diff options
| author | Yassir Elley <yelley@redhat.com> | 2014-09-05 18:45:12 -0400 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-09-08 17:39:53 +0200 |
| commit | f2b40ec8a4158fec75873828e4980965abbe7f66 (patch) | |
| tree | 623c1a1ca917fc94a284fe9c25b0d75e222d40a1 /src/config | |
| parent | 97216f0129366ac4850f62dac104b8d280ba517a (diff) | |
| download | sssd-f2b40ec8a4158fec75873828e4980965abbe7f66.tar.gz sssd-f2b40ec8a4158fec75873828e4980965abbe7f66.tar.xz sssd-f2b40ec8a4158fec75873828e4980965abbe7f66.zip | |
AD-GPO: config changes for gpo_map_* options
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/config')
| -rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 9 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ad.conf | 8 |
2 files changed, 16 insertions, 1 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index dc18e1e82..9a49b91b9 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -170,7 +170,14 @@ option_strings = { 'ad_enable_gc' : _('Whether to use the Global Catalog for lookups'), 'ad_gpo_access_control' : _('Operation mode for GPO-based access control'), 'ad_gpo_cache_timeout' : _("The amount of time between lookups of the GPO policy files against the AD server"), - + 'ad_gpo_map_interactive' : _('PAM service names that map to the GPO (Deny)InteractiveLogonRight policy settings'), + 'ad_gpo_map_remote_interactive' : _('PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight policy settings'), + 'ad_gpo_map_network' : _('PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings'), + 'ad_gpo_map_batch' : _('PAM service names that map to the GPO (Deny)BatchLogonRight policy settings'), + 'ad_gpo_map_service' : _('PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings'), + 'ad_gpo_map_permit' : _('PAM service names for which GPO-based access is always granted'), + 'ad_gpo_map_deny' : _('PAM service names for which GPO-based access is always denied'), + 'ad_gpo_default_right' : _('Default logon right (or permit/deny) to use for unmapped PAM service names'), # [provider/krb5] 'krb5_kdcip' : _('Kerberos server address'), 'krb5_server' : _('Kerberos server address'), diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf index b9f01bc84..5dd4fb435 100644 --- a/src/config/etc/sssd.api.d/sssd-ad.conf +++ b/src/config/etc/sssd.api.d/sssd-ad.conf @@ -8,6 +8,14 @@ ad_access_filter = str, None, false ad_enable_gc = bool, None, false ad_gpo_access_control = str, None, false ad_gpo_cache_timeout = int, None, false +ad_gpo_map_interactive = str, None, false +ad_gpo_map_remote_interactive = str, None, false +ad_gpo_map_network = str, None, false +ad_gpo_map_batch = str, None, false +ad_gpo_map_service = str, None, false +ad_gpo_map_permit = str, None, false +ad_gpo_map_deny = str, None, false +ad_gpo_default_right = str, None, false ldap_uri = str, None, false ldap_backup_uri = str, None, false ldap_search_base = str, None, false |