diff options
-rw-r--r-- | src/config/SSSDConfig.py | 45 | ||||
-rw-r--r-- | src/config/etc/sssd.api.d/sssd-ipa.conf | 7 | ||||
-rw-r--r-- | src/config/etc/sssd.api.d/sssd-ldap.conf | 2 |
3 files changed, 47 insertions, 7 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index 18d8e9d3d..de7f66a6a 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -74,7 +74,6 @@ option_strings = { # [domain] 'min_id' : _('Minimum user ID'), 'max_id' : _('Maximum user ID'), - 'timeout' : _('Ping timeout before restarting domain'), 'enumerate' : _('Enable enumerating all users/groups'), 'cache_credentials' : _('Cache credentials for offline login'), 'store_legacy_passwords' : _('Store password hashes'), @@ -122,39 +121,75 @@ option_strings = { 'ldap_network_timeout' : _('Length of time to attempt connection'), 'ldap_opt_timeout' : _('Length of time to attempt synchronous LDAP operations'), 'ldap_offline_timeout' : _('Length of time between attempts to reconnect while offline'), + 'ldap_force_upper_case_realm' : _('Use only the upper case for realm names'), 'ldap_tls_cacert' : _('File that contains CA certificates'), 'ldap_tls_cacertdir' : _('Path to CA certificate directory'), 'ldap_tls_reqcert' : _('Require TLS certificate verification'), 'ldap_sasl_mech' : _('Specify the sasl mechanism to use'), 'ldap_sasl_authid' : _('Specify the sasl authorization id to use'), - 'krb5_kdcip' : _('Kerberos server address'), - 'krb5_server' : _('Kerberos server address'), - 'krb5_realm' : _('Kerberos realm'), 'ldap_krb5_keytab' : _('Kerberos service keytab'), 'ldap_krb5_init_creds' : _('Use Kerberos auth for LDAP connection'), 'ldap_referrals' : _('Follow LDAP referrals'), 'ldap_krb5_ticket_lifetime' : _('Lifetime of TGT for LDAP connection'), 'ldap_deref' : _('How to dereference aliases'), + 'ldap_dns_service_name' : _('Service name for DNS service lookups'), + + 'ldap_entry_usn' : _('entryUSN attribute'), + 'ldap_rootdse_last_usn' : _('lastUSN attribute'), # [provider/ldap/id] 'ldap_search_timeout' : _('Length of time to wait for a search request'), 'ldap_enumeration_refresh_timeout' : _('Length of time between enumeration updates'), + 'ldap_purge_cache_timeout' : _('Length of time between cache cleanups'), 'ldap_id_use_start_tls' : _('Require TLS for ID lookups'), 'ldap_user_search_base' : _('Base DN for user lookups'), 'ldap_user_search_scope' : _('Scope of user lookups'), 'ldap_user_search_filter' : _('Filter for user lookups'), 'ldap_user_object_class' : _('Objectclass for users'), 'ldap_user_name' : _('Username attribute'), + #not used # 'ldap_user_pwd' :_('Password attribute'), 'ldap_user_uid_number' : _('UID attribute'), 'ldap_user_gid_number' : _('Primary GID attribute'), 'ldap_user_gecos' : _('GECOS attribute'), - 'ldap_user_homedir' : _('Home directory attribute'), + 'ldap_user_home_directory' : _('Home directory attribute'), 'ldap_user_shell' : _('Shell attribute'), 'ldap_user_uuid' : _('UUID attribute'), 'ldap_user_principal' : _('User principal attribute (for Kerberos)'), 'ldap_user_fullname' : _('Full Name'), 'ldap_user_member_of' : _('memberOf attribute'), 'ldap_user_modify_timestamp' : _('Modification time attribute'), + #replaced by ldap_entry_usn# 'ldap_user_entry_usn' : _('entryUSN attribute'), + 'ldap_user_shadow_last_change' : _('shadowLastChange attribute'), + 'ldap_user_shadow_min' : _('shadowMin attribute'), + 'ldap_user_shadow_max' : _('shadowMax attribute'), + 'ldap_user_shadow_warning' : _('shadowWarning attribute'), + 'ldap_user_shadow_inactive' : _('shadowInactive attribute'), + 'ldap_user_shadow_expire' : _('shadowExpire attribute'), + 'ldap_user_shadow_flag' : _('shadowFlag attribute'), + 'ldap_user_krb_last_pwd_change' : _('krbLastPwdChange attribute'), + 'ldap_user_krb_password_expiration' : _('krbPasswordExpiration attribute'), + 'ldap_pwd_attribute' : _('Attribute indicating that server side password policies are active'), + + 'ldap_group_search_base' : _('Base DN for group lookups'), + # not used # 'ldap_group_search_scope' : _('Scope of group lookups'), + # not used # 'ldap_group_search_filter' : _('Filter for group lookups'), + 'ldap_group_object_class' : _('Objectclass for groups'), + 'ldap_group_name' : _('Group name'), + 'ldap_group_pwd' : _('Group password'), + 'ldap_group_gid_number' : _('GID attribute'), + 'ldap_group_member' : _('Group member attribute'), + 'ldap_group_uuid' : _('Group UUID attribute'), + 'ldap_group_modify_timestamp' : _('Modification time attribute for groups'), + #replaced by ldap_entry_usn# 'ldap_group_entry_usn' : _('entryUSN attribute'), + 'ldap_group_nesting_level' : _('Maximum nesting level SSSd will follow'), + + 'ldap_netgroup_search_base' : _('Base DN for netgroup lookups'), + 'ldap_netgroup_object_class' : _('Objectclass for netgroups'), + 'ldap_netgroup_name' : _('Netgroup name'), + 'ldap_netgroup_member' : _('Netgroups members attribute'), + 'ldap_netgroup_triple' : _('Netgroup triple attribute'), + 'ldap_netgroup_uuid' : _('Netgroup UUID attribute'), + 'ldap_netgroup_modify_timestamp' : _('Modification time attribute for netgroups'), # [provider/ldap/auth] 'ldap_pwd_policy' : _('Policy to evaluate the password expiration'), diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index 7c1c35a2a..42a75551d 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -45,7 +45,7 @@ ldap_user_name = str, None, false ldap_user_uid_number = str, None, false ldap_user_gid_number = str, None, false ldap_user_gecos = str, None, false -ldap_user_homedir = str, None, false +ldap_user_home_directory = str, None, false ldap_user_shell = str, None, false ldap_user_uuid = str, None, false ldap_user_principal = str, None, false @@ -89,6 +89,11 @@ krb5_ccname_template = str, None, false krb5_keytab = str, None, false krb5_validate = bool, None, false ldap_pwd_policy = str, None, false +krb5_store_password_if_offline = bool, None, false +krb5_renewable_lifetime = str, None, false +krb5_lifetime = str, None, false +krb5_renew_interval = int, None, false +krb5_use_fast = str, None, false [provider/ipa/access] diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 66f55275a..c41ff7cc6 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -38,7 +38,7 @@ ldap_user_name = str, None, false ldap_user_uid_number = str, None, false ldap_user_gid_number = str, None, false ldap_user_gecos = str, None, false -ldap_user_homedir = str, None, false +ldap_user_home_directory = str, None, false ldap_user_shell = str, None, false ldap_user_uuid = str, None, false ldap_user_principal = str, None, false |