diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-05-07 10:59:10 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-06-19 17:21:24 +0200 |
| commit | e22e04517b9f9d0c7759dc4768eedfd05908e9b6 (patch) | |
| tree | 53b9cc9f0639ab817bb4967cfe958abfe3ecb39d | |
| parent | 070bb515321a7de091b884d9e0ab357b7b5ae578 (diff) | |
| download | sssd-e22e04517b9f9d0c7759dc4768eedfd05908e9b6.tar.gz sssd-e22e04517b9f9d0c7759dc4768eedfd05908e9b6.tar.xz sssd-e22e04517b9f9d0c7759dc4768eedfd05908e9b6.zip | |
LDAP: add ldap_user_certificate option
Related to https://fedorahosted.org/sssd/ticket/2596
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
| -rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 1 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ad.conf | 1 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ipa.conf | 1 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ldap.conf | 1 | ||||
| -rw-r--r-- | src/db/sysdb.h | 1 | ||||
| -rw-r--r-- | src/man/sssd-ldap.5.xml | 14 | ||||
| -rw-r--r-- | src/providers/ad/ad_opts.h | 1 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_opts.h | 1 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_opts.h | 3 | ||||
| -rw-r--r-- | src/providers/ldap/sdap.h | 1 |
10 files changed, 25 insertions, 0 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 0654cb63b..f2d9bf019 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -308,6 +308,7 @@ option_strings = { 'ldap_user_nds_login_allowed_time_map' : _('loginAllowedTimeMap attribute of NDS'), 'ldap_user_ssh_public_key' : _('SSH public key attribute'), 'ldap_user_auth_type' : _('attribute listing allowed authentication types for a user'), + 'ldap_user_certificate' : _('attribute containing the X509 certificate of the user'), 'ldap_user_extra_attrs' : _('A list of extra attributes to download along with the user entry'), diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf index 23194d38a..faab3a51e 100644 --- a/src/config/etc/sssd.api.d/sssd-ad.conf +++ b/src/config/etc/sssd.api.d/sssd-ad.conf @@ -94,6 +94,7 @@ ldap_user_krb_password_expiration = str, None, false ldap_pwd_attribute = str, None, false ldap_user_ssh_public_key = str, None, false ldap_user_auth_type = str, None, false +ldap_user_certificate = str, None, false ldap_group_search_base = str, None, false ldap_group_search_scope = str, None, false ldap_group_search_filter = str, None, false diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index 075a74e3a..cfcc00f6f 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -90,6 +90,7 @@ ldap_user_krb_password_expiration = str, None, false ldap_pwd_attribute = str, None, false ldap_user_ssh_public_key = str, None, false ldap_user_auth_type = str, None, false +ldap_user_certificate = str, None, false ldap_group_search_base = str, None, false ldap_group_search_scope = str, None, false ldap_group_search_filter = str, None, false diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index e27d570b8..c10290217 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -84,6 +84,7 @@ ldap_user_nds_login_expiration_time = str, None, false ldap_user_nds_login_allowed_time_map = str, None, false ldap_user_ssh_public_key = str, None, false ldap_user_auth_type = str, None, false +ldap_user_certificate = str, None, false ldap_group_search_base = str, None, false ldap_group_search_scope = str, None, false ldap_group_search_filter = str, None, false diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 63cfa5f7d..1ad8d3d0c 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -132,6 +132,7 @@ #define SYSDB_SSH_PUBKEY "sshPublicKey" #define SYSDB_AUTH_TYPE "authType" +#define SYSDB_USER_CERT "userCertificate" #define SYSDB_SUBDOMAIN_REALM "realmName" #define SYSDB_SUBDOMAIN_FLAT "flatName" diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 1b7a2609a..f14090843 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -814,6 +814,20 @@ </varlistentry> <varlistentry> + <term>ldap_user_certificate (string)</term> + <listitem> + <para> + Name of the LDAP attribute containing the X509 + certificate of the user. + </para> + <para> + Default: no set in the general case, userCertificate + for IPA + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ldap_group_object_class (string)</term> <listitem> <para> diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h index 0f03d3383..cb4c05d84 100644 --- a/src/providers/ad/ad_opts.h +++ b/src/providers/ad/ad_opts.h @@ -216,6 +216,7 @@ struct sdap_attr_map ad_2008r2_user_map[] = { { "ldap_user_nds_login_allowed_time_map", NULL, SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }, { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL }, { "ldap_user_auth_type", NULL, SYSDB_AUTH_TYPE, NULL }, + { "ldap_user_certificate", NULL, SYSDB_USER_CERT, NULL }, SDAP_ATTR_MAP_TERMINATOR }; diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index 34e9e167e..253c07153 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -203,6 +203,7 @@ struct sdap_attr_map ipa_user_map[] = { { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }, { "ldap_user_ssh_public_key", "ipaSshPubKey", SYSDB_SSH_PUBKEY, NULL }, { "ldap_user_auth_type", "ipaUserAuthType", SYSDB_AUTH_TYPE, NULL }, + { "ldap_user_certificate", "userCertificate", SYSDB_USER_CERT, NULL }, SDAP_ATTR_MAP_TERMINATOR }; diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h index f449ec7c3..c1b9bf688 100644 --- a/src/providers/ldap/ldap_opts.h +++ b/src/providers/ldap/ldap_opts.h @@ -180,6 +180,7 @@ struct sdap_attr_map rfc2307_user_map[] = { { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }, { "ldap_user_ssh_public_key", "sshPublicKey", SYSDB_SSH_PUBKEY, NULL }, { "ldap_user_auth_type", NULL, SYSDB_AUTH_TYPE, NULL }, + { "ldap_user_certificate", NULL, SYSDB_USER_CERT, NULL }, SDAP_ATTR_MAP_TERMINATOR }; @@ -235,6 +236,7 @@ struct sdap_attr_map rfc2307bis_user_map[] = { { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }, { "ldap_user_ssh_public_key", "sshPublicKey", SYSDB_SSH_PUBKEY, NULL }, { "ldap_user_auth_type", NULL, SYSDB_AUTH_TYPE, NULL }, + { "ldap_user_certificate", NULL, SYSDB_USER_CERT, NULL }, SDAP_ATTR_MAP_TERMINATOR }; @@ -290,6 +292,7 @@ struct sdap_attr_map gen_ad2008r2_user_map[] = { { "ldap_user_nds_login_allowed_time_map", NULL, SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }, { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL }, { "ldap_user_auth_type", NULL, SYSDB_AUTH_TYPE, NULL }, + { "ldap_user_certificate", NULL, SYSDB_USER_CERT, NULL }, SDAP_ATTR_MAP_TERMINATOR }; diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 6612ab200..d9b2d1863 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -281,6 +281,7 @@ enum sdap_user_attrs { SDAP_AT_NDS_LOGIN_ALLOWED_TIME_MAP, SDAP_AT_USER_SSH_PUBLIC_KEY, SDAP_AT_USER_AUTH_TYPE, + SDAP_AT_USER_CERT, SDAP_OPTS_USER /* attrs counter */ }; |