__init__.py.in revision 89530c830ded58c6140cdb34c9de07bf77bb5bc0
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciCreated on Sep 18, 2009
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci@author: sgallagh
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciimport gettext
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgolluccifrom .ipachangeconf import SSSDChangeConf
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass SSSDConfigException(Exception): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass ParsingError(Exception): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass AlreadyInitializedError(SSSDConfigException): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass NotInitializedError(SSSDConfigException): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass NoOutputFileError(SSSDConfigException): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass NoServiceError(SSSDConfigException): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass NoSectionError(SSSDConfigException): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass NoOptionError(SSSDConfigException): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass ServiceNotRecognizedError(SSSDConfigException): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass ServiceAlreadyExists(SSSDConfigException): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass NoDomainError(SSSDConfigException): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass DomainNotRecognized(SSSDConfigException): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass DomainAlreadyExistsError(SSSDConfigException): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass NoSuchProviderError(SSSDConfigException): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass NoSuchProviderSubtypeError(SSSDConfigException): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciclass ProviderSubtypeInUse(SSSDConfigException): pass
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucciPACKAGE = 'sss_daemon'
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgolluccitranslation = gettext.translation(PACKAGE, LOCALEDIR, fallback=True)
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci# TODO: This needs to be made external
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgolluccioption_strings = {
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'debug_level' : _('Set the verbosity of the debug logging'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'debug_timestamps' : _('Include timestamps in debug logs'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'debug_microseconds' : _('Include microseconds in timestamps in debug logs'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'debug_to_files' : _('Write debug messages to logfiles'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'timeout' : _('Ping timeout before restarting service'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'force_timeout' : _('Timeout between three failed ping checks and forcibly killing the service'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'command' : _('Command to start service'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'reconnection_retries' : _('Number of times to attempt connection to Data Providers'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'fd_limit' : _('The number of file descriptors that may be opened by this responder'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'client_idle_timeout' : _('Idle time before automatic disconnection of a client'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'diag_cmd' : _('The command to run when a service ping times out'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'services' : _('SSSD Services to start'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'domains' : _('SSSD Domains to start'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'sbus_timeout' : _('Timeout for messages sent over the SBUS'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 're_expression' : _('Regex to parse username and domain'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'full_name_format' : _('Printf-compatible format for displaying fully-qualified names'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_rcache_dir' : _('Directory on the filesystem where SSSD should store Kerberos replay cache files.'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'default_domain_suffix' : _('Domain to add to names without a domain component.'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'user' : _('The user to drop privileges to'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'enum_cache_timeout' : _('Enumeration cache timeout length (seconds)'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'entry_cache_no_wait_timeout' : _('Entry cache background update timeout length (seconds)'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'entry_negative_timeout' : _('Negative cache timeout length (seconds)'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'filter_users' : _('Users that SSSD should explicitly ignore'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'filter_groups' : _('Groups that SSSD should explicitly ignore'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'filter_users_in_groups' : _('Should filtered users appear in groups'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'pwfield' : _('The value of the password field the NSS provider should return'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'override_homedir' : _('Override homedir value from the identity provider with this value'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'fallback_homedir' : _('Substitute empty homedir value from the identity provider with this value'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'override_shell': _('Override shell value from the identity provider with this value'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'allowed_shells' : _('The list of shells users are allowed to log in with'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'vetoed_shells' : _('The list of shells that will be vetoed, and replaced with the fallback shell'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'shell_fallback' : _('If a shell stored in central directory is allowed but not available, use this fallback'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'default_shell': _('Shell to use if the provider does not list one'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'memcache_timeout': _('How long will be in-memory cache records valid'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'override_space': _('All spaces in group or user names will be