From f2b40ec8a4158fec75873828e4980965abbe7f66 Mon Sep 17 00:00:00 2001
From: Yassir Elley <yelley@redhat.com>
Date: Fri, 5 Sep 2014 18:45:12 -0400
Subject: AD-GPO: config changes for gpo_map_* options
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
 src/config/SSSDConfig/__init__.py.in   | 9 ++++++++-
 src/config/etc/sssd.api.d/sssd-ad.conf | 8 ++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

(limited to 'src/config')

diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index dc18e1e8..9a49b91b 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -170,7 +170,14 @@ option_strings = {
     'ad_enable_gc' : _('Whether to use the Global Catalog for lookups'),
     'ad_gpo_access_control' : _('Operation mode for GPO-based access control'),
     'ad_gpo_cache_timeout' : _("The amount of time between lookups of the GPO policy files against the AD server"),
-
+    'ad_gpo_map_interactive' : _('PAM service names that map to the GPO (Deny)InteractiveLogonRight policy settings'),
+    'ad_gpo_map_remote_interactive' : _('PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight policy settings'),
+    'ad_gpo_map_network' : _('PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings'),
+    'ad_gpo_map_batch' : _('PAM service names that map to the GPO (Deny)BatchLogonRight policy settings'),
+    'ad_gpo_map_service' : _('PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings'),
+    'ad_gpo_map_permit' : _('PAM service names for which GPO-based access is always granted'),
+    'ad_gpo_map_deny' : _('PAM service names for which GPO-based access is always denied'),
+    'ad_gpo_default_right' : _('Default logon right (or permit/deny) to use for unmapped PAM service names'),
     # [provider/krb5]
     'krb5_kdcip' : _('Kerberos server address'),
     'krb5_server' : _('Kerberos server address'),
diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
index b9f01bc8..5dd4fb43 100644
--- a/src/config/etc/sssd.api.d/sssd-ad.conf
+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
@@ -8,6 +8,14 @@ ad_access_filter = str, None, false
 ad_enable_gc = bool, None, false
 ad_gpo_access_control = str, None, false
 ad_gpo_cache_timeout = int, None, false
+ad_gpo_map_interactive = str, None, false
+ad_gpo_map_remote_interactive = str, None, false
+ad_gpo_map_network = str, None, false
+ad_gpo_map_batch = str, None, false
+ad_gpo_map_service = str, None, false
+ad_gpo_map_permit = str, None, false
+ad_gpo_map_deny = str, None, false
+ad_gpo_default_right = str, None, false
 ldap_uri = str, None, false
 ldap_backup_uri = str, None, false
 ldap_search_base = str, None, false
-- 
cgit