From 764d6246eea5a63b203a5dc6c905b5938d9b62e4 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 7 Jan 2010 11:49:21 -0500
Subject: Add mandatory flag to SSSD config schema

Also add list_mandatory_options() to both SSSDService and
SSSDDomain objects.

There is a new list_options_with_mandatory() function that will
return a longer tuple than list_options(), including the mandatory
flag directly.
---
 server/config/etc/sssd.api.conf              |  74 +++++++--------
 server/config/etc/sssd.api.d/sssd-ipa.conf   | 136 +++++++++++++--------------
 server/config/etc/sssd.api.d/sssd-krb5.conf  |  16 ++--
 server/config/etc/sssd.api.d/sssd-ldap.conf  | 120 +++++++++++------------
 server/config/etc/sssd.api.d/sssd-local.conf |   4 +-
 server/config/etc/sssd.api.d/sssd-proxy.conf |   4 +-
 6 files changed, 177 insertions(+), 177 deletions(-)

(limited to 'server/config/etc')

diff --git a/server/config/etc/sssd.api.conf b/server/config/etc/sssd.api.conf
index 20932679..19053538 100644
--- a/server/config/etc/sssd.api.conf
+++ b/server/config/etc/sssd.api.conf
@@ -1,59 +1,59 @@
 # Format:
-# option = type, subtype[, default]
+# option = type, subtype, mandatory[, default]
 
 [service]
 # Options available to all services
-debug_level = int, None
-debug_timestamps = bool, None
-debug_to_files = bool, None
-command = str, None
-reconnection_retries = int, None
+debug_level = int, None, false
+debug_timestamps = bool, None, false
+debug_to_files = bool, None, false
+command = str, None, false
+reconnection_retries = int, None, false
 
 [sssd]
 # Monitor service
-services = list, str, nss, pam
-domains = list, str
-timeout = int, None
-sbus_timeout = int, None
-re_expression = str, None
-full_name_format = str, None
+services = list, str, true, nss, pam
+domains = list, str, true
+timeout = int, None, false
+sbus_timeout = int, None, false
+re_expression = str, None, false
+full_name_format = str, None, false
 
 [nss]
 # Name service
-enum_cache_timeout = int, None
-entry_cache_no_wait_percentage = int, None
-entry_negative_timeout = int, None
-filter_users = list, str
-filter_groups = list, str
-filter_users_in_groups = bool, None
-pwfield = str, None
+enum_cache_timeout = int, None, false
+entry_cache_no_wait_percentage = int, None, false
+entry_negative_timeout = int, None, false
+filter_users = list, str, false
+filter_groups = list, str, false
+filter_users_in_groups = bool, None, false
+pwfield = str, None, false
 
 [pam]
 # Authentication service
-offline_credentials_expiration = int, None
-offline_failed_login_attempts = int, None
-offline_failed_login_delay = int, None
+offline_credentials_expiration = int, None, false
+offline_failed_login_attempts = int, None, false
+offline_failed_login_delay = int, None, false
 
 [provider]
 #Available provider types
-id_provider = str, None
-auth_provider = str, None
-access_provider = str, None
-chpass_provider = str, None
+id_provider = str, None, true
+auth_provider = str, None, true
+access_provider = str, None, false
+chpass_provider = str, None, false
 
 [domain]
 # Options available to all domains
-debug_level = int, None
-debug_timestamps = bool, None
-command = str, None
-min_id = int, None, 1000
-max_id = int, None
-timeout = int, None
-enumerate = bool, None, true
-cache_credentials = bool, None, false
-store_legacy_passwords = bool, None
-use_fully_qualified_names = bool, None
-entry_cache_timeout = int, None
+debug_level = int, None, false, 0
+debug_timestamps = bool, None, false
+command = str, None, false
+min_id = int, None, true, 1000
+max_id = int, None, false
+timeout = int, None, false
+enumerate = bool, None, false
+cache_credentials = bool, None, true, false
+store_legacy_passwords = bool, None, false
+use_fully_qualified_names = bool, None, false
+entry_cache_timeout = int, None, false
 
