sssd.git/src/config/SSSDConfig, branch sudo Unnamed repository; edit this file 'description' to name the repository. python: Changing class declaration from old to new-style type 2017-10-04T06:59:14+00:00 amitkuma amitkuma@redhat.com 2017-09-18T16:51:06+00:00 b07852825eeb63a78e1b3863e42b3f328430da18 Resolves: https://pagure.io/SSSD/sssd/issue/3517 Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Resolves:
https://pagure.io/SSSD/sssd/issue/3517

Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SECRETS: Add a new option to control per-UID limits 2017-09-01T18:26:45+00:00 Jakub Hrozek jhrozek@redhat.com 2017-06-05T14:10:55+00:00 6b3bab516355fdf4cc81e6da9d87ec3818ab190f Adds a new option max_uid_secrets that allows to set a limit of secrets for this particular client so that the user cannot starve other users. Resolves: https://pagure.io/SSSD/sssd/issue/3363 Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
Adds a new option max_uid_secrets that allows to set a limit of secrets
for this particular client so that the user cannot starve other users.

Resolves:
https://pagure.io/SSSD/sssd/issue/3363

Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
DESKPROFILE: Add ipa_deskprofile_request_interval 2017-08-28T18:42:27+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-08-17T17:49:22+00:00 4a311702045b065a97a0c0fc0ccc7a1fc84b38cf This option has been added to avoid contacting the Data Provider when no rules were found in the previous request. By adding this configurable option we avoid contacting the Data Provider too often in the case described above and also when the server doesn't support Desktop Profile's integration. Resolves: https://pagure.io/SSSD/sssd/issue/3482 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This option has been added to avoid contacting the Data Provider when no
rules were found in the previous request.

By adding this configurable option we avoid contacting the Data Provider
too often in the case described above and also when the server doesn't
support Desktop Profile's integration.

Resolves: https://pagure.io/SSSD/sssd/issue/3482

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
DESKPROFILE: Introduce the new IPA session provider 2017-08-28T18:41:04+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-11-01T23:15:16+00:00 f982039c75ec064894deb676ae53ee57de868590 In order to provide FleetCommander[0] integration, a session provider has been introduced for IPA. The design of this feature and more technical details can be found at [1] and [2], which are the design pages of both freeIPA and SSSD parts. As there's no way to test freeIPA integration with our upstream tests, no test has been provided yet. Is also worth to mention that the name "deskprofile" has been chosen instead of "fleetcmd" in order to match with the freeIPA plugin. It means that, for consistence, all source files, directories created, options added, functions prefixes and so on are following the choice accordingly. [0]: https://wiki.gnome.org/Projects/FleetCommander [1]: https://github.com/abbra/freeipa-desktop-profile/blob/master/plugin/Feature.mediawiki [2]: https://docs.pagure.org/SSSD.sssd/design_pages/fleet_commander_integration.html Resolves: https://pagure.io/SSSD/sssd/issue/2995 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
In order to provide FleetCommander[0] integration, a session provider
has been introduced for IPA. The design of this feature and more
technical details can be found at [1] and [2], which are the design
pages of both freeIPA and SSSD parts.

As there's no way to test freeIPA integration with our upstream tests,
no test has been provided yet.

Is also worth to mention that the name "deskprofile" has been chosen
instead of "fleetcmd" in order to match with the freeIPA plugin. It
means that, for consistence, all source files, directories created,
options added, functions prefixes and so on are following the choice
accordingly.

[0]: https://wiki.gnome.org/Projects/FleetCommander
[1]: https://github.com/abbra/freeipa-desktop-profile/blob/master/plugin/Feature.mediawiki
[2]: https://docs.pagure.org/SSSD.sssd/design_pages/fleet_commander_integration.html

Resolves:
https://pagure.io/SSSD/sssd/issue/2995

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
sudo: add a threshold option to reduce size of rules refresh filter 2017-08-18T06:52:25+00:00 Pavel Březina pbrezina@redhat.com 2017-07-11T10:41:57+00:00 a5f300adf19ec9c3087c62bd93a5175db799687a If a large number of rules is expired at one time the ldap filter may become too large to be processed by server. This commits adds a new option "sudo_threshold" to sudo responder. If the threshold is exceeded a full refreshed is done instead of rules refresh. Resolves: https://pagure.io/SSSD/sssd/issue/3478 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
If a large number of rules is expired at one time the ldap filter may
become too large to be processed by server. This commits adds a new
option "sudo_threshold" to sudo responder. If the threshold is
exceeded a full refreshed is done instead of rules refresh.

