diff options
Diffstat (limited to 'ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h')
| -rw-r--r-- | ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h b/ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h index b6257726a..58a9a6c40 100644 --- a/ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h +++ b/ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h @@ -65,6 +65,10 @@ typedef struct ipa_winsync_config_struct { char *homedir_prefix_attr; char *default_group_attr; char *default_group_filter; + int acct_disable; /* see below for possible values */ + char *inactivated_filter; + char *activated_filter; + PRBool forceSync; } IPA_WinSync_Config; /* @@ -75,6 +79,8 @@ typedef struct ipa_winsync_domain_config { Slapi_Entry *domain_e; /* info is stored in this entry */ char *realm_name; /* realm name */ char *homedir_prefix; + char *inactivated_group_dn; /* DN of inactivated group */ + char *activated_group_dn; /* DN of activated group */ } IPA_WinSync_Domain_Config; void ipa_winsync_set_plugin_identity(void * identity); @@ -123,5 +129,32 @@ void ipa_winsync_config_destroy_domain(void *cbdata, const Slapi_DN *ds_subtree, #define IPA_WINSYNC_DEFAULTGROUP_FILTER_ATTR "ipaWinSyncDefaultGroupFilter" /* name of attribute holding boolean value to flatten user dns or not */ #define IPA_WINSYNC_USER_FLATTEN "ipaWinSyncUserFlatten" - +/* name of attribute holding account disable sync value */ +#define IPA_WINSYNC_ACCT_DISABLE "ipaWinSyncAcctDisable" +/* possible values of IPA_WINSYNC_ACCT_DISABLE */ +#define IPA_WINSYNC_ACCT_DISABLE_NONE "none" +#define IPA_WINSYNC_ACCT_DISABLE_TO_AD "to_ad" +#define IPA_WINSYNC_ACCT_DISABLE_TO_DS "to_ds" +#define IPA_WINSYNC_ACCT_DISABLE_BOTH "both" +/* enum representing the values above */ +enum { + ACCT_DISABLE_INVALID, /* the invalid value */ + ACCT_DISABLE_NONE, /* do not sync acct disable status */ + ACCT_DISABLE_TO_AD, /* sync only from ds to ad */ + ACCT_DISABLE_TO_DS, /* sync only from ad to ds */ + ACCT_DISABLE_BOTH /* bi-directional sync */ +}; +/* name of attributes holding the search filters to use to find + the DN of the groups that represent inactivated and activated users */ +#define IPA_WINSYNC_INACTIVATED_FILTER "ipaWinSyncInactivatedFilter" +#define IPA_WINSYNC_ACTIVATED_FILTER "ipaWinSyncActivatedFilter" +/* name of attribute holding the value of the forceSync parameter - + this is a boolean attribute - if true, all users in AD that have + a corresponding entry in the DS will be synced - there will be no + way to "turn off sync" on individual entries - if this value is + false, only users which have the ntUser objectclass and an + ntDomainUserID attribute which corresponds to an AD account + with the same value for samAccountName will be synced +*/ +#define IPA_WINSYNC_FORCE_SYNC "ipaWinSyncForceSync" #endif /* IPA_WINSYNC_H */ |