__init__.py.in revision e04df9feca0c9877c69aa46450d04c556bcb23ad
45726939a48e605b0166521f94300ae04981a3a7Sumit BoseCreated on Sep 18, 2009
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose@author: sgallagh
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseimport gettext
45726939a48e605b0166521f94300ae04981a3a7Sumit Bosefrom .ipachangeconf import SSSDChangeConf
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass SSSDConfigException(Exception): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass ParsingError(Exception): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass AlreadyInitializedError(SSSDConfigException): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass NotInitializedError(SSSDConfigException): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass NoOutputFileError(SSSDConfigException): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass NoServiceError(SSSDConfigException): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass NoSectionError(SSSDConfigException): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass NoOptionError(SSSDConfigException): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass ServiceNotRecognizedError(SSSDConfigException): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass ServiceAlreadyExists(SSSDConfigException): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass NoDomainError(SSSDConfigException): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass DomainNotRecognized(SSSDConfigException): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass DomainAlreadyExistsError(SSSDConfigException): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass NoSuchProviderError(SSSDConfigException): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass NoSuchProviderSubtypeError(SSSDConfigException): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass ProviderSubtypeInUse(SSSDConfigException): pass
45726939a48e605b0166521f94300ae04981a3a7Sumit BosePACKAGE = 'sss_daemon'
45726939a48e605b0166521f94300ae04981a3a7Sumit Bosetranslation = gettext.translation(PACKAGE, LOCALEDIR, fallback=True)
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose# TODO: This needs to be made external
544a20de7667f05c1a406c4dea0706b0ab507430Sumit Boseoption_strings = {
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'debug' : _('Set the verbosity of the debug logging'),
cc2d77d5218c188119fa954c856e858cbde76947Pavel Březina 'debug_level' : _('Set the verbosity of the debug logging'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'debug_timestamps' : _('Include timestamps in debug logs'),
544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose 'debug_microseconds' : _('Include microseconds in timestamps in debug logs'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'debug_to_files' : _('Write debug messages to logfiles'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'timeout' : _('Watchdog timeout before restarting service'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'force_timeout' : _('Timeout between three failed ping checks and forcibly killing the service'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'command' : _('Command to start service'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'reconnection_retries' : _('Number of times to attempt connection to Data Providers'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'fd_limit' : _('The number of file descriptors that may be opened by this responder'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'client_idle_timeout' : _('Idle time before automatic disconnection of a client'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'services' : _('SSSD Services to start'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'domains' : _('SSSD Domains to start'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'sbus_timeout' : _('Timeout for messages sent over the SBUS'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 're_expression' : _('Regex to parse username and domain'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'full_name_format' : _('Printf-compatible format for displaying fully-qualified names'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_rcache_dir' : _('Directory on the filesystem where SSSD should store Kerberos replay cache files.'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'default_domain_suffix' : _('Domain to add to names without a domain component.'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'user' : _('The user to drop privileges to'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'certificate_verification' : _('Tune certificate verification'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'override_space': _('All spaces in group or user names will be replaced with this character'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'enum_cache_timeout' : _('Enumeration cache timeout length (seconds)'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'entry_cache_no_wait_timeout' : _('Entry cache background update timeout length (seconds)'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'entry_negative_timeout' : _('Negative cache timeout length (seconds)'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'local_negative_timeout' : _('Files negative cache timeout length (seconds)'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'filter_users' : _('Users that SSSD should explicitly ignore'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'filter_groups' : _('Groups that SSSD should explicitly ignore'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'filter_users_in_groups' : _('Should filtered users appear in groups'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'pwfield' : _('The value of the password field the NSS provider should return'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'override_homedir' : _('Override homedir value from the identity provider with this value'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'fallback_homedir' : _('Substitute empty homedir value from the identity provider with this value'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'override_shell': _('Override shell value from the identity provider with this value'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'allowed_shells' : _('The list of shells users are allowed to log in with'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'vetoed_shells' : _('The list of shells that will be vetoed, and replaced with the fallback shell'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'shell_fallback' : _('If a shell stored in central directory is allowed but not available, use this fallback'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'default_shell': _('Shell to use if the provider does not list one'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'memcache_timeout': _('How long will be in-memory cache records valid'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'user_attributes': _('List of user attributes the NSS responder is allowed to publish'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'offline_credentials_expiration' : _('How long to allow cached logins between online logins (days)'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'offline_failed_login_attempts' : _('How many failed logins attempts are allowed when offline'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'offline_failed_login_delay' : _('How long (minutes) to deny login after offline_failed_login_attempts has been reached'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'pam_verbosity' : _('What kind of messages are displayed to the user during authentication'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'pam_id_timeout' : _('How many seconds to keep identity information cached for PAM requests'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'pam_pwd_expiration_warning' : _('How many days before password expiration a warning should be displayed'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'pam_trusted_users' : _('List of trusted uids or user\'s name'),
aa35995ef056aa8ae052a47c62c6750b7adf065eSumit Bose 'pam_public_domains' : _('List of domains accessible even for untrusted users.'),
