diff options
Diffstat (limited to 'src/config')
| -rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 9 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ad.conf | 8 |
2 files changed, 16 insertions, 1 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index dc18e1e82..9a49b91b9 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -170,7 +170,14 @@ option_strings = { 'ad_enable_gc' : _('Whether to use the Global Catalog for lookups'), 'ad_gpo_access_control' : _('Operation mode for GPO-based access control'), 'ad_gpo_cache_timeout' : _("The amount of time between lookups of the GPO policy files against the AD server"), - + 'ad_gpo_map_interactive' : _('PAM service names that map to the GPO (Deny)InteractiveLogonRight policy settings'), + 'ad_gpo_map_remote_interactive' : _('PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight policy settings'), + 'ad_gpo_map_network' : _('PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings'), + 'ad_gpo_map_batch' : _('PAM service names that map to the GPO (Deny)BatchLogonRight policy settings'), + 'ad_gpo_map_service' : _('PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings'), + 'ad_gpo_map_permit' : _('PAM service names for which GPO-based access is always granted'), + 'ad_gpo_map_deny' : _('PAM service names for which GPO-based access is always denied'), + 'ad_gpo_default_right' : _('Default logon right (or permit/deny) to use for unmapped PAM service names'), # [provider/krb5] 'krb5_kdcip' : _('Kerberos server address'), 'krb5_server' : _('Kerberos server address'), diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf index b9f01bc84..5dd4fb435 100644 --- a/src/config/etc/sssd.api.d/sssd-ad.conf +++ b/src/config/etc/sssd.api.d/sssd-ad.conf @@ -8,6 +8,14 @@ ad_access_filter = str, None, false ad_enable_gc = bool, None, false ad_gpo_access_control = str, None, false ad_gpo_cache_timeout = int, None, false +ad_gpo_map_interactive = str, None, false +ad_gpo_map_remote_interactive = str, None, false +ad_gpo_map_network = str, None, false +ad_gpo_map_batch = str, None, false +ad_gpo_map_service = str, None, false +ad_gpo_map_permit = str, None, false +ad_gpo_map_deny = str, None, false +ad_gpo_default_right = str, None, false ldap_uri = str, None, false ldap_backup_uri = str, None, false ldap_search_base = str, None, false |