Resolves:
https://pagure.io/SSSD/sssd/issue/3478

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Fix minor typos 2017-08-16T12:39:31+00:00 Yuri Chornoivan yurchor@ukr.net 2017-07-31T12:52:51+00:00 1afc796952755f9cc96ea0b93989cd93214103a2 Merges: https://pagure.io/SSSD/sssd/pull-request/3456 Reviewed-by: Michal Židek <mzidek@redhat.com> 
Merges: https://pagure.io/SSSD/sssd/pull-request/3456

Reviewed-by: Michal Židek <mzidek@redhat.com>
Fix minor typos 2017-07-26T15:46:11+00:00 Yuri Chornoivan yurchor@ukr.net 2017-07-26T13:45:35+00:00 77e5c3fc26085f18277a70ffbd6351a8130963e7 Merges: https://pagure.io/SSSD/sssd/pull-request/3456 Reviewed-by: Michal Židek <mzidek@redhat.com> 
Merges: https://pagure.io/SSSD/sssd/pull-request/3456

Reviewed-by: Michal Židek <mzidek@redhat.com>
SSSDConfig: Fix saving of debug_level 2017-05-29T10:09:33+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-05-25T08:33:08+00:00 fca26b76f23ee4457d6796b19892ed97362b6c8d SSSDConfig internally handle debug_level as an integer. But in case of bitmask version of debug_level (>=16) it stored value as a decimal which is confusing e.g. debug_level = 8176 vs. debug_level = 0x1ff0 Resolves: https://pagure.io/SSSD/sssd/issue/3410 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
SSSDConfig internally handle debug_level as an integer.
But in case of bitmask version of debug_level (>=16)
it stored value as a decimal which is confusing
e.g.
    debug_level = 8176
vs.
    debug_level = 0x1ff0

Resolves:
https://pagure.io/SSSD/sssd/issue/3410

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SSSDConfig: Handle integer parsing more leniently 2017-05-29T10:09:17+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-05-25T08:32:59+00:00 6df5b36008fef9c1f6dcf8f31af033a467e744c7 debug_level is usually defined as decimal value <= 10 or as a hexadecimal value which is used as a bitmask Parsing of hexadecimal value was partially fixed by commit 7fac271ccebb84743c39f553eb5ec013cf1d10aa but only for sssd domains. It was not fixed for sssd services. File "/usr/share/authconfig/authinfo.py", line 3142, in writeSSSDPAM pam = self.sssdConfig.get_service('pam') File "/usr/lib/python3.6/site-packages/SSSDConfig/__init__.py", line 1620, in get_service service.set_option(opt['name'], opt['value']) File "/usr/lib/python3.6/site-packages/SSSDConfig/__init__.py", line 932, in set_option (option_schema[0], optionname, type(value))) TypeError: Expected <class 'int'> for debug_level, received <class 'str'> Resolves: https://pagure.io/SSSD/sssd/issue/3410 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
debug_level is usually defined as decimal value <= 10
or as a hexadecimal value which is used as a bitmask

Parsing of hexadecimal value was partially fixed by commit
7fac271ccebb84743c39f553eb5ec013cf1d10aa but only for
sssd domains. It was not fixed for sssd services.

  File "/usr/share/authconfig/authinfo.py", line 3142, in writeSSSDPAM
    pam = self.sssdConfig.get_service('pam')
  File "/usr/lib/python3.6/site-packages/SSSDConfig/__init__.py", line 1620, in get_service
    service.set_option(opt['name'], opt['value'])
  File "/usr/lib/python3.6/site-packages/SSSDConfig/__init__.py", line 932, in set_option
    (option_schema[0], optionname, type(value)))
TypeError: Expected <class 'int'> for debug_level, received <class 'str'>

Resolves:
https://pagure.io/SSSD/sssd/issue/3410

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
CONFIG: Add subdomain_homedir to config locations 2017-05-26T12:40:06+00:00 Justin Stephenson jstephen@redhat.com 2017-05-22T19:21:17+00:00 beab60d88fc07d463f6fb3756c8f3d29bdd78827 Option subdomain_homedir was missing from Python config API an cfg_rules leading to config file validation failures. Add this option into the necessary locations similar to other provider-generic domain options. Resolves: https://pagure.io/SSSD/sssd/issue/3389 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
Option subdomain_homedir was missing from Python config API an
cfg_rules leading to config file validation failures. Add this option
into the necessary locations similar to other provider-generic domain
options.

Resolves:
https://pagure.io/SSSD/sssd/issue/3389

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>