aa35995ef056aa8ae052a47c62c6750b7adf065eSumit Bose 'pam_account_expired_message' : _('Message printed when user account is expired.'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'pam_account_locked_message' : _('Message printed when user account is locked.'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'pam_cert_auth' : _('Allow certificate based/Smartcard authentication.'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'pam_cert_db_path' : _('Path to certificate databse with PKCS#11 modules.'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'p11_child_timeout' : _('How many seconds will pam_sss wait for p11_child to finish'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'sudo_timed' : _('Whether to evaluate the time-based attributes in sudo rules'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'sudo_inverse_order' : _('If true, SSSD will switch back to lower-wins ordering logic'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'autofs_negative_timeout' : _('Negative cache timeout length (seconds)'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ssh_hash_known_hosts': _('Whether to hash host names and addresses in the known_hosts file'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ssh_known_hosts_timeout': _('How many seconds to keep a host in the known_hosts file after its host keys were requested'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ca_db': _('Path to storage of trusted CA certificates'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'allowed_uids': _('List of UIDs or user names allowed to access the PAC responder'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'pac_lifetime': _('How long the PAC data is considered valid'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'allowed_uids': _('List of UIDs or user names allowed to access the InfoPipe responder'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'user_attributes': _('List of user attributes the InfoPipe is allowed to publish'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose # [provider]
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'id_provider' : _('Identity provider'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'auth_provider' : _('Authentication provider'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'access_provider' : _('Access control provider'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'chpass_provider' : _('Password change provider'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'sudo_provider' : _('SUDO provider'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'autofs_provider' : _('Autofs provider'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'hostid_provider' : _('Host identity provider'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'selinux_provider' : _('SELinux provider'),
ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3Sumit Bose 'min_id' : _('Minimum user ID'),
ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3Sumit Bose 'max_id' : _('Maximum user ID'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'enumerate' : _('Enable enumerating all users/groups'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'cache_credentials' : _('Cache credentials for offline login'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'store_legacy_passwords' : _('Store password hashes'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'use_fully_qualified_names' : _('Display users/groups in fully-qualified form'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ignore_group_members' : _('Don\'t include group members in group lookups'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'entry_cache_timeout' : _('Entry cache timeout length (seconds)'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'dns_discovery_domain' : _('The domain part of service discovery DNS query'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'override_gid' : _('Override GID value from the identity provider with this value'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'case_sensitive' : _('Treat usernames as case sensitive'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'entry_cache_user_timeout' : _('Entry cache timeout length (seconds)'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'entry_cache_group_timeout' : _('Entry cache timeout length (seconds)'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'entry_cache_netgroup_timeout' : _('Entry cache timeout length (seconds)'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'entry_cache_service_timeout' : _('Entry cache timeout length (seconds)'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'entry_cache_autofs_timeout' : _('Entry cache timeout length (seconds)'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'entry_cache_sudo_timeout' : _('Entry cache timeout length (seconds)'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'refresh_expired_interval' : _('How often should expired entries be refreshed in background'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'dyndns_update' : _("Whether to automatically update the client's DNS entry"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'dyndns_ttl' : _("The TTL to apply to the client's DNS entry after updating it"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'dyndns_iface' : _("The interface whose IP should be used for dynamic DNS updates"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'dyndns_refresh_interval' : _("How often to periodically update the client's DNS entry"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'dyndns_update_ptr' : _("Whether the provider should explicitly update the PTR record as well"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'dyndns_force_tcp' : _("Whether the nsupdate utility should default to using TCP"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'dyndns_auth' : _("What kind of authentication should be used to perform the DNS update"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'dyndns_server' : _("Override the DNS server used to perform the DNS update"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'subdomain_enumerate' : _('Control enumeration of trusted domains'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'subdomain_refresh_interval' : _('How often should subdomains list be refreshed'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'subdomain_inherit' : _('List of options that should be inherited into a subdomain'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'cached_auth_timeout' : _('How long can cached credentials be used for cached authentication'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'full_name_format' : _('Printf-compatible format for displaying fully-qualified names'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 're_expression' : _('Regex to parse username and domain'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ipa_domain' : _('IPA domain'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ipa_server' : _('IPA server address'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ipa_backup_server' : _('Address of backup IPA server'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ipa_hostname' : _('IPA client hostname'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ipa_dyndns_update' : _("Whether to automatically update the client's DNS entry in FreeIPA"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ipa_dyndns_ttl' : _("The TTL to apply to the client's DNS entry after updating it"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ipa_dyndns_iface' : _("The interface whose IP should be used for dynamic DNS updates"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ipa_hbac_search_base' : _("Search base for HBAC related objects"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ipa_hbac_refresh' : _("The amount of time between lookups of the HBAC rules against the IPA server"),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ipa_selinux_refresh' : _("The amount of time in seconds between lookups of the SELinux maps against the IPA server"),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ipa_hbac_support_srchost' : _("If set to false, host argument given by PAM will be ignored"),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ipa_automount_location' : _("The automounter location this IPA client is using"),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ipa_master_domain_search_base': _("Search base for object containing info about IPA domain"),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ipa_ranges_search_base': _("Search base for objects containing info about ID ranges"),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ipa_enable_dns_sites': _("Enable DNS sites - location based service discovery"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ipa_views_search_base': _("Search base for view containers"),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ipa_view_class': _("Objectclass for view containers"),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ipa_view_name': _("Attribute with the name of the view"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ipa_overide_object_class': _("Objectclass for override objects"),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ipa_anchor_uuid': _("Attribute with the reference to the original object"),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ipa_user_override_object_class': _("Objectclass for user override objects"),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ipa_group_override_object_class': _("Objectclass for group override objects"),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ad_domain' : _('Active Directory domain'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ad_enabled_domains' : _('Enabled Active Directory domains'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ad_server' : _('Active Directory server address'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ad_backup_server' : _('Active Directory backup server address'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ad_hostname' : _('Active Directory client hostname'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ad_enable_dns_sites' : _('Enable DNS sites - location based service discovery'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ad_access_filter' : _('LDAP filter to determine access privileges'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ad_enable_gc' : _('Whether to use the Global Catalog for lookups'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ad_gpo_access_control' : _('Operation mode for GPO-based access control'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ad_gpo_cache_timeout' : _("The amount of time between lookups of the GPO policy files against the AD server"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ad_gpo_map_interactive' : _('PAM service names that map to the GPO (Deny)InteractiveLogonRight policy settings'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ad_gpo_map_remote_interactive' : _('PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight policy settings'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ad_gpo_map_network' : _('PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ad_gpo_map_batch' : _('PAM service names that map to the GPO (Deny)BatchLogonRight policy settings'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ad_gpo_map_service' : _('PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings'),
ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3Sumit Bose 'ad_gpo_map_permit' : _('PAM service names for which GPO-based access is always granted'),
ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3Sumit Bose 'ad_gpo_map_deny' : _('PAM service names for which GPO-based access is always denied'),
ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3Sumit Bose 'ad_gpo_default_right' : _('Default logon right (or permit/deny) to use for unmapped PAM service names'),
ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3Sumit Bose 'ad_site' : _('a particular site to be used by the client'),
ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3Sumit Bose 'ad_maximum_machine_account_password_age' : _('Maximum age in days before the machine account password should be renewed'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ad_machine_account_password_renewal_opts' : _('Option for tuing the machine account renewal task'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_kdcip' : _('Kerberos server address'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_server' : _('Kerberos server address'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_backup_server' : _('Kerberos backup server address'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_realm' : _('Kerberos realm'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_auth_timeout' : _('Authentication timeout'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_use_kdcinfo' : _('Whether to create kdcinfo files'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_confd_path' : _('Where to drop krb5 config snippets'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_ccachedir' : _('Directory to store credential caches'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_ccname_template' : _("Location of the user's credential cache"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_keytab' : _("Location of the keytab to validate credentials"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_validate' : _("Enable credential validation"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_store_password_if_offline' : _("Store password if offline for later online authentication"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_renewable_lifetime' : _("Renewable lifetime of the TGT"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_lifetime' : _("Lifetime of the TGT"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_renew_interval' : _("Time between two checks for renewal"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_use_fast' : _("Enables FAST"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_fast_principal' : _("Selects the principal to use for FAST"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_canonicalize' : _("Enables principal canonicalization"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_use_enterprise_principal' : _("Enables enterprise principals"),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_map_user' : _('A mapping from user names to kerberos principal names'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_kpasswd' : _('Server where the change password service is running if not on the KDC'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'krb5_backup_kpasswd' : _('Server where the change password service is running if not on the KDC'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_uri' : _('ldap_uri, The URI of the LDAP server'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_backup_uri' : _('ldap_backup_uri, The URI of the LDAP server'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_search_base' : _('The default base DN'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_schema' : _('The Schema Type in use on the LDAP server, rfc2307'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_default_bind_dn' : _('The default bind DN'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_default_authtok_type' : _('The type of the authentication token of the default bind DN'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_default_authtok' : _('The authentication token of the default bind DN'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_network_timeout' : _('Length of time to attempt connection'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_opt_timeout' : _('Length of time to attempt synchronous LDAP operations'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_offline_timeout' : _('Length of time between attempts to reconnect while offline'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_force_upper_case_realm' : _('Use only the upper case for realm names'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_tls_cacert' : _('File that contains CA certificates'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_tls_cacertdir' : _('Path to CA certificate directory'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_tls_cert' : _('File that contains the client certificate'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_tls_key' :_('File that contains the client key'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_tls_cipher_suite' :_('List of possible ciphers suites'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_tls_reqcert' : _('Require TLS certificate verification'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_sasl_mech' : _('Specify the sasl mechanism to use'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_sasl_authid' : _('Specify the sasl authorization id to use'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_sasl_realm' : _('Specify the sasl authorization realm to use'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_sasl_minssf' : _('Specify the minimal SSF for LDAP sasl authorization'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_krb5_keytab' : _('Kerberos service keytab'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_krb5_init_creds' : _('Use Kerberos auth for LDAP connection'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_referrals' : _('Follow LDAP referrals'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_krb5_ticket_lifetime' : _('Lifetime of TGT for LDAP connection'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_deref' : _('How to dereference aliases'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_dns_service_name' : _('Service name for DNS service lookups'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_page_size' : _('The number of records to retrieve in a single LDAP query'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_deref_threshold' : _('The number of members that must be missing to trigger a full deref'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_sasl_canonicalize' : _('Whether the LDAP library should perform a reverse lookup to canonicalize the host name during a SASL bind'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_entry_usn' : _('entryUSN attribute'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_rootdse_last_usn' : _('lastUSN attribute'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_connection_expiration_timeout' : _('How long to retain a connection to the LDAP server before disconnecting'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_disable_paging' : _('Disable the LDAP paging control'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_disable_range_retrieval' : _('Disable Active Directory range retrieval'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_search_timeout' : _('Length of time to wait for a search request'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_enumeration_search_timeout' : _('Length of time to wait for a enumeration request'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_enumeration_refresh_timeout' : _('Length of time between enumeration updates'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_purge_cache_timeout' : _('Length of time between cache cleanups'),