 # Special providers
 [provider/permit]
diff --git a/server/config/etc/sssd.api.d/sssd-ipa.conf b/server/config/etc/sssd.api.d/sssd-ipa.conf
index 7c1a8271..c2a12d5a 100644
--- a/server/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/server/config/etc/sssd.api.d/sssd-ipa.conf
@@ -1,77 +1,77 @@
 [provider/ipa]
-ipa_domain = str, None
-ipa_server = str, None
-ipa_hostname = str, None
-ldap_uri = str, None
-ldap_search_base = str, None
-ldap_schema = str, None
-ldap_default_bind_dn = str, None
-ldap_default_authtok_type = str, None
-ldap_default_authtok = str, None
-ldap_network_timeout = int, None
-ldap_opt_timeout = int, None
-ldap_offline_timeout = int, None
-ldap_tls_cacert = str, None
-ldap_tls_reqcert = str, None
-ldap_sasl_mech = str, None
-ldap_sasl_authid = str, None
-krb5_kdcip = str, None
-krb5_realm = str, None
-krb5_auth_timeout = int, None
-ldap_krb5_keytab = str, None
-ldap_krb5_init_creds = bool, None
-ldap_entry_usn = str, None
-ldap_rootdse_last_usn = str, None
-ldap_referrals = bool, None
+ipa_domain = str, None, true
+ipa_server = str, None, true
+ipa_hostname = str, None, false
+ldap_uri = str, None, false
+ldap_search_base = str, None, false
+ldap_schema = str, None, false
+ldap_default_bind_dn = str, None, false
+ldap_default_authtok_type = str, None, false
+ldap_default_authtok = str, None, false
+ldap_network_timeout = int, None, false
+ldap_opt_timeout = int, None, false
+ldap_offline_timeout = int, None, false
+ldap_tls_cacert = str, None, false
+ldap_tls_reqcert = str, None, false
+ldap_sasl_mech = str, None, false
+ldap_sasl_authid = str, None, false
+krb5_kdcip = str, None, false
+krb5_realm = str, None, false
+krb5_auth_timeout = int, None, false
+ldap_krb5_keytab = str, None, false
+ldap_krb5_init_creds = bool, None, false
+ldap_entry_usn = str, None, false
+ldap_rootdse_last_usn = str, None, false
+ldap_referrals = bool, None, false
 
 [provider/ipa/id]
-ldap_search_timeout = int, None
-ldap_enumeration_refresh_timeout = int, None
-ldap_purge_cache_timeout = int, None
-ldap_id_use_start_tls = bool, None
-ldap_user_search_base = str, None
-ldap_user_search_scope = str, None
-ldap_user_search_filter = str, None
-ldap_user_object_class = str, None
-ldap_user_name = str, None
-ldap_user_uid_number = str, None
-ldap_user_gid_number = str, None
-ldap_user_gecos = str, None
-ldap_user_homedir = str, None
-ldap_user_shell = str, None
-ldap_user_uuid = str, None
-ldap_user_principal = str, None
-ldap_user_fullname = str, None
-ldap_user_member_of = str, None
-ldap_user_modify_timestamp = str, None
-ldap_user_shadow_last_change = str, None
-ldap_user_shadow_min = str, None
-ldap_user_shadow_max = str, None
-ldap_user_shadow_warning = str, None
-ldap_user_shadow_inactive = str, None
-ldap_user_shadow_expire = str, None
-ldap_user_shadow_flag = str, None
-ldap_user_krb_last_pwd_change = str, None
-ldap_user_krb_password_expiration = str, None
-ldap_pwd_attribute = str, None
-ldap_group_search_base = str, None
-ldap_group_search_scope = str, None
-ldap_group_search_filter = str, None
-ldap_group_object_class = str, None
-ldap_group_name = str, None
-ldap_group_gid_number = str, None
-ldap_group_member = str, None
-ldap_group_uuid = str, None
-ldap_group_modify_timestamp = str, None
-ldap_force_upper_case_realm = bool, None
+ldap_search_timeout = int, None, false
+ldap_enumeration_refresh_timeout = int, None, false
+ldap_purge_cache_timeout = int, None, false
+ldap_id_use_start_tls = bool, None, false
+ldap_user_search_base = str, None, false
+ldap_user_search_scope = str, None, false
+ldap_user_search_filter = str, None, false
+ldap_user_object_class = str, None, false
+ldap_user_name = str, None, false
+ldap_user_uid_number = str, None, false
+ldap_user_gid_number = str, None, false
+ldap_user_gecos = str, None, false
+ldap_user_homedir = str, None, false
+ldap_user_shell = str, None, false
+ldap_user_uuid = str, None, false
+ldap_user_principal = str, None, false
+ldap_user_fullname = str, None, false
+ldap_user_member_of = str, None, false
+ldap_user_modify_timestamp = str, None, false
+ldap_user_shadow_last_change = str, None, false
+ldap_user_shadow_min = str, None, false
+ldap_user_shadow_max = str, None, false
+ldap_user_shadow_warning = str, None, false
+ldap_user_shadow_inactive = str, None, false
+ldap_user_shadow_expire = str, None, false
+ldap_user_shadow_flag = str, None, false
+ldap_user_krb_last_pwd_change = str, None, false
+ldap_user_krb_password_expiration = str, None, false
+ldap_pwd_attribute = str, None, false
+ldap_group_search_base = str, None, false
+ldap_group_search_scope = str, None, false
+ldap_group_search_filter = str, None, false
+ldap_group_object_class = str, None, false
+ldap_group_name = str, None, false
+ldap_group_gid_number = str, None, false
+ldap_group_member = str, None, false
+ldap_group_uuid = str, None, false
+ldap_group_modify_timestamp = str, None, false
+ldap_force_upper_case_realm = bool, None, false
 
