From f643754db81eeade60485bbe3d80324d889cc4f3 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Thu, 12 Jan 2012 09:41:52 +0100 Subject: SUDO Integration review issues --- src/config/SSSDConfig.py | 14 ++++++++++++++ src/config/SSSDConfigTest.py | 8 +++++--- src/config/etc/sssd.api.conf | 1 + src/config/etc/sssd.api.d/sssd-ldap.conf | 14 ++++++++++++++ 4 files changed, 34 insertions(+), 3 deletions(-) (limited to 'src/config') diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index 44bfb69f5..0a73893bf 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -238,6 +238,20 @@ option_strings = { 'ldap_chpass_uri' : _('URI of an LDAP server where password changes are allowed'), 'ldap_chpass_dns_service_name' : _('DNS service name for LDAP password change server'), + # [provider/ldap/sudo] + 'ldap_sudo_search_base' : _('Base DN for sudo rules lookups'), + 'ldap_sudorule_object_class' : _('Object class for sudo rules'), + 'ldap_sudorule_name' : _('Sudo rule name'), + 'ldap_sudorule_command' : _('Sudo rule command attribute'), + 'ldap_sudorule_host' : _('Sudo rule host attribute'), + 'ldap_sudorule_user' : _('Sudo rule user attribute'), + 'ldap_sudorule_option' : _('Sudo rule option attribute'), + 'ldap_sudorule_runasuser' : _('Sudo rule runasuser attribute'), + 'ldap_sudorule_runasgroup' : _('Sudo rule runasgroup attribute'), + 'ldap_sudorule_notbefore' : _('Sudo rule notbefore attribute'), + 'ldap_sudorule_notafter' : _('Sudo rule notafter attribute'), + 'ldap_sudorule_order' : _('Sudo rule order attribute'), + # [provider/simple/access] 'simple_allow_users' : _('Comma separated list of allowed users'), 'simple_deny_users' : _('Comma separated list of prohibited users'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 8421a0914..afc207c09 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -489,7 +489,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'id_provider', 'auth_provider', 'access_provider', - 'chpass_provider'] + 'chpass_provider', + 'sudo_provider'] self.assertTrue(type(options) == dict, "Options should be a dictionary") @@ -681,7 +682,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): control_provider_dict = { 'ipa': ['id', 'auth', 'access', 'chpass'], 'local': ['id', 'auth', 'chpass'], - 'ldap': ['id', 'auth', 'access', 'chpass'], + 'ldap': ['id', 'auth', 'access', 'chpass', 'sudo'], 'krb5': ['auth', 'access', 'chpass'], 'proxy': ['id', 'auth'], 'simple': ['access'], @@ -807,7 +808,8 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'id_provider', 'auth_provider', 'access_provider', - 'chpass_provider'] + 'chpass_provider', + 'sudo_provider'] self.assertTrue(type(options) == dict, "Options should be a dictionary") diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index c2c425cef..34b67dec3 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -49,6 +49,7 @@ id_provider = str, None, true auth_provider = str, None, false access_provider = str, None, false chpass_provider = str, None, false +sudo_provider = str, None, false [domain] # Options available to all domains diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 9a89bfe2d..b155c2bc8 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -106,3 +106,17 @@ ldap_access_order = str, None, false [provider/ldap/chpass] ldap_chpass_uri = str, None, false ldap_chpass_dns_service_name = str, None, false + +[provider/ldap/sudo] +ldap_sudo_search_base = str, None, false +ldap_sudorule_object_class = str, None, false +ldap_sudorule_name = str, None, false +ldap_sudorule_command = str, None, false +ldap_sudorule_host = str, None, false +ldap_sudorule_user = str, None, false +ldap_sudorule_option = str, None, false +ldap_sudorule_runasuser = str, None, false +ldap_sudorule_runasgroup = str, None, false +ldap_sudorule_notbefore = str, None, false +ldap_sudorule_notafter = str, None, false +ldap_sudorule_order = str, None, false -- cgit