diff options
-rw-r--r-- | server/config/SSSDConfig.py | 159 | ||||
-rwxr-xr-x | server/config/SSSDConfigTest.py | 149 | ||||
-rw-r--r-- | server/config/etc/sssd.api.conf | 74 | ||||
-rw-r--r-- | server/config/etc/sssd.api.d/sssd-ipa.conf | 136 | ||||
-rw-r--r-- | server/config/etc/sssd.api.d/sssd-krb5.conf | 16 | ||||
-rw-r--r-- | server/config/etc/sssd.api.d/sssd-ldap.conf | 120 | ||||
-rw-r--r-- | server/config/etc/sssd.api.d/sssd-local.conf | 4 | ||||
-rw-r--r-- | server/config/etc/sssd.api.d/sssd-proxy.conf | 4 |
8 files changed, 455 insertions, 207 deletions
diff --git a/server/config/SSSDConfig.py b/server/config/SSSDConfig.py index b751e4db..a004c33b 100644 --- a/server/config/SSSDConfig.py +++ b/server/config/SSSDConfig.py @@ -212,7 +212,8 @@ class SSSDConfigSchema(SSSDChangeConf): # Indexes PRIMARY_TYPE = 0 SUBTYPE = 1 - DEFAULT = 2 + MANDATORY = 2 + DEFAULT = 3 # Parse values parsed_options = {} @@ -223,24 +224,27 @@ class SSSDConfigSchema(SSSDChangeConf): primarytype = self.type_lookup[split_option[PRIMARY_TYPE]] subtype = self.type_lookup[split_option[SUBTYPE]] + mandatory = self.bool_lookup[split_option[MANDATORY]] if option_strings.has_key(option['name']): desc = option_strings[option['name']] else: desc = None - if optionlen == 2: + if optionlen == 3: # This option has no defaults parsed_options[option['name']] = \ (primarytype, subtype, + mandatory, desc, None) - elif optionlen == 3: + elif optionlen == 4: if type(split_option[DEFAULT]) == primarytype: parsed_options[option['name']] = \ (primarytype, subtype, + mandatory, desc, split_option[DEFAULT]) elif primarytype == list: @@ -248,6 +252,7 @@ class SSSDConfigSchema(SSSDChangeConf): parsed_options[option['name']] = \ (primarytype, subtype, + mandatory, desc, [split_option[DEFAULT]]) else: @@ -257,12 +262,14 @@ class SSSDConfigSchema(SSSDChangeConf): parsed_options[option['name']] = \ (primarytype, subtype, + mandatory, desc, [self.bool_lookup[split_option[DEFAULT].lower()]]) else: parsed_options[option['name']] = \ (primarytype, subtype, + mandatory, desc, [subtype(split_option[DEFAULT])]) except ValueError, KeyError: @@ -274,18 +281,20 @@ class SSSDConfigSchema(SSSDChangeConf): parsed_options[option['name']] = \ (primarytype, subtype, + mandatory, desc, self.bool_lookup[split_option[DEFAULT].lower()]) else: parsed_options[option['name']] = \ (primarytype, subtype, + mandatory, desc, primarytype(split_option[DEFAULT])) except ValueError, KeyError: raise ParsingError - elif optionlen > 3: + elif optionlen > 4: if (primarytype != list): raise ParsingError fixed_options = [] @@ -304,6 +313,7 @@ class SSSDConfigSchema(SSSDChangeConf): parsed_options[option['name']] = \ (primarytype, subtype, + mandatory, desc, fixed_options) else: @@ -326,9 +336,9 @@ class SSSDConfigSchema(SSSDChangeConf): raise NoSectionError(section) schema_options = self.get_options(section) - defaults = dict([(x,schema_options[x][3]) + defaults = dict([(x,schema_options[x][4]) for x in schema_options.keys() - if schema_options[x][3] != None]) + if schema_options[x][4] != None]) return defaults @@ -465,22 +475,23 @@ class SSSDService(SSSDConfigObject): self.options['config_file_version'] = 2 self.hidden_options.append('config_file_version') - def list_options(self): + def list_options_with_mandatory(self): """ - List all options that apply to this service + List options for the service, including the mandatory flag. === Returns === A dictionary of configurable options. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the - type is not a collection type), the translated option description, and - the default value (or 'None') as the value. + type is not a collection type), whether it is mandatory, the + translated option description, and the default value (or 'None') as + the value. Example: - { 'services' : - (list, str, u'SSSD Services to start', ['nss', 'pam']) } + { 'enumerate' : + (bool, None, False, u'Enable enumerating all users/groups', True) } === Errors === - No Errors + No errors """ options = {} @@ -493,6 +504,61 @@ class SSSDService(SSSDConfigObject): return options + def list_options(self): + """ + List all options