diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-27 09:48:46 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-30 14:09:10 +0200 |
commit | 825e8bf2f73a815c2eceb36ae805145fcbacf74d (patch) | |
tree | 8456d4851d62d582d64961a8939708ff13c2a051 /src/config | |
parent | 6324eaf1fb321c41ca9883966118df6d45259b7e (diff) | |
download | sssd-825e8bf2f73a815c2eceb36ae805145fcbacf74d.tar.gz sssd-825e8bf2f73a815c2eceb36ae805145fcbacf74d.tar.xz sssd-825e8bf2f73a815c2eceb36ae805145fcbacf74d.zip |
CONFDB: Allow configuring [application] sections as non-POSIX domains
Related to:
https://pagure.io/SSSD/sssd/issue/3310
Allows to add a new section:
[application/$name]
This section internally (on the confdb level) expands to:
[domain/$name]
domain_type = application
The reasons to add this new section is two-fold. One, to make the
configuration of application domains more explicit and two, to make it
possible to share configuration between two domains, one POSIX and one
non-POSIX by application domain's inherit_from option:
[application/$name]
inherit_from = posix_domain_name
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/config')
-rw-r--r-- | src/config/cfg_rules.ini | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 3c857236e..8fd2d2c52 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -12,6 +12,7 @@ section = secrets section = kcm section_re = ^secrets/users/[0-9]\+$ section_re = ^domain/.*$ +section_re = ^application/.*$ [rule/allowed_sssd_options] validator = ini_allowed_options @@ -286,7 +287,7 @@ option = responder_idle_timeout [rule/allowed_domain_options] validator = ini_allowed_options -section_re = ^domain/.*$ +section_re = ^(domain|application)/.*$ option = debug option = debug_level @@ -684,3 +685,9 @@ option = ldap_user_ssh_public_key option = ldap_user_uid_number option = ldap_user_uuid option = ldap_use_tokengroups + +[rule/allowed_application_options] +validator = ini_allowed_options +section_re = ^application/.*$ + +option = inherit_from |