replaced with this character'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'offline_credentials_expiration' : _('How long to allow cached logins between online logins (days)'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'offline_failed_login_attempts' : _('How many failed logins attempts are allowed when offline'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'offline_failed_login_delay' : _('How long (minutes) to deny login after offline_failed_login_attempts has been reached'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'pam_verbosity' : _('What kind of messages are displayed to the user during authentication'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'pam_id_timeout' : _('How many seconds to keep identity information cached for PAM requests'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'pam_pwd_expiration_warning' : _('How many days before password expiration a warning should be displayed'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'pam_trusted_users' : _('List of trusted uids or user\'s name'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'pam_public_domains' : _('List of domains accessible even for untrusted users.'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'pam_account_expired_message' : _('Message printed when user account is expired.'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'p11_child_timeout' : _('How many seconds will pam_sss wait for p11_child to finish'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'sudo_timed' : _('Whether to evaluate the time-based attributes in sudo rules'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'sudo_inverse_order' : _('If true, SSSD will switch back to lower-wins ordering logic'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'autofs_negative_timeout' : _('Negative cache timeout length (seconds)'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ssh_hash_known_hosts': _('Whether to hash host names and addresses in the known_hosts file'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ssh_known_hosts_timeout': _('How many seconds to keep a host in the known_hosts file after its host keys were requested'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ca_db': _('Path to storage of trusted CA certificates'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'allowed_uids': _('List of UIDs or user names allowed to access the PAC responder'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'allowed_uids': _('List of UIDs or user names allowed to access the InfoPipe responder'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'user_attributes': _('List of user attributes the InfoPipe is allowed to publish'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci # [provider]
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'id_provider' : _('Identity provider'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'auth_provider' : _('Authentication provider'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'access_provider' : _('Access control provider'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'chpass_provider' : _('Password change provider'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'sudo_provider' : _('SUDO provider'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'autofs_provider' : _('Autofs provider'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'session_provider' : _('Session-loading provider'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'hostid_provider' : _('Host identity provider'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'min_id' : _('Minimum user ID'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'max_id' : _('Maximum user ID'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'enumerate' : _('Enable enumerating all users/groups'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'cache_credentials' : _('Cache credentials for offline login'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'store_legacy_passwords' : _('Store password hashes'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'use_fully_qualified_names' : _('Display users/groups in fully-qualified form'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ignore_group_members' : _('Don\'t include group members in group lookups'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'entry_cache_timeout' : _('Entry cache timeout length (seconds)'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'dns_discovery_domain' : _('The domain part of service discovery DNS query'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'override_gid' : _('Override GID value from the identity provider with this value'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'case_sensitive' : _('Treat usernames as case sensitive'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'entry_cache_user_timeout' : _('Entry cache timeout length (seconds)'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'entry_cache_group_timeout' : _('Entry cache timeout length (seconds)'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'entry_cache_netgroup_timeout' : _('Entry cache timeout length (seconds)'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'entry_cache_service_timeout' : _('Entry cache timeout length (seconds)'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'entry_cache_autofs_timeout' : _('Entry cache timeout length (seconds)'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'entry_cache_sudo_timeout' : _('Entry cache timeout length (seconds)'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'refresh_expired_interval' : _('How often should expired entries be refreshed in background'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'dyndns_update' : _("Whether to automatically update the client's DNS entry"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'dyndns_ttl' : _("The TTL to apply to the client's DNS entry after updating it"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'dyndns_iface' : _("The interface whose IP should be used for dynamic DNS updates"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'dyndns_refresh_interval' : _("How often to periodically update the client's DNS entry"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'dyndns_update_ptr' : _("Whether the provider should explicitly update the PTR record as well"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'dyndns_force_tcp' : _("Whether the nsupdate utility should default to using TCP"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'dyndns_auth' : _("What kind of authentication should be used to perform the DNS update"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'dyndns_server' : _("Override