aa35995ef056aa8ae052a47c62c6750b7adf065eSumit Bose 'ldap_id_use_start_tls' : _('Require TLS for ID lookups'),
544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose 'ldap_id_mapping' : _('Use ID-mapping of objectSID instead of pre-set IDs'),
544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose 'ldap_user_search_base' : _('Base DN for user lookups'),
544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose 'ldap_user_search_scope' : _('Scope of user lookups'),
544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose 'ldap_user_search_filter' : _('Filter for user lookups'),
544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose 'ldap_user_object_class' : _('Objectclass for users'),
544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose 'ldap_user_name' : _('Username attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose #not used # 'ldap_user_pwd' :_('Password attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_uid_number' : _('UID attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_gid_number' : _('Primary GID attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_gecos' : _('GECOS attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_home_directory' : _('Home directory attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_shell' : _('Shell attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_uuid' : _('UUID attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_objectsid' : _("objectSID attribute"),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_primary_group' : _('Active Directory primary group attribute for ID-mapping'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_principal' : _('User principal attribute (for Kerberos)'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_fullname' : _('Full Name'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_member_of' : _('memberOf attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_modify_timestamp' : _('Modification time attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose #replaced by ldap_entry_usn# 'ldap_user_entry_usn' : _('entryUSN attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_shadow_last_change' : _('shadowLastChange attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_shadow_min' : _('shadowMin attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_shadow_max' : _('shadowMax attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_shadow_warning' : _('shadowWarning attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_shadow_inactive' : _('shadowInactive attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_shadow_expire' : _('shadowExpire attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_user_shadow_flag' : _('shadowFlag attribute'),
544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose 'ldap_user_authorized_service' : _('Attribute listing authorized PAM services'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_user_authorized_host' : _('Attribute listing authorized server hosts'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_user_krb_last_pwd_change' : _('krbLastPwdChange attribute'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'ldap_user_krb_password_expiration' : _('krbPasswordExpiration attribute'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'ldap_pwd_attribute' : _('Attribute indicating that server side password policies are active'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'ldap_user_ad_account_expires' : _('accountExpires attribute of AD'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'ldap_user_ad_user_account_control' : _('userAccountControl attribute of AD'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'ldap_ns_account_lock' : _('nsAccountLock attribute'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'ldap_user_nds_login_disabled' : _('loginDisabled attribute of NDS'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'ldap_user_nds_login_expiration_time' : _('loginExpirationTime attribute of NDS'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'ldap_user_nds_login_allowed_time_map' : _('loginAllowedTimeMap attribute of NDS'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_user_ssh_public_key' : _('SSH public key attribute'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_user_auth_type' : _('attribute listing allowed authentication types for a user'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_user_certificate' : _('attribute containing the X509 certificate of the user'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_user_email' : _('attribute containing the email address of the user'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_user_extra_attrs' : _('A list of extra attributes to download along with the user entry'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_group_search_base' : _('Base DN for group lookups'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose # not used # 'ldap_group_search_scope' : _('Scope of group lookups'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose # not used # 'ldap_group_search_filter' : _('Filter for group lookups'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_group_object_class' : _('Objectclass for groups'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_group_name' : _('Group name'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_group_pwd' : _('Group password'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_group_gid_number' : _('GID attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_group_member' : _('Group member attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_group_uuid' : _('Group UUID attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_group_objectsid' : _("objectSID attribute"),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_group_modify_timestamp' : _('Modification time attribute for groups'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_group_type' : _('Type of the group and other flags'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_group_external_member' : _('The LDAP group external member attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose #replaced by ldap_entry_usn# 'ldap_group_entry_usn' : _('entryUSN attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_group_nesting_level' : _('Maximum nesting level SSSd will follow'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_netgroup_search_base' : _('Base DN for netgroup lookups'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_netgroup_object_class' : _('Objectclass for netgroups'),
d0de7701d44c7a75210a9cb04634913ce3a94bfbSumit Bose 'ldap_netgroup_name' : _('Netgroup name'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_netgroup_member' : _('Netgroups members attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_netgroup_triple' : _('Netgroup triple attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_netgroup_modify_timestamp' : _('Modification time attribute for netgroups'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_service_search_base' : _('Base DN for service lookups'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_service_object_class' : _('Objectclass for services'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_service_name' : _('Service name attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_service_port' : _('Service port attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_service_proto' : _('Service protocol attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose #replaced by ldap_entry_usn# 'ldap_service_entry_usn' : _('Service entryUSN attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_idmap_range_min' : _('Lower bound for ID-mapping'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_idmap_range_max' : _('Upper bound for ID-mapping'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_idmap_range_size' : _('Number of IDs for each slice when ID-mapping'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_idmap_autorid_compat' : _('Use autorid-compatible algorithm for ID-mapping'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_idmap_default_domain' : _('Name of the default domain for ID-mapping'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_idmap_default_domain_sid' : _('SID of the default domain for ID-mapping'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_idmap_helper_table_size' : _('Number of secondary slices'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_groups_use_matching_rule_in_chain' : _('Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_initgroups_use_matching_rule_in_chain' : _('Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_use_tokengroups' : _('Whether to use Token-Groups'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_min_id' : _('Set lower boundary for allowed IDs from the LDAP server'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_max_id' : _('Set upper boundary for allowed IDs from the LDAP server'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_pwdlockout_dn' : _('DN for ppolicy queries'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'wildcard_limit' : _('How many maximum entries to fetch during a wildcard request'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_pwd_policy' : _('Policy to evaluate the password expiration'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_access_filter' : _('LDAP filter to determine access privileges'),