 [provider/ipa/auth]
-krb5_ccachedir = str, None
-krb5_ccname_template = str, None
-krb5_keytab = str, None
-krb5_validate = bool, None
+krb5_ccachedir = str, None, false
+krb5_ccname_template = str, None, false
+krb5_keytab = str, None, false
+krb5_validate = bool, None, false
 
 [provider/ipa/access]
 
 [provider/ipa/chpass]
-krb5_changepw_principal = str, None
+krb5_changepw_principal = str, None, false
diff --git a/server/config/etc/sssd.api.d/sssd-krb5.conf b/server/config/etc/sssd.api.d/sssd-krb5.conf
index 0cf0e727..7ba0ab32 100644
--- a/server/config/etc/sssd.api.d/sssd-krb5.conf
+++ b/server/config/etc/sssd.api.d/sssd-krb5.conf
@@ -1,13 +1,13 @@
 [provider/krb5]
-krb5_kdcip = str, None
-krb5_realm = str, None
-krb5_auth_timeout = int, None
+krb5_kdcip = str, None, true
+krb5_realm = str, None, true
+krb5_auth_timeout = int, None, false
 
 [provider/krb5/auth]
-krb5_ccachedir = str, None
-krb5_ccname_template = str, None
-krb5_keytab = str, None
-krb5_validate = bool, None
+krb5_ccachedir = str, None, false
+krb5_ccname_template = str, None, false
+krb5_keytab = str, None, false
+krb5_validate = bool, None, false
 
 [provider/krb5/chpass]
-krb5_changepw_principal = str, None
+krb5_changepw_principal = str, None, false
diff --git a/server/config/etc/sssd.api.d/sssd-ldap.conf b/server/config/etc/sssd.api.d/sssd-ldap.conf
index 73b8b0dc..6758ab49 100644
--- a/server/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/server/config/etc/sssd.api.d/sssd-ldap.conf
@@ -1,68 +1,68 @@
 [provider/ldap]
-ldap_uri = str, None
-ldap_search_base = str, None
-ldap_schema = str, None, rfc2307
-ldap_default_bind_dn = str, None
-ldap_default_authtok_type = str, None
-ldap_default_authtok = str, None
-ldap_network_timeout = int, None
-ldap_opt_timeout = int, None
-ldap_offline_timeout = int, None
-ldap_tls_cacert = str, None
-ldap_tls_reqcert = str, None
-ldap_sasl_mech = str, None
-ldap_sasl_authid = str, None
-krb5_kdcip = str, None
-krb5_realm = str, None
-ldap_krb5_keytab = str, None
-ldap_krb5_init_creds = bool, None
-ldap_entry_usn = str, None
-ldap_rootdse_last_usn = str, None
-ldap_referrals = bool, None
+ldap_uri = str, None, true
+ldap_search_base = str, None, true
+ldap_schema = str, None, true, rfc2307
+ldap_default_bind_dn = str, None, false
+ldap_default_authtok_type = str, None, false
+ldap_default_authtok = str, None, false
+ldap_network_timeout = int, None, false
+ldap_opt_timeout = int, None, false
+ldap_offline_timeout = int, None, false
+ldap_tls_cacert = str, None, false
+ldap_tls_reqcert = str, None, false
+ldap_sasl_mech = str, None, false
+ldap_sasl_authid = str, None, false
+krb5_kdcip = str, None, false
+krb5_realm = str, None, false
+ldap_krb5_keytab = str, None, false
+ldap_krb5_init_creds = bool, None, false
+ldap_entry_usn = str, None, false
+ldap_rootdse_last_usn = str, None, false
+ldap_referrals = bool, None, false
 