the DNS server used to perform the DNS update"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'subdomain_enumerate' : _('Control enumeration of trusted domains'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'subdomain_refresh_interval' : _('How often should subdomains list be refreshed'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'subdomain_inherit' : _('List of options that should be inherited into a subdomain'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'cached_auth_timeout' : _('How long can cached credentials be used for cached authentication'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_domain' : _('IPA domain'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_server' : _('IPA server address'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_backup_server' : _('Address of backup IPA server'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_hostname' : _('IPA client hostname'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_dyndns_update' : _("Whether to automatically update the client's DNS entry in FreeIPA"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_dyndns_ttl' : _("The TTL to apply to the client's DNS entry after updating it"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_dyndns_iface' : _("The interface whose IP should be used for dynamic DNS updates"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_hbac_search_base' : _("Search base for HBAC related objects"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_hbac_refresh' : _("The amount of time between lookups of the HBAC rules against the IPA server"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_selinux_refresh' : _("The amount of time in seconds between lookups of the SELinux maps against the IPA server"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_hbac_support_srchost' : _("If set to false, host argument given by PAM will be ignored"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_automount_location' : _("The automounter location this IPA client is using"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_master_domain_search_base': _("Search base for object containing info about IPA domain"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_ranges_search_base': _("Search base for objects containing info about ID ranges"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_enable_dns_sites': _("Enable DNS sites - location based service discovery"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_views_search_base': _("Search base for view containers"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_view_class': _("Objectclass for view containers"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_view_name': _("Attribute with the name of the view"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_overide_object_class': _("Objectclass for override objects"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_anchor_uuid': _("Attribute with the reference to the original object"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_user_override_object_class': _("Objectclass for user override objects"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ipa_group_override_object_class': _("Objectclass for group override objects"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_domain' : _('Active Directory domain'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_server' : _('Active Directory server address'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_backup_server' : _('Active Directory backup server address'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_hostname' : _('Active Directory client hostname'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_enable_dns_sites' : _('Enable DNS sites - location based service discovery'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_access_filter' : _('LDAP filter to determine access privileges'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_enable_gc' : _('Whether to use the Global Catalog for lookups'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_gpo_access_control' : _('Operation mode for GPO-based access control'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_gpo_cache_timeout' : _("The amount of time between lookups of the GPO policy files against the AD server"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_gpo_map_interactive' : _('PAM service names that map to the GPO (Deny)InteractiveLogonRight policy settings'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_gpo_map_remote_interactive' : _('PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight policy settings'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_gpo_map_network' : _('PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_gpo_map_batch' : _('PAM service names that map to the GPO (Deny)BatchLogonRight policy settings'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_gpo_map_service' : _('PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_gpo_map_permit' : _('PAM service names for which GPO-based access is always granted'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_gpo_map_deny' : _('PAM service names for which GPO-based access is always denied'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_gpo_default_right' : _('Default logon right (or permit/deny) to use for unmapped PAM service names'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ad_site' : _('a particular site to be used by the client'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_kdcip' : _('Kerberos server address'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_server' : _('Kerberos server address'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_backup_server' : _('Kerberos backup server address'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_realm' : _('Kerberos realm'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_auth_timeout' : _('Authentication timeout'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_use_kdcinfo' : _('Whether to create kdcinfo files'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_confd_path' : _('Where to drop krb5 config snippets'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_ccachedir' : _('Directory to store credential caches'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_ccname_template' : _("Location of the user's credential cache"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_keytab' : _("Location of the keytab to validate credentials"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_validate' : _("Enable credential validation"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_store_password_if_offline' : _("Store password