d0de7701d44c7a75210a9cb04634913ce3a94bfbSumit Bose 'ldap_account_expire_policy' : _('Which attributes shall be used to evaluate if an account is expired'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'ldap_access_order' : _('Which rules should be used to evaluate access control'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'ldap_chpass_uri' : _('URI of an LDAP server where password changes are allowed'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'ldap_chpass_backup_uri' : _('URI of a backup LDAP server where password changes are allowed'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'ldap_chpass_dns_service_name' : _('DNS service name for LDAP password change server'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'ldap_chpass_update_last_change' : _('Whether to update the ldap_user_shadow_last_change attribute after a password change'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_sudo_search_base' : _('Base DN for sudo rules lookups'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_sudo_full_refresh_interval' : _('Automatic full refresh period'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_sudo_smart_refresh_interval' : _('Automatic smart refresh period'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_sudo_use_host_filter' : _('Whether to filter rules by hostname, IP addresses and network'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_sudo_hostnames' : _('Hostnames and/or fully qualified domain names of this machine to filter sudo rules'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_sudo_ip' : _('IPv4 or IPv6 addresses or network of this machine to filter sudo rules'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_sudo_include_netgroups' : _('Whether to include rules that contains netgroup in host attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_sudo_include_regexp' : _('Whether to include rules that contains regular expression in host attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_sudorule_object_class' : _('Object class for sudo rules'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_sudorule_name' : _('Sudo rule name'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_sudorule_command' : _('Sudo rule command attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_sudorule_host' : _('Sudo rule host attribute'),
53ef8f81b60929a6c866efdd133627e7d7d61705Sumit Bose 'ldap_sudorule_user' : _('Sudo rule user attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_sudorule_option' : _('Sudo rule option attribute'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_sudorule_runas' : _('Sudo rule runas attribute'),
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose 'ldap_sudorule_runasuser' : _('Sudo rule runasuser attribute'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_sudorule_runasgroup' : _('Sudo rule runasgroup attribute'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_sudorule_notbefore' : _('Sudo rule notbefore attribute'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_sudorule_notafter' : _('Sudo rule notafter attribute'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'ldap_sudorule_order' : _('Sudo rule order attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_autofs_map_object_class' : _('Object class for automounter maps'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_autofs_map_name' : _('Automounter map name attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_autofs_entry_object_class' : _('Object class for automounter map entries'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_autofs_entry_key' : _('Automounter map entry key attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_autofs_entry_value' : _('Automounter map entry value attribute'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'ldap_autofs_search_base' : _('Base DN for automounter map lookups'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'simple_allow_users' : _('Comma separated list of allowed users'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'simple_deny_users' : _('Comma separated list of prohibited users'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'default_shell' : _('Default shell, /bin/bash'),
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose 'base_directory' : _('Base for home directories'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'proxy_lib_name' : _('The name of the NSS library to use'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'proxy_fast_alias' : _('Whether to look up canonical group name from cache if possible'),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'proxy_pam_target' : _('PAM stack to use')
45726939a48e605b0166521f94300ae04981a3a7Sumit Bosedef striplist(l):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose return([x.strip() for x in l])
45726939a48e605b0166521f94300ae04981a3a7Sumit Bosedef options_overlap(options1, options2):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose overlap = []
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose for option in options1:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if option in options2:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose return overlap
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass SSSDConfigSchema(SSSDChangeConf):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose def __init__(self, schemafile, schemaplugindir):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose SSSDChangeConf.__init__(self)
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose #TODO: get these from a global setting
de1131abe5ba7aaeb59f81fc3a9cd2a71c0b52ddLukas Slebodnik if not schemafile:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose schemafile = '@datadir@/sssd/sssd.api.conf'
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if not schemaplugindir:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose schemaplugindir = '@datadir@/sssd/sssd.api.d'
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose #Read the primary config file
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose fd = open(schemafile, 'r')
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose # Read in the provider files
de1131abe5ba7aaeb59f81fc3a9cd2a71c0b52ddLukas Slebodnik for file in filter(lambda f: re.search('^sssd-.*\.conf$', f),
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose os.listdir(schemaplugindir)):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose fd = open(schemaplugindir+ "/" + file)
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose except IOError:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose except SyntaxError: # can be raised with readfp
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose raise ParsingError
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose # Set up lookup table for types
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'bool' : bool,
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'int' : int,
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'long' : long if sys.version_info[0] == 2 else int,
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'float': float,
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'str' : str,
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'list' : list,
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'None' : None
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose # Lookup table for acceptable boolean values
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'false' : False,
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose 'true' : True,
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose def get_options(self, section):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if not self.has_section(section):
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose raise NoSectionError
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose options = self.options(section)
ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3Sumit Bose PRIMARY_TYPE = 0
ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3Sumit Bose MANDATORY = 2
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose # Parse values
ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3Sumit Bose parsed_options = {}
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose for option in self.strip_comments_empty(options):
ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3Sumit Bose unparsed_option = option['value']
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose split_option = striplist(unparsed_option.split(','))
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose optionlen = len(split_option)
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose primarytype = self.type_lookup[split_option[PRIMARY_TYPE]]
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose subtype = self.type_lookup[split_option[SUBTYPE]]
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose mandatory = self.bool_lookup[split_option[MANDATORY]]
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if option['name'] in option_strings:
