summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/config/SSSDConfig/__init__.py.in1
-rw-r--r--src/config/etc/sssd.api.d/sssd-ldap.conf1
-rw-r--r--src/providers/ipa/ipa_opts.h1
-rw-r--r--src/providers/ldap/ldap_opts.h1
-rw-r--r--src/providers/ldap/sdap.h1
5 files changed, 5 insertions, 0 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 9d7084fc..d0831109 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -293,6 +293,7 @@ option_strings = {
# [provider/ldap/sudo]
'ldap_sudo_search_base' : _('Base DN for sudo rules lookups'),
+ 'ldap_sudo_full_refresh_interval' : _('Automatic full refresh period'),
'ldap_sudo_refresh_enabled' : _('Enable periodical update of all sudo rules'),
'ldap_sudo_refresh_timeout' : _('Length of time between rules updates'),
'ldap_sudorule_object_class' : _('Object class for sudo rules'),
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index cfd47e5e..89cd4dd2 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -128,6 +128,7 @@ ldap_chpass_dns_service_name = str, None, false
[provider/ldap/sudo]
ldap_sudo_search_base = str, None, false
+ldap_sudo_full_refresh_interval = int, None, false
ldap_sudo_refresh_enabled = bool, None, false
ldap_sudo_refresh_timeout = int, None, false
ldap_sudorule_object_class = str, None, false
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index 2a901bda..e669c7d7 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -69,6 +69,7 @@ struct dp_option ipa_def_ldap_opts[] = {
{ "ldap_sudo_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_sudo_refresh_enabled", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
{ "ldap_sudo_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER },
+ { "ldap_sudo_full_refresh_interval", DP_OPT_NUMBER, { .number = 21600 }, NULL_NUMBER },
{ "ldap_autofs_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_schema", DP_OPT_STRING, { "ipa_v1" }, NULL_STRING },
{ "ldap_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER },
diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h
index 2d08f7a6..27f3ce43 100644
--- a/src/providers/ldap/ldap_opts.h
+++ b/src/providers/ldap/ldap_opts.h
@@ -49,6 +49,7 @@ struct dp_option default_basic_opts[] = {
{ "ldap_sudo_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_sudo_refresh_enabled", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
{ "ldap_sudo_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER },
+ { "ldap_sudo_full_refresh_interval", DP_OPT_NUMBER, { .number = 21600 }, NULL_NUMBER }, /* 360 mins */
{ "ldap_autofs_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_schema", DP_OPT_STRING, { "rfc2307" }, NULL_STRING },
{ "ldap_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER },
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 253b08c5..ae5bcb01 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -168,6 +168,7 @@ enum sdap_basic_opt {
SDAP_SUDO_SEARCH_BASE,
SDAP_SUDO_REFRESH_ENABLED,
SDAP_SUDO_REFRESH_TIMEOUT,
+ SDAP_SUDO_FULL_REFRESH_INTERVAL,
SDAP_AUTOFS_SEARCH_BASE,
SDAP_SCHEMA,
SDAP_OFFLINE_TIMEOUT,