that apply to this service + + === Returns === + A dictionary of configurable options. This dictionary is keyed on the + option name with a tuple of the variable type, subtype ('None' if the + type is not a collection type), the translated option description, and + the default value (or 'None') as the value. + + Example: + { 'services' : + (list, str, u'SSSD Services to start', ['nss', 'pam']) } + + === Errors === + No Errors + """ + options = self.list_options_with_mandatory() + + # Filter out the mandatory field to maintain compatibility + # with older versions of the API + filtered_options = {} + for key in options.keys(): + filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4]) + + return filtered_options + + def list_mandatory_options(self): + """ + List all mandatory options that apply to this service + + === Returns === + A dictionary of configurable options. This dictionary is keyed on the + option name with a tuple of the variable type, subtype ('None' if the + type is not a collection type), the translated option description, and + the default value (or 'None') as the value. + + Example: + { 'services' : + (list, str, u'SSSD Services to start', ['nss', 'pam']) } + + === Errors === + No Errors + """ + options = self.list_options_with_mandatory() + + # Filter out the mandatory field to maintain compatibility + # with older versions of the API + filtered_options = {} + for key in options.keys(): + if options[key][2]: + filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4]) + + return filtered_options + def set_option(self, optionname, value): """ Set a service option to the specified value (or values) @@ -636,19 +702,21 @@ class SSSDDomain(SSSDConfigObject): """ self.active = bool(active) - def list_options(self): + def list_options_with_mandatory(self): """ - List options available for the currently-configured providers. + List options for the currently-configured providers, including the + mandatory flag === Returns === A dictionary of configurable options. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the - type is not a collection type), the translated option description, and - the default value (or 'None') as the value. + type is not a collection type), whether it is mandatory, the + translated option description, and the default value (or 'None') as + the value. Example: { 'enumerate' : - (bool, None, u'Enable enumerating all users/groups', True) } + (bool, None, False, u'Enable enumerating all users/groups', True) } === Errors === No errors @@ -670,6 +738,61 @@ class SSSDDomain(SSSDConfigObject): options.update(schema_options) return options + def list_options(self): + """ + List options available for the currently-configured providers. + + === Returns === + A dictionary of configurable options. This dictionary is keyed on the + option name with a tuple of the variable type, subtype ('None' if the + type is not a collection type), the translated option description, and + the default value (or 'None') as the value. + + Example: + { 'enumerate' : + (bool, None, u'Enable enumerating all users/groups', True) } + + === Errors === + No errors + """ + options = self.list_options_with_mandatory() + + # Filter out the mandatory field to maintain compatibility + # with older versions of the API + filtered_options = {} + for key in options.keys(): + filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4]) + + return filtered_options + + def list_mandatory_options(self): + """ + List mandatory options for the currently-configured providers. + + === Returns === + A dictionary of configurable options. This dictionary is keyed on the + option name with a tuple of the variable type, subtype ('None' if the + type is not a collection type), the translated option description, and + the default value (or 'None') as the value. + + Example: + { 'enumerate' : + (bool, None, u'Enable enumerating all users/groups', True) } + + === Errors === + No errors + """ + options = self.list_options_with_mandatory() + + # Filter out the mandatory field to maintain compatibility + # with older versions of the API + filtered_options = {} + for key in options.keys(): + if