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose desc = option_strings[option['name']]
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose if optionlen == 3:
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose # This option has no defaults
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose parsed_options[option['name']] = \
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose (primarytype,
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose elif optionlen == 4:
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose if type(split_option[DEFAULT]) == primarytype:
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose parsed_options[option['name']] = \
ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3Sumit Bose (primarytype,
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose split_option[DEFAULT])
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose elif primarytype == list:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if (type(split_option[DEFAULT]) == subtype):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose parsed_options[option['name']] = \
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose (primarytype,
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose [split_option[DEFAULT]])
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose if subtype == bool and \
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose type(split_option[DEFAULT]) == str:
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose parsed_options[option['name']] = \
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose (primarytype,
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose [self.bool_lookup[split_option[DEFAULT].lower()]])
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose parsed_options[option['name']] = \
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose (primarytype,
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose [subtype(split_option[DEFAULT])])
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose except ValueError:
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose raise ParsingError
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if primarytype == bool and \
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose type(split_option[DEFAULT]) == str:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose parsed_options[option['name']] = \
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose (primarytype,
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose self.bool_lookup[split_option[DEFAULT].lower()])
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose parsed_options[option['name']] = \
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose (primarytype,
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose primarytype(split_option[DEFAULT]))
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose except ValueError:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose raise ParsingError
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose elif optionlen > 4:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if (primarytype != list):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose raise ParsingError
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose fixed_options = []
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose for x in split_option[DEFAULT:]:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if type(x) != subtype:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if (subtype == bool and type(x) == str):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose newvalue = subtype(x)
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose except ValueError:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose raise ParsingError
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose parsed_options[option['name']] = \
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose (primarytype,
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose fixed_options)
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose # Bad config file
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose raise ParsingError
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose return parsed_options
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose def get_option(self, section, option):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if not self.has_section(section):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose raise NoSectionError(section)
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if not self.has_option(section, option):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose raise NoOptionError("Section [%s] has no option [%s]" %
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose (section, option))
a24954cc19285b197fb287bfa7aa01949c92b17dLukas Slebodnik return self.get_options(section)[option]
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose def get_defaults(self, section):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if not self.has_section(section):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose raise NoSectionError(section)
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose schema_options = self.get_options(section)
aa35995ef056aa8ae052a47c62c6750b7adf065eSumit Bose defaults = dict([(x,schema_options[x][4])
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose if schema_options[x][4] != None])
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose return defaults
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose def get_services(self):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose service_list = [x['name'] for x in self.sections()
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if x['name'] != 'service' and
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose not x['name'].startswith('domain') and
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose not x['name'].startswith('provider')]
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose return service_list
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose def get_providers(self):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose providers = {}
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose for section in self.sections():
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose splitsection = section['name'].split('/')
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if (splitsection[0] == 'provider'):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if(len(splitsection) == 3):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if splitsection[1] not in providers:
cb75b275d15beedd1fdecc1f8ced657fba282218Lukas Slebodnik providers[splitsection[1]] = []
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose providers[splitsection[1]].extend([splitsection[2]])
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose providers[key] = tuple(providers[key])
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose return providers
544a20de7667f05c1a406c4dea0706b0ab507430Sumit Boseclass SSSDConfigObject(object):
544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose def __init__(self):
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose def get_name(self):
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose Return the name of the this object
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose === Returns ===
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose The domain name
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose === Errors ===
3be9e26dcd169d44ae105f1b8a0674464c700b77Sumit Bose def get_option(self, optionname):
3be9e26dcd169d44ae105f1b8a0674464c700b77Sumit Bose Return the value of an service option
3be9e26dcd169d44ae105f1b8a0674464c700b77Sumit Bose The option to get.
ae627e216689b0a5834f36aaaa007ed584ef033dPetr Cech === Returns ===
13f30f69eec02d0c0aaccc7b544dee1326a5e9d4Jakub Hrozek The value for the requested option.
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose === Errors ===
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose NoOptionError:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose The specified option was not listed in the service
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if optionname in self.options.keys():
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose return self.options[optionname]
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose raise NoOptionError(optionname)
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose def get_all_options(self):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose Return a dictionary of name/value pairs for this object
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose === Returns ===
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose A dictionary of name/value pairs currently in use for this object
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose === Errors ===
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose def remove_option(self, optionname):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose Remove an option from the object. If the option does not exist, it is ignored.