if offline for later online authentication"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_renewable_lifetime' : _("Renewable lifetime of the TGT"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_lifetime' : _("Lifetime of the TGT"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_renew_interval' : _("Time between two checks for renewal"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_use_fast' : _("Enables FAST"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_fast_principal' : _("Selects the principal to use for FAST"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_canonicalize' : _("Enables principal canonicalization"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_use_enterprise_principal' : _("Enables enterprise principals"),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_map_user' : _('A mapping from user names to kerberos principal names'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_kpasswd' : _('Server where the change password service is running if not on the KDC'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'krb5_backup_kpasswd' : _('Server where the change password service is running if not on the KDC'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ldap_uri' : _('ldap_uri, The URI of the LDAP server'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ldap_backup_uri' : _('ldap_backup_uri, The URI of the LDAP server'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ldap_search_base' : _('The default base DN'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ldap_schema' : _('The Schema Type in use on the LDAP server, rfc2307'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ldap_default_bind_dn' : _('The default bind DN'),
f6ebc4d280b727f6f35e44323d7a88b02f22d3e9pgollucci 'ldap_default_authtok_type' : _('The type of the authentication token of the default bind DN'),
'ldap_sasl_canonicalize' : _('Whether the LDAP library should perform a reverse lookup to canonicalize the host name during a SASL bind'),
'ldap_connection_expiration_timeout' : _('How long to retain a connection to the LDAP server before disconnecting'),
# [provider/ldap/id]
'ldap_initgroups_use_matching_rule_in_chain' : _('Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups'),
'ldap_account_expire_policy' : _('Which attributes shall be used to evaluate if an account is expired'),
'ldap_chpass_update_last_change' : _('Whether to update the ldap_user_shadow_last_change attribute after a password change'),
'ldap_sudo_hostnames' : _('Hostnames and/or fully qualified domain names of this machine to filter sudo rules'),
'ldap_sudo_include_netgroups' : _('Whether to include rules that contains netgroup in host attribute'),
'ldap_sudo_include_regexp' : _('Whether to include rules that contains regular expression in host attribute'),
'default_shell' : _('Default shell, /bin/bash'),
return([x.strip() for x in l])
overlap.append(option)
schemafile = '@datadir@/sssd/sssd.api.conf'
schemaplugindir = '@datadir@/sssd/sssd.api.d'
self.readfp(fd)
fd.close()
for file in filter(lambda f: re.search('^sssd-.*\.conf$', f),
os.listdir(schemaplugindir)):
self.readfp(fd)
fd.close()
self.type_lookup = {
'long' : long if sys.version_info[0] == 2 else int,
self.bool_lookup = {
if not self.has_section(section):
options = self.options(section)
for option in self.strip_comments_empty(options):
split_option = striplist(unparsed_option.split(','))
primarytype = self.type_lookup[split_option[PRIMARY_TYPE]]
subtype = self.type_lookup[split_option[SUBTYPE]]
mandatory = self.bool_lookup[split_option[MANDATORY]]
[self.bool_lookup[split_option[DEFAULT].lower()]])
self.bool_lookup[split_option[DEFAULT].lower()])
fixed_options.extend([newvalue])
fixed_options.extend([x])
if not self.has_section(section):
if not self.has_option(section, option):
return self.get_options(section)[option]
if not self.has_section(section):
schema_options = self.get_options(section)
for x in schema_options.keys()
service_list = [x['name'] for x in self.sections()
for section in self.sections():
for key in providers.keys():
self.name = None
self.options = {}
return self.name
if optionname in self.options.keys():
return self.options[optionname]
Return a dictionary of name/value pairs for this object
A dictionary of name/value pairs currently in use for this object
return self.options
if optionname in self.options:
del self.options[optionname]
SSSDConfig.new_service() instead.
if not apischema.has_section(servicename):
self.name = servicename
self.schema = apischema
self.options = {}
self.hidden_options = []
(bool, None, False, u'Enable enumerating all users/groups', True) }
schema_options = self.schema.get_options('service')
options.update(schema_options)
options.update(schema_options)
options = self.list_options_with_mandatory()
for key in options.keys():
options = self.list_options_with_mandatory()
for key in options.keys():
elif self.schema.has_option('service', optionname):
option_schema = self.schema.get_option('service', optionname)
elif optionname in self.hidden_options:
self.options[optionname] = value
raise NoOptionError('Section [%s] has no option [%s]' % (self.name, optionname))
self.remove_option(optionname)
value = striplist(value.split(','))
newvalue.extend([option_schema[1](x)])
self.options[optionname] = value
SSSDConfig.new_domain() instead.
self.name = domainname
self.schema = apischema
self.active = False
self.oldname = None
self.providers = []
self.options = {}
self.active = bool(active)
(bool, None, False, u'Enable enumerating all users/groups', True) }
for (provider, providertype) in self.providers:
schema_options = self.schema.get_options('provider/%s'
options.update(schema_options)
schema_options = self.schema.get_options('provider/%s/%s'
options.update(schema_options)
(bool, None, u'Enable enumerating all users/groups', True) }
options = self.list_options_with_mandatory()
for key in options.keys():
(bool, None, u'Enable enumerating all users/groups', True) }
options = self.list_options_with_mandatory()
for key in options.keys():
Provider backend type. (e.g. local, ldap, krb5, etc.)
Subtype of the backend type. (e.g. id, auth, access, chpass)
options = self.schema.get_options('provider/%s' % provider)
known_providers = self.list_providers()
return self.schema.get_providers()
options = self.list_options()
if (option not in options.keys()):
(self.name, option))
self.remove_option(option)
value = striplist(value.split(','))
newvalue.extend([option_schema[1](x)])
is_provider = option.rfind('_provider')
self.add_provider(value, provider)
self.options[option] = value
if not self.oldname:
self.name = newname
Provider backend type. (e.g. local, ldap, krb5, etc.)
