, 0
+command = str, None
min_id = int, None, 1000
max_id = int, None
timeout = int, None, 0
magic_private_groups = bool, None, false
enumerate = bool, None, true
cache_credentials = bool, None, false
+store_legacy_passwords = bool, None, false
use_fully_qualified_names = bool, None, false
diff --git a/server/config/etc/sssd.api.d/sssd-ldap.conf b/server/config/etc/sssd.api.d/sssd-ldap.conf
index 700de021..3aa1fb05 100644
--- a/server/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/server/config/etc/sssd.api.d/sssd-ldap.conf
@@ -6,10 +6,24 @@ ldap_default_authtok_type = str, None
ldap_default_authtok = str, None
ldap_network_timeout = int, None
ldap_opt_timeout = int, None
+ldap_offline_timeout = int, None
+ldap_stale_time = int, None
+ldap_tls_cacert = str, None
ldap_tls_reqcert = str, None
+ldap_sasl_mech = str, None
+ldap_sasl_authid = str, None
+krb5_kdcip = str, None
+krb5_realm = str, None
+ldap_krb5_keytab = str, None
+ldap_krb5_init_creds = bool, None
[provider/ldap/id]
+ldap_search_timeout = int, None
+ldap_enumeration_refresh_timeout = int, None
+ldap_id_use_start_tls = bool, None, false
ldap_user_search_base = str, None
+ldap_user_search_scope = str, None
+ldap_user_search_filter = str, None
ldap_user_object_class = str, None
ldap_user_name = str, None
ldap_user_uid_number = str, None
@@ -20,13 +34,30 @@ ldap_user_shell = str, None
ldap_user_uuid = str, None
ldap_user_principal = str, None
ldap_user_fullname = str, None
-ldap_user_memberof = str, None
+ldap_user_member_of = str, None
+ldap_user_modify_timestamp = str, None
+ldap_user_shadow_last_change = str, None
+ldap_user_shadow_min = str, None
+ldap_user_shadow_max = str, None
+ldap_user_shadow_warning = str, None
+ldap_user_shadow_inactive = str, None
+ldap_user_shadow_expire = str, None
+ldap_user_shadow_flag = str, None
+ldap_user_krb_last_pwd_change = str, None
+ldap_user_krb_password_expiration = str, None
+ldap_pwd_attribute = str, None
ldap_group_search_base = str, None
+ldap_group_search_scope = str, None
+ldap_group_search_filter = str, None
ldap_group_object_class = str, None
ldap_group_name = str, None
ldap_group_gid_number = str, None
ldap_group_member = str, None
-ldap_group_UUID = str, None
+ldap_group_uuid = str, None
+ldap_group_modify_timestamp = str, None
ldap_force_upper_case_realm = bool, None
[provider/ldap/auth]
+
+[provider/ldap/chpass]
+