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose === Returns ===
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose No return value.
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose === Errors ===
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if optionname in self.options:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose del self.options[optionname]
45726939a48e605b0166521f94300ae04981a3a7Sumit Boseclass SSSDService(SSSDConfigObject):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose Object to manipulate SSSD service options
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose def __init__(self, servicename, apischema):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose Create a new SSSDService, setting its defaults to those found in the
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose schema. This constructor should not be used directly. Use
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose The service name
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose An SSSDConfigSchema? object created by SSSDConfig.__init__()
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose === Returns ===
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose The newly-created SSSDService object.
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose === Errors ===
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose The API schema passed in was unusable or the name was not a string.
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose ServiceNotRecognizedError:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose The service was not listed in the schema
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose SSSDConfigObject.__init__(self)
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if not isinstance(apischema, SSSDConfigSchema) or type(servicename) != str:
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose raise TypeError
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if not apischema.has_section(servicename):
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose raise ServiceNotRecognizedError(servicename)
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose self.name = servicename
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose # Set up the service object with any known defaults
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose # Include a list of hidden options
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose # Set up default options for all services
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose self.options.update(self.schema.get_defaults('service'))
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose # Set up default options for this service
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose self.options.update(self.schema.get_defaults(self.name))
a24954cc19285b197fb287bfa7aa01949c92b17dLukas Slebodnik def list_options_with_mandatory(self):
a24954cc19285b197fb287bfa7aa01949c92b17dLukas Slebodnik List options for the service, including the mandatory flag.
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose === Returns ===
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose A dictionary of configurable options. This dictionary is keyed on the
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose option name with a tuple of the variable type, subtype ('None' if the
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose type is not a collection type), whether it is mandatory, the
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose translated option description, and the default value (or 'None') as
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose { 'enumerate' :
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose (bool, None, False, u'Enable enumerating all users/groups', True) }
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose === Errors ===
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose options = {}
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose # Get the list of available options for all services
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose schema_options = self.schema.get_options('service')
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose options.update(schema_options)
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose schema_options = self.schema.get_options(self.name)
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose options.update(schema_options)
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose return options
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose def list_options(self):
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose List all options that apply to this service
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose === Returns ===
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose A dictionary of configurable options. This dictionary is keyed on the
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose option name with a tuple of the variable type, subtype ('None' if the
aa35995ef056aa8ae052a47c62c6750b7adf065eSumit Bose type is not a collection type), the translated option description, and
aa35995ef056aa8ae052a47c62c6750b7adf065eSumit Bose the default value (or 'None') as the value.
544a20de7667f05c1a406c4dea0706b0ab507430Sumit Bose { 'services' :
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose (list, str, u'SSSD Services to start', ['nss', 'pam']) }
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose === Errors ===
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose # Filter out the mandatory field to maintain compatibility
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose # with older versions of the API
0a8024af282b271ad2185f68703d9f4e766d2bdcSumit Bose filtered_options = {}
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4])
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose return filtered_options
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose def list_mandatory_options(self):
39fd336e4390ece3a8465714735ef4203f329e54Sumit Bose List all mandatory options that apply to this service
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose === Returns ===
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose A dictionary of configurable options. This dictionary is keyed on the
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose option name with a tuple of the variable type, subtype ('None' if the
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose type is not a collection type), the translated option description, and
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose the default value (or 'None') as the value.
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose { 'services' :
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose (list, str, u'SSSD Services to start', ['nss', 'pam']) }
options = self.list_options_with_mandatory()
for key in options.keys():
elif self.schema.has_option('service', optionname):
option_schema = self.schema.get_option('service', optionname)
elif optionname in self.hidden_options:
self.options[optionname] = value
raise NoOptionError('Section [%s] has no option [%s]' % (self.name, optionname))
self.remove_option(optionname)
value = striplist(value.split(','))
newvalue.extend([option_schema[1](x)])
self.options[optionname] = value
SSSDConfig.new_domain() instead.
self.name = domainname
self.schema = apischema
self.active = False
self.oldname = None
self.providers = []
self.options = {}
self.active = bool(active)
(bool, None, False, u'Enable enumerating all users/groups', True) }
for (provider, providertype) in self.providers:
schema_options = self.schema.get_options('provider/%s'
options.update(schema_options)
schema_options = self.schema.get_options('provider/%s/%s'
options.update(schema_options)
(bool, None, u'Enable enumerating all users/groups', True) }
options = self.list_options_with_mandatory()
for key in options.keys():
(bool, None, u'Enable enumerating all users/groups', True) }
options = self.list_options_with_mandatory()
for key in options.keys():
Provider backend type. (e.g. local, ldap, krb5, etc.)
Subtype of the backend type. (e.g. id, auth, access, chpass)
options = self.schema.get_options('provider/%s' % provider)
known_providers = self.list_providers()
return self.schema.get_providers()
options = self.list_options()
if (option not in options.keys()):
(self.name, option))
self.remove_option(option)
value = striplist(value.split(','))
newvalue.extend([option_schema[1](x)])
is_provider = option.rfind('_provider')
self.add_provider(value, provider)
self.options[option] = value
if not self.oldname:
self.name = newname
Provider backend type. (e.g. local, ldap, krb5, etc.)
