diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/config/SSSDConfigTest.py | 29 | ||||
-rw-r--r-- | server/config/etc/sssd.api.conf | 25 | ||||
-rw-r--r-- | server/config/etc/sssd.api.d/sssd-ldap.conf | 35 |
3 files changed, 68 insertions, 21 deletions
diff --git a/server/config/SSSDConfigTest.py b/server/config/SSSDConfigTest.py index b597f760..2a00a99f 100644 --- a/server/config/SSSDConfigTest.py +++ b/server/config/SSSDConfigTest.py @@ -204,10 +204,13 @@ class SSSDConfigTestSSSDService(unittest.TestCase): 'config_file_version', 'services', 'domains', + 'timeout', 'sbus_timeout', 're_expression', 'full_name_format', 'debug_level', + 'debug_timestamps', + 'debug_to_files', 'command', 'reconnection_retries'] @@ -313,9 +316,6 @@ class SSSDConfigTestSSSDService(unittest.TestCase): control_list = [ 'config_file_version', 'services', - 'sbus_timeout', - 're_expression', - 'full_name_format', 'debug_level', 'reconnection_retries'] @@ -413,9 +413,11 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'min_id', 'max_id', 'timeout', + 'command', 'magic_private_groups', 'enumerate', 'cache_credentials', + 'store_legacy_passwords', 'use_fully_qualified_names', 'id_provider', 'auth_provider', @@ -526,13 +528,23 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): domain = SSSDConfig.SSSDDomain('sssd', self.schema) control_provider_dict = { + 'local': ('id', 'auth', 'access', 'chpass'), + 'ldap': ('id', 'auth', 'chpass'), 'krb5': ('auth', 'access', 'chpass'), - 'local': ('auth', 'chpass', 'access', 'id'), - 'ldap': ('id', 'auth')} + 'proxy': ('id', 'auth')} providers = domain.list_providers() - self.assertEqual(providers, control_provider_dict) + # Ensure that all of the expected defaults are there + for provider in control_provider_dict.keys(): + for ptype in control_provider_dict[provider]: + self.assertTrue(providers.has_key(provider)) + self.assertTrue(ptype in providers[provider]) + + for provider in providers.keys(): + for ptype in providers[provider]: + self.assertTrue(control_provider_dict.has_key(provider)) + self.assertTrue(ptype in control_provider_dict[provider]) def testListProviderOptions(self): domain = SSSDConfig.SSSDDomain('sssd', self.schema) @@ -620,9 +632,11 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'min_id', 'max_id', 'timeout', + 'command', 'magic_private_groups', 'enumerate', 'cache_credentials', + 'store_legacy_passwords', 'use_fully_qualified_names', 'id_provider', 'auth_provider', @@ -943,9 +957,6 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase): control_list = [ 'config_file_version', 'services', - 'sbus_timeout', - 're_expression', - 'full_name_format', 'debug_level', 'reconnection_retries'] for option in control_list: diff --git a/server/config/etc/sssd.api.conf b/server/config/etc/sssd.api.conf index 04634ca5..99e87b91 100644 --- a/server/config/etc/sssd.api.conf +++ b/server/config/etc/sssd.api.conf @@ -4,6 +4,8 @@ [service] # Options available to all services debug_level = int, None, 0 +debug_timestamps = bool, None +debug_to_files = bool, None command = str, None reconnection_retries = int, None, 3 @@ -12,19 +14,20 @@ reconnection_retries = int, None, 3 config_file_version = int, None, 2 services = list, str, nss, pam domains = list, str -sbus_timeout = int, None, -1 -re_expression = str, None, (?P<name>[^@]+)@?(?P<domain>[^@]*$) -full_name_format = str, None, %1$s@%2$s +timeout = int, None +sbus_timeout = int, None +re_expression = str, None +full_name_format = str, None [nss] # Name service -nss_enum_cache_timeout = int, None -nss_entry_cache_timeout = int, None -nss_entry_cache_no_wait_timeout = int, None -nss_entry_negative_timeout = int, None -nss_filter_users = list, str, root -nss_filter_groups = list, str, root -nss_filter_users_in_groups = bool, None, true +enum_cache_timeout = int, None +entry_cache_timeout = int, None +entry_cache_no_wait_timeout = int, None +entry_negative_timeout = int, None +filter_users = list, str, root +filter_groups = list, str, root +filter_users_in_groups = bool, None, true [pam] # Authentication service @@ -39,10 +42,12 @@ chpass_provider = str, None [domain] # Options available to all domains debug_level = int, None, 0 +command = str, None min_id = int, None, 1000 max_id = int, None timeout = int, None, 0 magic_private_groups = bool, None, false enumerate = bool, None, true cache_credentials = bool, None, false +store_legacy_passwords = bool, None, false use_fully_qualified_names = bool, None, false diff --git a/server/config/etc/sssd.api.d/sssd-ldap.conf b/server/config/etc/sssd.api.d/sssd-ldap.conf index 700de021..3aa1fb05 100644 --- a/server/config/etc/sssd.api.d/sssd-ldap.conf +++ b/server/config/etc/sssd.api.d/sssd-ldap.conf @@ -6,10 +6,24 @@ ldap_default_authtok_type = str, None ldap_default_authtok = str, None ldap_network_timeout = int, None ldap_opt_timeout = int, None +ldap_offline_timeout = int, None +ldap_stale_time = int, None +ldap_tls_cacert = str, None ldap_tls_reqcert = str, None +ldap_sasl_mech = str, None +ldap_sasl_authid = str, None +krb5_kdcip = str, None +krb5_realm = str, None +ldap_krb5_keytab = str, None +ldap_krb5_init_creds = bool, None [provider/ldap/id] +ldap_search_timeout = int, None +ldap_enumeration_refresh_timeout = int, None +ldap_id_use_start_tls = bool, None, false ldap_user_search_base = str, None +ldap_user_search_scope = str, None +ldap_user_search_filter = str, None ldap_user_object_class = str, None ldap_user_name = str, None ldap_user_uid_number = str, None @@ -20,13 +34,30 @@ ldap_user_shell = str, None ldap_user_uuid = str, None ldap_user_principal = str, None ldap_user_fullname = str, None -ldap_user_memberof = str, None +ldap_user_member_of = str, None +ldap_user_modify_timestamp = str, None +ldap_user_shadow_last_change = str, None +ldap_user_shadow_min = str, None +ldap_user_shadow_max = str, None +ldap_user_shadow_warning = str, None +ldap_user_shadow_inactive = str, None +ldap_user_shadow_expire = str, None +ldap_user_shadow_flag = str, None +ldap_user_krb_last_pwd_change = str, None +ldap_user_krb_password_expiration = str, None +ldap_pwd_attribute = str, None ldap_group_search_base = str, None +ldap_group_search_scope = str, None +ldap_group_search_filter = str, None ldap_group_object_class = str, None ldap_group_name = str, None ldap_group_gid_number = str, None ldap_group_member = str, None -ldap_group_UUID = str, None +ldap_group_uuid = str, None +ldap_group_modify_timestamp = str, None ldap_force_upper_case_realm = bool, None [provider/ldap/auth] + +[provider/ldap/chpass] + |