 [provider/ldap/id]
-ldap_search_timeout = int, None
-ldap_enumeration_refresh_timeout = int, None
-ldap_purge_cache_timeout = int, None
-ldap_id_use_start_tls = bool, None, false
-ldap_user_search_base = str, None
-ldap_user_search_scope = str, None
-ldap_user_search_filter = str, None
-ldap_user_object_class = str, None
-ldap_user_name = str, None
-ldap_user_uid_number = str, None
-ldap_user_gid_number = str, None
-ldap_user_gecos = str, None
-ldap_user_homedir = str, None
-ldap_user_shell = str, None
-ldap_user_uuid = str, None
-ldap_user_principal = str, None
-ldap_user_fullname = str, None
-ldap_user_member_of = str, None
-ldap_user_modify_timestamp = str, None
-ldap_user_shadow_last_change = str, None
-ldap_user_shadow_min = str, None
-ldap_user_shadow_max = str, None
-ldap_user_shadow_warning = str, None
-ldap_user_shadow_inactive = str, None
-ldap_user_shadow_expire = str, None
-ldap_user_shadow_flag = str, None
-ldap_user_krb_last_pwd_change = str, None
-ldap_user_krb_password_expiration = str, None
-ldap_pwd_attribute = str, None
-ldap_group_search_base = str, None
-ldap_group_search_scope = str, None
-ldap_group_search_filter = str, None
-ldap_group_object_class = str, None
-ldap_group_name = str, None
-ldap_group_gid_number = str, None
-ldap_group_member = str, None
-ldap_group_uuid = str, None
-ldap_group_modify_timestamp = str, None
-ldap_force_upper_case_realm = bool, None
+ldap_search_timeout = int, None, false
+ldap_enumeration_refresh_timeout = int, None, false
+ldap_purge_cache_timeout = int, None, false
+ldap_id_use_start_tls = bool, None, true, false
+ldap_user_search_base = str, None, false
+ldap_user_search_scope = str, None, false
+ldap_user_search_filter = str, None, false
+ldap_user_object_class = str, None, false
+ldap_user_name = str, None, false
+ldap_user_uid_number = str, None, false
+ldap_user_gid_number = str, None, false
+ldap_user_gecos = str, None, false
+ldap_user_homedir = str, None, false
+ldap_user_shell = str, None, false
+ldap_user_uuid = str, None, false
+ldap_user_principal = str, None, false
+ldap_user_fullname = str, None, false
+ldap_user_member_of = str, None, false
+ldap_user_modify_timestamp = str, None, false
+ldap_user_shadow_last_change = str, None, false
+ldap_user_shadow_min = str, None, false
+ldap_user_shadow_max = str, None, false
+ldap_user_shadow_warning = str, None, false
+ldap_user_shadow_inactive = str, None, false
+ldap_user_shadow_expire = str, None, false
+ldap_user_shadow_flag = str, None, false
+ldap_user_krb_last_pwd_change = str, None, false
+ldap_user_krb_password_expiration = str, None, false
+ldap_pwd_attribute = str, None, false
+ldap_group_search_base = str, None, false
+ldap_group_search_scope = str, None, false
+ldap_group_search_filter = str, None, false
+ldap_group_object_class = str, None, false
+ldap_group_name = str, None, false
+ldap_group_gid_number = str, None, false
+ldap_group_member = str, None, false
+ldap_group_uuid = str, None, false
+ldap_group_modify_timestamp = str, None, false
+ldap_force_upper_case_realm = bool, None, false
 
 [provider/ldap/auth]
-ldap_pwd_policy = str, None
+ldap_pwd_policy = str, None, false
 
 [provider/ldap/chpass]
 
diff --git a/server/config/etc/sssd.api.d/sssd-local.conf b/server/config/etc/sssd.api.d/sssd-local.conf
index 44e25221..0686f082 100644
--- a/server/config/etc/sssd.api.d/sssd-local.conf
+++ b/server/config/etc/sssd.api.d/sssd-local.conf
@@ -1,8 +1,8 @@
 [provider/local]
 
 [provider/local/id]
-default_shell = str, None, /bin/bash
-base_directory = str, None, /home
+default_shell = str, None, true, /bin/bash
+base_directory = str, None, true, /home
 
 [provider/local/auth]
 
diff --git a/server/config/etc/sssd.api.d/sssd-proxy.conf b/server/config/etc/sssd.api.d/sssd-proxy.conf
index cc34eea2..7ecf6b33 100644
--- a/server/config/etc/sssd.api.d/sssd-proxy.conf
+++ b/server/config/etc/sssd.api.d/sssd-proxy.conf
@@ -1,7 +1,7 @@
 [provider/proxy]
 
 [provider/proxy/id]
-proxy_lib_name = str, None
+proxy_lib_name = str, None, true
 
 [provider/proxy/auth]
-proxy_pam_target = str, None
+proxy_pam_target = str, None, true
-- 
cgit