Subtype of the backend type. (e.g. id, auth, chpass)
configured_providers = self.list_providers()
if provider in configured_providers.keys():
with_this_type = [x for x in self.providers if x[1] == provider_type]
self.providers.extend([(provider, provider_type)])
self.options[option_name] = provider
Subtype of the backend type. (e.g. id, auth, chpass)
for (provider, ptype) in self.providers:
options = self.list_provider_options(provider, provider_type)
for (prov, ptype) in self.providers:
provider_options = self.list_provider_options(prov, ptype)
if option in self.options:
del self.options[option]
if option in self.options:
del self.options[option]
self.providers.remove((provider, provider_type))
Initialize the SSSD config parser/editor. This constructor does not
@datadir@/sssd/sssd.api.conf
Usually @datadir@/sssd/sssd.api.d
self.schema = SSSDConfigSchema(schemafile, schemaplugindir)
self.configfile = None
self.initialized = False
self.API_VERSION = 2
default, usually @sysconfdir@/sssd.conf
if self.initialized:
configfile = '@sysconfdir@/sssd/sssd.conf'
self.readfp(fd)
fd.close()
self.configfile = configfile
self.initialized = True
if self.initialized:
self.initialized = True
for servicename in self.schema.get_services():
service = self.new_service(servicename)
if not self.initialized:
if(self.configfile == None):
outputfile = self.configfile
old_umask = os.umask(0o177)
of.write(output)
of.close()
os.umask(old_umask)
if not self.initialized:
if (self.has_option('sssd', 'services')):
active_services = striplist(self.get('sssd', 'services').split(','))
service_dict = dict.fromkeys(active_services)
configured_services = self.list_services()
for srv in service_dict.keys():
if not self.initialized:
if (self.has_option('sssd', 'services')):
active_services = striplist(self.get('sssd', 'services').split(','))
services = [x for x in self.list_services()
if not self.initialized:
service_list = [x['name'] for x in self.sections()
if not self.initialized:
if not self.has_section(name):
service = SSSDService(name, self.schema)
service.set_option(opt['name'], opt['value'])
if not self.initialized:
if (self.has_section(name)):
service = SSSDService(name, self.schema)
self.save_service(service)
if not self.initialized:
if name not in self.list_services():
item = self.get_option_index('sssd', 'services')[1]
self.set('sssd','services', name)
service_dict = dict.fromkeys(striplist(item['value'].split(',')))
if not self.initialized:
if name not in self.list_services():
item = self.get_option_index('sssd', 'services')[1]
self.set('sssd','services', '')
service_dict = dict.fromkeys(striplist(item['value'].split(',')))
if not self.initialized:
self.delete_option('section', name)
if not self.initialized:
name = service.get_name()
index = self.delete_option('section', name)
for option,value in service.get_all_options().items():
addkw.append( { 'type' : 'option',
self.add_section(name, addkw, index)
if not self.initialized:
if (self.has_option('sssd', 'domains')):
active_domains = striplist(self.get('sssd', 'domains').split(','))
domain_dict = dict.fromkeys(active_domains)
configured_domains = self.list_domains()
for dom in domain_dict.keys():
if not self.initialized:
if (self.has_option('sssd', 'domains')):
active_domains = striplist(self.get('sssd', 'domains').split(','))
domains = [x for x in self.list_domains()
if not self.initialized:
domains = [x['name'][7:] for x in self.sections() if x['name'].startswith('domain/')]
if not self.initialized:
if not self.has_section('domain/%s' % name):
domain = SSSDDomain(name, self.schema)
providers = [ (x['name'],x['value']) for x in self.strip_comments_empty(self.options('domain/%s' % name))
domain.set_option(option, value)
domain.set_option(opt['name'], opt['value'])
if not self.initialized:
if self.has_section('domain/%s' % name):
domain = SSSDDomain(name, self.schema)
self.save_domain(domain)
if not self.initialized:
if name not in self.list_domains():
return name in self.list_active_domains()
if not self.initialized:
if name not in self.list_domains():
item = self.get_option_index('sssd', 'domains')[1]
self.set('sssd','domains', name)
domain_dict = dict.fromkeys(striplist(item['value'].split(',')))
if not self.initialized:
if name not in self.list_domains():
item = self.get_option_index('sssd', 'domains')[1]
self.set('sssd','domains', '')
domain_dict = dict.fromkeys(striplist(item['value'].split(',')))
if not self.initialized:
self.deactivate_domain(name)
self.delete_option('section', 'domain/%s' % name)
if not self.initialized:
name = domain.get_name()
oldindex = self.delete_option('section', 'domain/%s' %
domain.oldname = None;
if name not in self.list_domains():
self.add_section(sectionname, []);
for option in self.options(sectionname):
if option['name'] not in domain.get_all_options():
self.delete_option_subtree(section_subtree['value'], 'option', option['name'], True)
for option,value in domain.get_all_options().items():
self.set(sectionname, option, str(value))
if domain.active:
self.activate_domain(name)
self.deactivate_domain(name)