summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/config/SSSDConfig.py45
-rw-r--r--src/config/etc/sssd.api.d/sssd-ipa.conf7
-rw-r--r--src/config/etc/sssd.api.d/sssd-ldap.conf2
3 files changed, 47 insertions, 7 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 18d8e9d3d..de7f66a6a 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -74,7 +74,6 @@ option_strings = {
# [domain]
'min_id' : _('Minimum user ID'),
'max_id' : _('Maximum user ID'),
- 'timeout' : _('Ping timeout before restarting domain'),
'enumerate' : _('Enable enumerating all users/groups'),
'cache_credentials' : _('Cache credentials for offline login'),
'store_legacy_passwords' : _('Store password hashes'),
@@ -122,39 +121,75 @@ option_strings = {
'ldap_network_timeout' : _('Length of time to attempt connection'),
'ldap_opt_timeout' : _('Length of time to attempt synchronous LDAP operations'),
'ldap_offline_timeout' : _('Length of time between attempts to reconnect while offline'),
+ 'ldap_force_upper_case_realm' : _('Use only the upper case for realm names'),
'ldap_tls_cacert' : _('File that contains CA certificates'),
'ldap_tls_cacertdir' : _('Path to CA certificate directory'),
'ldap_tls_reqcert' : _('Require TLS certificate verification'),
'ldap_sasl_mech' : _('Specify the sasl mechanism to use'),
'ldap_sasl_authid' : _('Specify the sasl authorization id to use'),
- 'krb5_kdcip' : _('Kerberos server address'),
- 'krb5_server' : _('Kerberos server address'),
- 'krb5_realm' : _('Kerberos realm'),
'ldap_krb5_keytab' : _('Kerberos service keytab'),
'ldap_krb5_init_creds' : _('Use Kerberos auth for LDAP connection'),
'ldap_referrals' : _('Follow LDAP referrals'),
'ldap_krb5_ticket_lifetime' : _('Lifetime of TGT for LDAP connection'),
'ldap_deref' : _('How to dereference aliases'),
+ 'ldap_dns_service_name' : _('Service name for DNS service lookups'),
+
+ 'ldap_entry_usn' : _('entryUSN attribute'),
+ 'ldap_rootdse_last_usn' : _('lastUSN attribute'),
# [provider/ldap/id]
'ldap_search_timeout' : _('Length of time to wait for a search request'),
'ldap_enumeration_refresh_timeout' : _('Length of time between enumeration updates'),
+ 'ldap_purge_cache_timeout' : _('Length of time between cache cleanups'),
'ldap_id_use_start_tls' : _('Require TLS for ID lookups'),
'ldap_user_search_base' : _('Base DN for user lookups'),
'ldap_user_search_scope' : _('Scope of user lookups'),
'ldap_user_search_filter' : _('Filter for user lookups'),
'ldap_user_object_class' : _('Objectclass for users'),
'ldap_user_name' : _('Username attribute'),
+ #not used # 'ldap_user_pwd' :_('Password attribute'),
'ldap_user_uid_number' : _('UID attribute'),
'ldap_user_gid_number' : _('Primary GID attribute'),
'ldap_user_gecos' : _('GECOS attribute'),
- 'ldap_user_homedir' : _('Home directory attribute'),
+ 'ldap_user_home_directory' : _('Home directory attribute'),
'ldap_user_shell' : _('Shell attribute'),
'ldap_user_uuid' : _('UUID attribute'),
'ldap_user_principal' : _('User principal attribute (for Kerberos)'),
'ldap_user_fullname' : _('Full Name'),
'ldap_user_member_of' : _('memberOf attribute'),
'ldap_user_modify_timestamp' : _('Modification time attribute'),
+ #replaced by ldap_entry_usn# 'ldap_user_entry_usn' : _('entryUSN attribute'),
+ 'ldap_user_shadow_last_change' : _('shadowLastChange attribute'),
+ 'ldap_user_shadow_min' : _('shadowMin attribute'),
+ 'ldap_user_shadow_max' : _('shadowMax attribute'),
+ 'ldap_user_shadow_warning' : _('shadowWarning attribute'),
+ 'ldap_user_shadow_inactive' : _('shadowInactive attribute'),
+ 'ldap_user_shadow_expire' : _('shadowExpire attribute'),
+ 'ldap_user_shadow_flag' : _('shadowFlag attribute'),
+ 'ldap_user_krb_last_pwd_change' : _('krbLastPwdChange attribute'),
+ 'ldap_user_krb_password_expiration' : _('krbPasswordExpiration attribute'),
+ 'ldap_pwd_attribute' : _('Attribute indicating that server side password policies are active'),
+
+ 'ldap_group_search_base' : _('Base DN for group lookups'),
+ # not used # 'ldap_group_search_scope' : _('Scope of group lookups'),
+ # not used # 'ldap_group_search_filter' : _('Filter for group lookups'),
+ 'ldap_group_object_class' : _('Objectclass for groups'),
+ 'ldap_group_name' : _('Group name'),
+ 'ldap_group_pwd' : _('Group password'),
+ 'ldap_group_gid_number' : _('GID attribute'),
+ 'ldap_group_member' : _('Group member attribute'),
+ 'ldap_group_uuid' : _('Group UUID attribute'),
+ 'ldap_group_modify_timestamp' : _('Modification time attribute for groups'),
+ #replaced by ldap_entry_usn# 'ldap_group_entry_usn' : _('entryUSN attribute'),
+ 'ldap_group_nesting_level' : _('Maximum nesting level SSSd will follow'),
+
+ 'ldap_netgroup_search_base' : _('Base DN for netgroup lookups'),
+ 'ldap_netgroup_object_class' : _('Objectclass for netgroups'),
+ 'ldap_netgroup_name' : _('Netgroup name'),
+ 'ldap_netgroup_member' : _('Netgroups members attribute'),
+ 'ldap_netgroup_triple' : _('Netgroup triple attribute'),
+ 'ldap_netgroup_uuid' : _('Netgroup UUID attribute'),
+ 'ldap_netgroup_modify_timestamp' : _('Modification time attribute for netgroups'),
# [provider/ldap/auth]
'ldap_pwd_policy' : _('Policy to evaluate the password expiration'),
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index 7c1c35a2a..42a75551d 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -45,7 +45,7 @@ ldap_user_name = str, None, false
ldap_user_uid_number = str, None, false
ldap_user_gid_number = str, None, false
ldap_user_gecos = str, None, false
-ldap_user_homedir = str, None, false
+ldap_user_home_directory = str, None, false
ldap_user_shell = str, None, false
ldap_user_uuid = str, None, false
ldap_user_principal = str, None, false
@@ -89,6 +89,11 @@ krb5_ccname_template = str, None, false
krb5_keytab = str, None, false
krb5_validate = bool, None, false
ldap_pwd_policy = str, None, false
+krb5_store_password_if_offline = bool, None, false
+krb5_renewable_lifetime = str, None, false
+krb5_lifetime = str, None, false
+krb5_renew_interval = int, None, false
+krb5_use_fast = str, None, false
[provider/ipa/access]
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index 66f55275a..c41ff7cc6 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -38,7 +38,7 @@ ldap_user_name = str, None, false
ldap_user_uid_number = str, None, false
ldap_user_gid_number = str, None, false
ldap_user_gecos = str, None, false
-ldap_user_homedir = str, None, false
+ldap_user_home_directory = str, None, false
ldap_user_shell = str, None, false
ldap_user_uuid = str, None, false
ldap_user_principal = str, None, false