options[key][2]: + filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4]) + + return filtered_options + def list_provider_options(self, provider, provider_type=None): """ If provider_type is specified, list all options applicable to that diff --git a/server/config/SSSDConfigTest.py b/server/config/SSSDConfigTest.py index 060bc673..153146f8 100755 --- a/server/config/SSSDConfigTest.py +++ b/server/config/SSSDConfigTest.py @@ -241,10 +241,44 @@ class SSSDConfigTestSSSDService(unittest.TestCase): "list_options is requiring a %s" % options['reconnection_retries'][1]) - self.assertTrue(options['reconnection_retries'][0] == int, - "reconnection_retries should default to 2. " + - "list_options specifies %d" % - options['reconnection_retries'][3]) + self.assertTrue(options['reconnection_retries'][3] == None, + "reconnection_retries should have no default") + + self.assertTrue(type(options['services']) == tuple, + "Option values should be a tuple") + + self.assertTrue(options['services'][0] == list, + "services should require an list. " + + "list_options is requiring a %s" % + options['services'][0]) + + self.assertTrue(options['services'][1] == str, + "services should require a subtype of str. " + + "list_options is requiring a %s" % + options['services'][1]) + + def testListMandatoryOptions(self): + service = SSSDConfig.SSSDService('sssd', self.schema) + + options = service.list_mandatory_options() + control_list = [ + 'services', + 'domains'] + + self.assertTrue(type(options) == dict, + "Options should be a dictionary") + + # Ensure that all of the expected defaults are there + for option in control_list: + self.assertTrue(option in options.keys(), + "Option [%s] missing" % + option) + + # Ensure that there aren't any unexpected options listed + for option in options.keys(): + self.assertTrue(option in control_list, + 'Option [%s] unexpectedly found' % + option) self.assertTrue(type(options['services']) == tuple, "Option values should be a tuple") @@ -299,9 +333,7 @@ class SSSDConfigTestSSSDService(unittest.TestCase): options = service.get_all_options() control_list = [ 'config_file_version', - 'services', - 'debug_level', - 'reconnection_retries'] + 'services'] self.assertTrue(type(options) == dict, "Options should be a dictionary") @@ -322,8 +354,8 @@ class SSSDConfigTestSSSDService(unittest.TestCase): service = SSSDConfig.SSSDService('sssd', self.schema) # Positive test - Remove an option that exists - self.assertEqual(service.get_option('debug_level'), 0) - service.remove_option('debug_level') + self.assertEqual(service.get_option('services'), ['nss', 'pam']) + service.remove_option('services') self.assertRaises(SSSDConfig.NoOptionError, service.get_option, 'debug_level') # Positive test - Remove an option that doesn't exist @@ -489,6 +521,101 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'Option [%s] unexpectedly found' % option) + def testListMandatoryOptions(self): + domain = SSSDConfig.SSSDDomain('sssd', self.schema) + + # First test default options + options = domain.list_mandatory_options() + control_list = [ + 'cache_credentials', + 'min_id', + 'id_provider', + 'auth_provider'] + + self.assertTrue(type(options) == dict, + "Options should be a dictionary") + + # Ensure that all of the expected defaults are there + for option in control_list: + self.assertTrue(option in options.keys(), + "Option [%s] missing" % + option) + + # Ensure that there aren't any unexpected options listed + for option in options.keys(): + self.assertTrue(option in control_list, + 'Option [%s] unexpectedly found' % + option) + + # Add a provider and verify that the new options appear + domain.add_provider('local', 'id') + control_list.extend( + ['default_shell', + 'base_directory']) + + options = domain.list_mandatory_options() + + self.assertTrue(type(options) == dict, + "Options should be a dictionary") + + # Ensure that all of the expected defaults are there + for option in control_list: + self.assertTrue(option in options.keys(), + "Option [%s] missing" % + option) + + # Ensure that there aren't any unexpected options listed + for option in options.keys(): + self.assertTrue(option