Subtype of the backend type. (e.g. id, auth, chpass)
configured_providers = self.list_providers()
if provider in configured_providers.keys():
with_this_type = [x for x in self.providers if x[1] == provider_type]
self.providers.extend([(provider, provider_type)])
self.options[option_name] = provider
Subtype of the backend type. (e.g. id, auth, chpass)
for (provider, ptype) in self.providers:
options = self.list_provider_options(provider, provider_type)
for (prov, ptype) in self.providers:
provider_options = self.list_provider_options(prov, ptype)
if option in self.options:
del self.options[option]
if option in self.options:
del self.options[option]
self.providers.remove((provider, provider_type))
Initialize the SSSD config parser/editor. This constructor does not
@datadir@/sssd/sssd.api.conf
Usually @datadir@/sssd/sssd.api.d
self.schema = SSSDConfigSchema(schemafile, schemaplugindir)
self.configfile = None
self.initialized = False
self.API_VERSION = 2
default, usually @sysconfdir@/sssd.conf
if self.initialized:
configfile = '@sysconfdir@/sssd/sssd.conf'
self.readfp(fd)
fd.close()
self.configfile = configfile
self.initialized = True
if self.initialized:
self.initialized = True
for servicename in self.schema.get_services():
service = self.new_service(servicename)
if not self.initialized:
if(self.configfile == None):
outputfile = self.configfile
old_umask = os.umask(0o177)
of.write(output)
of.close()
os.umask(old_umask)
if not self.initialized:
if (self.has_option('sssd', 'services')):
active_services = striplist(self.get('sssd', 'services').split(','))
service_dict = dict.fromkeys(active_services)
configured_services = self.list_services()
for srv in service_dict.keys():
if not self.initialized:
if (self.has_option('sssd', 'services')):
active_services = striplist(self.get('sssd', 'services').split(','))
services = [x for x in self.list_services()
if not self.initialized:
service_list = [x['name'] for x in self.sections()
if not self.initialized:
if not self.has_section(name):
service = SSSDService(name, self.schema)
service.set_option(opt['name'], opt['value'])
if not self.initialized:
if (self.has_section(name)):
service = SSSDService(name, self.schema)
self.save_service(service)
if not self.initialized:
if name not in self.list_services():
item = self.get_option_index('sssd', 'services')[1]
self.set('sssd','services', name)
service_dict = dict.fromkeys(striplist(item['value'].split(',')))
if not self.initialized:
if name not in self.list_services():
item = self.get_option_index('sssd', 'services')[1]
self.set('sssd','services', '')
service_dict = dict.fromkeys(striplist(item['value'].split(',')))
if not self.initialized:
self.delete_option('section', name)
if not self.initialized:
name = service.get_name()
index = self.delete_option('section', name)
for option,value in service.get_all_options().items():
addkw.append( { 'type' : 'option',
self.add_section(name, addkw, index)
if not self.initialized:
if (self.has_option('sssd', 'domains')):
active_domains = striplist(self.get('sssd', 'domains').split(','))
domain_dict = dict.fromkeys(active_domains)
configured_domains = self.list_domains()
for dom in domain_dict.keys():
if not self.initialized:
if (self.has_option('sssd', 'domains')):
active_domains = striplist(self.get('sssd', 'domains').split(','))
domains = [x for x in self.list_domains()
if not self.initialized:
domains = [x['name'][7:] for x in self.sections() if x['name'].startswith('domain/')]
if not self.initialized:
if not self.has_section('domain/%s' % name):
domain = SSSDDomain(name, self.schema)
providers = [ (x['name'],x['value']) for x in self.strip_comments_empty(self.options('domain/%s' % name))
domain.set_option(option, value)
domain.set_option(opt['name'], opt['value'])
if not self.initialized:
if self.has_section('domain/%s' % name):
domain = SSSDDomain(name, self.schema)
self.save_domain(domain)
if not self.initialized:
if name not in self.list_domains():
return name in self.list_active_domains()
if not self.initialized:
if name not in self.list_domains():
item = self.get_option_index('sssd', 'domains')[1]
self.set('sssd','domains', name)
domain_dict = dict.fromkeys(striplist(item['value'].split(',')))
if not self.initialized:
if name not in self.list_domains():
item = self.get_option_index('sssd', 'domains')[1]
self.set('sssd','domains', '')
domain_dict = dict.fromkeys(striplist(item['value'].split(',')))
if not self.initialized:
self.deactivate_domain(name)
self.delete_option('section', 'domain/%s' % name)
if not self.initialized:
name = domain.get_name()
oldindex = self.delete_option('section', 'domain/%s' %
domain.oldname = None;
if name not in self.list_domains():
self.add_section(sectionname, []);
for option in self.options(sectionname):
if option['name'] not in domain.get_all_options():
self.delete_option_subtree(section_subtree['value'], 'option', option['name'], True)
for option,value in domain.get_all_options().items():
self.set(sectionname, option, str(value))
if domain.active:
self.activate_domain(name)
self.deactivate_domain(name)