GPO: add systemd-user to gpo default permit list

Resolves:
https://fedorahosted.org/sssd/ticket/2556

Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
(cherry picked from commit b49c6abe12721ee8442be1c1bd6c15443b518ca2)

2 files changed, 8 insertions, 1 deletions

diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index b721fb73b..dcdd5758d 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -579,6 +579,11 @@ FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)
                                         sudo-i
                                     </para>
                                 </listitem>
+                                <listitem>
+                                    <para>
+                                        systemd-user
+                                    </para>
+                                </listitem>
                             </itemizedlist>
                         </para>
                     </listitem>
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index 375ef1d8a..c45b7963e 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -187,6 +187,7 @@ int ad_gpo_process_cse_recv(struct tevent_req *req);
 #define GPO_CROND "crond"
 #define GPO_SUDO "sudo"
 #define GPO_SUDO_I "sudo-i"
+#define GPO_SYSTEMD_USER "systemd-user"
 
 struct gpo_map_option_entry {
     enum gpo_map_type gpo_map_type;
@@ -203,7 +204,8 @@ const char *gpo_map_remote_interactive_defaults[] = {GPO_SSHD, NULL};
 const char *gpo_map_network_defaults[] = {GPO_FTP, GPO_SAMBA, NULL};
 const char *gpo_map_batch_defaults[] = {GPO_CROND, NULL};
 const char *gpo_map_service_defaults[] = {NULL};
-const char *gpo_map_permit_defaults[] = {GPO_SUDO, GPO_SUDO_I, NULL};
+const char *gpo_map_permit_defaults[] = {GPO_SUDO, GPO_SUDO_I,
+                                         GPO_SYSTEMD_USER,  NULL};
 const char *gpo_map_deny_defaults[] = {NULL};
 
 struct gpo_map_option_entry gpo_map_option_entries[] = {