in control_list, + 'Option [%s] unexpectedly found' % + option) + + # Add a provider that has global options and verify that + # The new options appear. + domain.add_provider('krb5', 'auth') + + backup_list = control_list[:] + control_list.extend( + ['krb5_kdcip', + 'krb5_realm']) + + options = domain.list_mandatory_options() + + self.assertTrue(type(options) == dict, + "Options should be a dictionary") + + # Ensure that all of the expected defaults are there + for option in control_list: + self.assertTrue(option in options.keys(), + "Option [%s] missing" % + option) + + # Ensure that there aren't any unexpected options listed + for option in options.keys(): + self.assertTrue(option in control_list, + 'Option [%s] unexpectedly found' % + option) + + # Remove the auth domain and verify that the options + # revert to the backup_list + domain.remove_provider('auth') + options = domain.list_mandatory_options() + + self.assertTrue(type(options) == dict, + "Options should be a dictionary") + + # Ensure that all of the expected defaults are there + for option in backup_list: + self.assertTrue(option in options.keys(), + "Option [%s] missing" % + option) + + # Ensure that there aren't any unexpected options listed + for option in options.keys(): + self.assertTrue(option in backup_list, + 'Option [%s] unexpectedly found' % + option) + def testListProviders(self): domain = SSSDConfig.SSSDDomain('sssd', self.schema) @@ -930,9 +1057,7 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase): control_list = [ 'config_file_version', - 'services', - 'debug_level', - 'reconnection_retries'] + 'services'] for option in control_list: self.assertTrue(sssdconfig.has_option('sssd', option), "Option [%s] missing from [sssd]" % diff --git a/server/config/etc/sssd.api.conf b/server/config/etc/sssd.api.conf index 20932679..19053538 100644 --- a/server/config/etc/sssd.api.conf +++ b/server/config/etc/sssd.api.conf @@ -1,59 +1,59 @@ # Format: -# option = type, subtype[, default] +# option = type, subtype, mandatory[, default] [service] # Options available to all services -debug_level = int, None -debug_timestamps = bool, None -debug_to_files = bool, None -command = str, None -reconnection_retries = int, None +debug_level = int, None, false +debug_timestamps = bool, None, false +debug_to_files = bool, None, false +command = str, None, false +reconnection_retries = int, None, false [sssd] # Monitor service -services = list, str, nss, pam -domains = list, str -timeout = int, None -sbus_timeout = int, None -re_expression = str, None -full_name_format = str, None +services = list, str, true, nss, pam +domains = list, str, true +timeout = int, None, false +sbus_timeout = int, None, false +re_expression = str, None, false +full_name_format = str, None, false [nss] # Name service -enum_cache_timeout = int, None -entry_cache_no_wait_percentage = int, None -entry_negative_timeout = int, None -filter_users = list, str -filter_groups = list, str -filter_users_in_groups = bool, None -pwfield = str, None +enum_cache_timeout = int, None, false +entry_cache_no_wait_percentage = int, None, false +entry_negative_timeout = int, None, false +filter_users = list, str, false +filter_groups = list, str, false +filter_users_in_groups = bool, None, false +pwfield = str, None, false [pam] # Authentication service -offline_credentials_expiration = int, None -offline_failed_login_attempts = int, None -offline_failed_login_delay = int, None +offline_credentials_expiration = int, None, false +offline_failed_login_attempts = int, None, false +offline_failed_login_delay = int, None, false [provider] #Available provider types -id_provider = str, None -auth_provider = str, None -access_provider = str, None -chpass_provider = str, None +id_provider = str, None, true +auth_provider = str, None, true +access_provider = str, None, false +chpass_provider = str, None, false [domain] # Options available to all domains -debug_level = int, None -debug_timestamps = bool, None -command = str, None -min_id = int, None, 1000 -max_id = int, None -timeout = int, None -enumerate = bool, None, true -cache_credentials = bool, None, false -store_legacy_passwords = bool, None -use_fully_qualified_names = bool, None -entry_cache_timeout = int, None +debug_level = int, None, false, 0 +debug_timestamps = bool, None, false +command = str, None, false +min_id = int, None, true, 1000 +max_id = int, None, false +timeout = int, None, false +enumerate = bool, None, false +cache_credentials = bool, None, true, false +store_legacy_passwords = bool, None, false +use_fully_qualified_names = bool, None, false +entry_cache_timeout = int, None, false # Special providers [provider/permit] diff --git a/server/config/etc/sssd.api.d/sssd-ipa.conf b/server/config/etc/sssd.api.d/sssd-ipa.conf index 7c1a8271..c2a12d5a 100644 --- a/server/config/etc/sssd.api.d/sssd-ipa.conf +++ b/server/config/etc/sssd.api.d/sssd-ipa.conf @@ -1,77 +1,77 @@ [provider/ipa] -ipa_domain = str, None -ipa_server = str, None -ipa_hostname = str, None -ldap_uri = str, None -ldap_search_base = str, None -ldap_schema = str, None -ldap_default_bind_dn = str, None -ldap_default_authtok_type = str, None -ldap_default_authtok = str, None -ldap_network_timeout = int, None -ldap_opt_timeout = int, None -ldap_offline_timeout = int, None -ldap_tls_cacert = str, None -ldap_tls_reqcert = str, None -ldap_sasl_mech = str, None -ldap_sasl_authid = str, None -krb5_kdcip = str, None -krb5_realm = str, None -krb5_auth_timeout = int, None -ldap_krb5_keytab = str, None -ldap_krb5_init_creds = bool, None -ldap_entry_usn = str, None -ldap_rootdse_last_usn = str, None -ldap_referrals = bool, None +ipa_domain = str, None, true +ipa_server = str, None, true +ipa_hostname = str, None, false +ldap_uri = str, None, false +ldap_search_base = str, None, false +ldap_schema = str, None, false +ldap_default_bind_dn = str, None, false +ldap_default_authtok_type = str, None, false +ldap_default_authtok = str, None, false +ldap_network_timeout = int, None, false +ldap_opt_timeout = int, None, false +ldap_offline_timeout = int, None, false +ldap_tls_cacert = str, None, false +ldap_tls_reqcert = str, None, false +ldap_sasl_mech = str, None, false +ldap_sasl_authid = str, None, false +krb5_kdcip = str, None, false +krb5_realm = str, None, false +krb5_auth_timeout = int, None, false +ldap_krb5_keytab = str, None, false +ldap_krb5_init_creds = bool, None, false +ldap_entry_usn = str, None, false +ldap_rootdse_last_usn = str, None, false +ldap_referrals = bool, None, false [provider/ipa/id] -ldap_search_timeout = int, None -ldap_enumeration_refresh_timeout = int, None -ldap_purge_cache_timeout = int, None -ldap_id_use_start_tls = bool, None -ldap_user_search_base = str, None -ldap_user_search_scope = str, None -ldap_user_search_filter = str, None -ldap_user_object_class = str, None -ldap_user_name = str, None -ldap_user_uid_number = str, None -ldap_user_gid_number = str, None -ldap_user_gecos = str, None -ldap_user_homedir = str, None -ldap_user_shell = str, None -ldap_user_uuid = str, None -ldap_user_principal = str, None -ldap_user_fullname = str, None -ldap_user_member_of = str, None -ldap_user_modify_timestamp = str, None -ldap_user_shadow_last_change = str, None -ldap_user_shadow_min = str, None -ldap_user_shadow_max = str, None -ldap_user_shadow_warning = str, None -ldap_user_shadow_inactive = str, None -ldap_user_shadow_expire = str, None -ldap_user_shadow_flag = str, None -ldap_user_krb_last_pwd_change = str, None -ldap_user_krb_password_expiration = str, None -ldap_pwd_attribute = str, None -ldap_group_search_base = str, None -ldap_group_search_scope = str, None -ldap_group_search_filter = str, None -ldap_group_object_class = str, None -ldap_group_name = str, None -ldap_group_gid_number = str, None -ldap_group_member = str, None -ldap_group_uuid = str, None -ldap_group_modify_timestamp = str, None -ldap_force_upper_case_realm = bool, None +ldap_search_timeout = int, None, false +ldap_enumeration_refresh_timeout = int, None, false +ldap_purge_cache_timeout = int, None, false +ldap_id_use_start_tls = bool, None, false +ldap_user_search_base = str, None, false +ldap_user_search_scope = str, None, false +ldap_user_search_filter = str, None, false +ldap_user_object_class = str, None, false +ldap_user_name = str, None, false +ldap_user_uid_number = str, None, false +ldap_user_gid_number = str, None, false +ldap_user_gecos = str, None, false +ldap_user_homedir = str, None, false +ldap_user_shell = str, None, false +ldap_user_uuid = str, None, false +ldap_user_principal = str, None, false +ldap_user_fullname = str, None, false +ldap_user_member_of = str, None, false +ldap_user_modify_timestamp = str, None, false +ldap_user_shadow_last_change = str, None, false +ldap_user_shadow_min = str, None, false +ldap_user_shadow_max = str, None, false +ldap_user_shadow_warning = str, None, false +ldap_user_shadow_inactive = str, None, false +ldap_user_shadow_expire = str, None, false +ldap_user_shadow_flag = str, None, false +ldap_user_krb_last_pwd_change = str, None, false +ldap_user_krb_password_expiration = str, None, false +ldap_pwd_attribute = str, None, false +ldap_group_search_base = str, None, false +ldap_group_search_scope = str, None, false +ldap_group_search_filter = str, None, false +ldap_group_object_class = str, None, false +ldap_group_name = str, None, false +ldap_group_gid_number = str, None, false +ldap_group_member = str, None, false +ldap_group_uuid = str, None, false +ldap_group_modify_timestamp = str, None, false +ldap_force_upper_case_realm = bool, None, false [provider/ipa/auth] -krb5_ccachedir = str, None -krb5_ccname_template = str, None -krb5_keytab = str, None -krb5_validate = bool, None +krb5_ccachedir = str, None, false +krb5_ccname_template = str, None, false +krb5_keytab = str, None, false +krb5_validate = bool, None, false [provider/ipa/access] [provider/ipa/chpass] -krb5_changepw_principal = str, None +krb5_changepw_principal = str, None, false diff --git a/server/config/etc/sssd.api.d/sssd-krb5.conf b/server/config/etc/sssd.api.d/sssd-krb5.conf index 0cf0e727..7ba0ab32 100644 --- a/server/config/etc/sssd.api.d/sssd-krb5.conf +++ b/server/config/etc/sssd.api.d/sssd-krb5.conf @@ -1,13 +1,13 @@ [provider/krb5] -krb5_kdcip = str, None -krb5_realm = str, None -krb5_auth_timeout = int, None +krb5_kdcip = str, None, true +krb5_realm = str, None, true +krb5_auth_timeout = int, None, false [provider/krb5/auth] -krb5_ccachedir = str, None -krb5_ccname_template = str, None -krb5_keytab = str, None -krb5_validate = bool, None +krb5_ccachedir = str, None, false +krb5_ccname_template = str, None, false +krb5_keytab = str, None, false +krb5_validate = bool, None, false [provider/krb5/chpass] -krb5_changepw_principal = str, None +krb5_changepw_principal = str, None, false diff --git a/server/config/etc/sssd.api.d/sssd-ldap.conf b/server/config/etc/sssd.api.d/sssd-ldap.conf index 73b8b0dc..6758ab49 100644 --- a/server/config/etc/sssd.api.d/sssd-ldap.conf +++ b/server/config/etc/sssd.api.d/sssd-ldap.conf @@ -1,68 +1,68 @@ [provider/ldap] -ldap_uri = str, None -ldap_search_base = str, None -ldap_schema = str, None, rfc2307 -ldap_default_bind_dn = str, None -ldap_default_authtok_type = str, None -ldap_default_authtok = str, None -ldap_network_timeout = int, None -ldap_opt_timeout = int, None -ldap_offline_timeout = int, None -ldap_tls_cacert = str, None -ldap_tls_reqcert = str, None -ldap_sasl_mech = str, None -ldap_sasl_authid = str, None -krb5_kdcip = str, None -krb5_realm = str, None -ldap_krb5_keytab = str, None -ldap_krb5_init_creds = bool, None -ldap_entry_usn = str, None -ldap_rootdse_last_usn = str, None -ldap_referrals = bool, None +ldap_uri = str, None, true +ldap_search_base = str, None, true +ldap_schema = str, None, true, rfc2307 +ldap_default_bind_dn = str, None, false +ldap_default_authtok_type = str, None, false +ldap_default_authtok = str, None, false +ldap_network_timeout = int, None, false +ldap_opt_timeout = int, None, false +ldap_offline_timeout = int, None, false +ldap_tls_cacert = str, None, false +ldap_tls_reqcert = str, None, false +ldap_sasl_mech = str, None, false +ldap_sasl_authid = str, None, false +krb5_kdcip = str, None, false +krb5_realm = str, None, false +ldap_krb5_keytab = str, None, false +ldap_krb5_init_creds = bool, None, false +ldap_entry_usn = str, None, false +ldap_rootdse_last_usn = str, None, false +ldap_referrals = bool, None, false [provider/ldap/id] -ldap_search_timeout = int, None -ldap_enumeration_refresh_timeout = int, None -ldap_purge_cache_timeout = int, None -ldap_id_use_start_tls = bool, None, false -ldap_user_search_base = str, None -ldap_user_search_scope = str, None -ldap_user_search_filter = str, None -ldap_user_object_class = str, None -ldap_user_name = str, None -ldap_user_uid_number = str, None -ldap_user_gid_number = str, None -ldap_user_gecos = str, None -ldap_user_homedir = str, None -ldap_user_shell = str, None -ldap_user_uuid = str, None -ldap_user_principal = str, None -ldap_user_fullname = str, None -ldap_user_member_of = str, None -ldap_user_modify_timestamp = str, None -ldap_user_shadow_last_change = str, None -ldap_user_shadow_min = str, None -ldap_user_shadow_max = str, None -ldap_user_shadow_warning = str, None -ldap_user_shadow_inactive = str, None -ldap_user_shadow_expire = str, None -ldap_user_shadow_flag = str, None -ldap_user_krb_last_pwd_change = str, None -ldap_user_krb_password_expiration = str, None -ldap_pwd_attribute = str, None -ldap_group_search_base = str, None -ldap_group_search_scope = str, None -ldap_group_search_filter = str, None -ldap_group_object_class = str, None -ldap_group_name = str, None -ldap_group_gid_number = str, None -ldap_group_member = str, None -ldap_group_uuid = str, None -ldap_group_modify_timestamp = str, None -ldap_force_upper_case_realm = bool, None +ldap_search_timeout = int, None, false +ldap_enumeration_refresh_timeout = int, None, false +ldap_purge_cache_timeout = int, None, false +ldap_id_use_start_tls = bool, None, true, false +ldap_user_search_base = str, None, false +ldap_user_search_scope = str, None, false +ldap_user_search_filter = str, None, false +ldap_user_object_class = str, None, false +ldap_user_name = str, None, false +ldap_user_uid_number = str, None, false +ldap_user_gid_number = str, None, false +ldap_user_gecos = str, None, false +ldap_user_homedir = str, None, false +ldap_user_shell = str, None, false +ldap_user_uuid = str, None, false +ldap_user_principal = str, None, false +ldap_user_fullname = str, None, false +ldap_user_member_of = str, None, false +ldap_user_modify_timestamp = str, None, false +ldap_user_shadow_last_change = str, None, false +ldap_user_shadow_min = str, None, false +ldap_user_shadow_max = str, None, false +ldap_user_shadow_warning = str, None, false +ldap_user_shadow_inactive = str, None, false +ldap_user_shadow_expire = str, None, false +ldap_user_shadow_flag = str, None, false +ldap_user_krb_last_pwd_change = str, None, false +ldap_user_krb_password_expiration = str, None, false +ldap_pwd_attribute = str, None, false +ldap_group_search_base = str, None, false +ldap_group_search_scope = str, None, false +ldap_group_search_filter = str, None, false +ldap_group_object_class = str, None, false +ldap_group_name = str, None, false +ldap_group_gid_number = str, None, false +ldap_group_member = str, None, false +ldap_group_uuid = str, None, false +ldap_group_modify_timestamp = str, None, false +ldap_force_upper_case_realm = bool, None, false [provider/ldap/auth] -ldap_pwd_policy = str, None +ldap_pwd_policy = str, None, false [provider/ldap/chpass] diff --git a/server/config/etc/sssd.api.d/sssd-local.conf b/server/config/etc/sssd.api.d/sssd-local.conf index 44e25221..0686f082 100644 --- a/server/config/etc/sssd.api.d/sssd-local.conf +++ b/server/config/etc/sssd.api.d/sssd-local.conf @@ -1,8 +1,8 @@ [provider/local] [provider/local/id] -default_shell = str, None, /bin/bash -base_directory = str, None, /home +default_shell = str, None, true, /bin/bash +base_directory = str, None, true, /home [provider/local/auth] diff --git a/server/config/etc/sssd.api.d/sssd-proxy.conf b/server/config/etc/sssd.api.d/sssd-proxy.conf index cc34eea2..7ecf6b33 100644 --- a/server/config/etc/sssd.api.d/sssd-proxy.conf +++ b/server/config/etc/sssd.api.d/sssd-proxy.conf @@ -1,7 +1,7 @@ [provider/proxy] [provider/proxy/id] -proxy_lib_name = str, None +proxy_lib_name = str, None, true [provider/proxy/auth] -proxy_pam_target = str, None +proxy_pam_target = str, None, true |