Ñò 0>\c @sØdZddkZddkZddkZddkZddklZdefd„ƒYZdefd„ƒYZ d efd „ƒYZ defd„ƒYZd efd„ƒYZdefd„ƒYZ defd„ƒYZdefd„ƒYZdefd„ƒYZdefd„ƒYZdefd„ƒYZdefd„ƒYZdefd„ƒYZdefd „ƒYZd!efd"„ƒYZd#efd$„ƒYZd%Zd&Zeieed'eƒZeid(d)jo eiZn eiZhBed*ƒd+6ed,ƒd-6ed.ƒd/6ed0ƒd16ed2ƒd36ed4ƒd56ed6ƒd76ed8ƒd96ed:ƒd;6ed<ƒd=6ed>ƒd?6ed@ƒdA6edBƒdC6edDƒdE6edFƒdG6edHƒdI6edJƒdK6edLƒdM6edNƒdO6edPƒdQ6edRƒdS6edTƒdU6edVƒdW6edXƒdY6edZƒd[6ed\ƒd]6ed^ƒd_6ed`ƒda6edbƒdc6eddƒde6edfƒdg6edhƒdi6edjƒdk6edlƒdm6ednƒdo6edpƒdq6edrƒds6edtƒdu6edvƒdw6edxƒdy6edzƒd{6ed|ƒd}6ed~ƒd6ed€ƒd6ed‚ƒdƒ6ed„ƒd…6ed†ƒd‡6edˆƒd‰6edŠƒd‹6edŒƒd6edŽƒd6edTƒd6ed‘ƒd’6ed“ƒd”6ed•ƒd–6ed—ƒd˜6ed™ƒd˜6edšƒd›6edœƒd6edžƒdŸ6ed ƒd¡6ed¢ƒd£6ed¤ƒd¥6ed¦ƒd§6ed¨ƒd©6edªƒd«6ed¬ƒd6ed®ƒd¯6ed°ƒd±6ed²ƒd³6ed´ƒdµ6ed¶ƒd·6ed¸ƒd¹6edºƒd»6ed¼ƒd½6ed¾ƒd¿6edÀƒdÁ6edÂƒdÃ6edÄƒdÅ6edÆƒdÇ6edºƒdÈ6edºƒdÉ6edºƒdÊ6edºƒdË6edºƒdÌ6edºƒdÍ6edÎƒdÏ6edÐƒdÑ6edÒƒdÓ6edÔƒdÕ6edÖƒd×6edØƒdÙ6edÚƒdÛ6edÜƒdÝ6edÞƒdß6edàƒdá6edâƒdã6edäƒdå6edæƒdç6edèƒdé6edêƒdë6edìƒdí6edîƒdï6edðƒdñ6edÒƒdò6edÔƒdó6edôƒdõ6edöƒd÷6edøƒdù6edúƒdû6edüƒdý6edþƒdÿ6edƒd6edƒd6edƒd6edƒd6edƒd 6ed ƒd6edƒd 6edƒd6edƒd6edƒd6edƒd6edƒd6edƒd6edƒd6edƒd6edƒd6edƒd 6ed!ƒd"6ed#ƒd$6ed%ƒd&6ed'ƒd(6ed)ƒd*6ed+ƒd,6ed-ƒd.6ed/ƒd06ed1ƒd26ed3ƒd46ed5ƒd66ed7ƒd86ed9ƒd:6ed;ƒd<6ed;ƒd=6ed>ƒd?6ed@ƒdA6edBƒdC6edDƒdE6edFƒdG6edHƒdI6edJƒdK6edLƒdM6edNƒdO6edPƒdQ6edRƒdS6edTƒdU6edVƒdW6edXƒdY6edZƒd[6ed\ƒd]6ed^ƒd_6ed`ƒda6edbƒdc6edbƒdd6edeƒdf6edgƒdh6ediƒdj6edkƒdl6edmƒdn6edoƒdp6edqƒdr6edsƒdt6eduƒdv6edwƒdx6edyƒdz6ed{ƒd|6ed}ƒd~6edƒd€6edƒd‚6edƒƒd„6ed…ƒd†6ed‡ƒdˆ6ed‰ƒdŠ6ed‹ƒdŒ6edƒdŽ6edƒd6ed‘ƒd’6ed“ƒd”6ed•ƒd–6ed—ƒd˜6ed™ƒdš6ed›ƒdœ6edƒdž6edŸƒd 6ed¡ƒd¢6ed£ƒd¤6ed¥ƒd¦6ed§ƒd¨6ed©ƒdª6ed«ƒd¬6edƒd®6ed¯ƒd°6ed±ƒd²6ed³ƒd´6edµƒd¶6ed·ƒd¸6ed¹ƒdº6ed»ƒd¼6ed½ƒd¾6ed¿ƒdÀ6edÁƒdÂ6edÃƒdÄ6edÅƒdÆ6edÇƒdÈ6edÉƒdÊ6edËƒdÌ6edÍƒdÎ6edÏƒdÐ6edÑƒdÒ6edÓƒdÔ6edÕƒdÖ6ed×ƒdØ6edÙƒdÚ6edÛƒdÜ6edÝƒdÞ6edßƒdà6edáƒdâ6edãƒdä6edåƒdæ6edçƒdè6edéƒdê6edëƒdì6edíƒdî6edïƒdð6edñƒdò6edóƒdô6edõƒdö6ed÷ƒdø6edùƒdú6edûƒdü6edýƒdþ6edÿƒd6edƒd6edƒd6edƒd6edƒd6ed ƒd 6edƒd6ed ƒd6edƒd6edƒd6edÍƒd6edƒd6edƒd6edƒd6edƒd6edƒd6edƒd6ed ƒd!6ed"ƒd#6ed$ƒd%6ed&ƒd'6ed(ƒd)6ed*ƒd+6ed,ƒd-6ed.ƒd/6ed0ƒd16ed2ƒd36ed4ƒd56ed6ƒd76ed8ƒd96ed:ƒd;6ed<ƒd=6ed>ƒd?6ed@ƒdA6edBƒdC6edDƒdE6edFƒdG6edHƒdI6edJƒdK6edLƒdM6edƒdN6edOƒdP6edQƒdR6edSƒdT6edUƒdV6edWƒdX6edYƒdZ6ed[ƒd\6ed]ƒd^6ed_ƒd`6edaƒdb6edcƒdd6edeƒdf6edgƒdh6ediƒdj6edkƒdl6edmƒdn6edoƒdp6edqƒdr6edsƒdt6eduƒdv6edwƒdx6edyƒdz6ed{ƒd|6ed}ƒd~6edƒd€6edƒd‚6edƒƒd„6ed…ƒd†6ed‡ƒdˆ6ed‰ƒdŠ6ed‹ƒdŒ6edƒdŽ6edƒd6ed‘ƒd’6ed“ƒdk6ed”ƒd•6ed–ƒd—6ed˜ƒd™6edšƒd›6edœƒd6Zdž„Z dŸ„Z!d efd¡„ƒYZ"d¢e#fd£„ƒYZ$d¤e$fd¥„ƒYZ%d¦e$fd§„ƒYZ&d¨efd©„ƒYZ'dS(ªs, Created on Sep 18, 2009 @author: sgallagh iÿÿÿÿNi(tSSSDChangeConftSSSDConfigExceptioncBseZRS((t__name__t __module__(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRstParsingErrorcBseZRS((RR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRstAlreadyInitializedErrorcBseZRS((RR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRstNotInitializedErrorcBseZRS((RR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRstNoOutputFileErrorcBseZRS((RR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRstNoServiceErrorcBseZRS((RR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRstNoSectionErrorcBseZRS((RR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyR st NoOptionErrorcBseZRS((RR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyR stServiceNotRecognizedErrorcBseZRS((RR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRstServiceAlreadyExistscBseZRS((RR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRst NoDomainErrorcBseZRS((RR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyR stDomainNotRecognizedcBseZRS((RR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRstDomainAlreadyExistsErrorcBseZRS((RR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRstNoSuchProviderErrorcBseZRS((RR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRstNoSuchProviderSubtypeErrorcBseZRS((RR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRstProviderSubtypeInUsecBseZRS((RR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRst sss_daemons/usr/share/localetfallbackiis&Set the verbosity of the debug loggingtdebug_levels Include timestamps in debug logstdebug_timestampss0Include microseconds in timestamps in debug logstdebug_microsecondss Write debug messages to logfilestdebug_to_filess&Ping timeout before restarting servicettimeoutsITimeout between three failed ping checks and forcibly killing the servicet force_timeoutsCommand to start servicetcommands7Number of times to attempt connection to Data Providerstreconnection_retriessCThe number of file descriptors that may be opened by this respondertfd_limits4Idle time before automatic disconnection of a clienttclient_idle_timeoutsSSSD Services to starttservicessSSSD Domains to starttdomainss'Timeout for messages sent over the SBUStsbus_timeouts"Regex to parse username and domaint re_expressions=Printf-compatible format for displaying fully-qualified namestfull_name_formatsPDirectory on the filesystem where SSSD should store Kerberos replay cache files.tkrb5_rcache_dirs2Domain to add to names without a domain component.tdefault_domain_suffixsThe user to drop privileges totusersTune certificate verificationtcertificate_verifications*Enumeration cache timeout length (seconds)tenum_cache_timeouts6Entry cache background update timeout length (seconds)tentry_cache_no_wait_timeouts'Negative cache timeout length (seconds)tentry_negative_timeouts(Users that SSSD should explicitly ignoretfilter_userss)Groups that SSSD should explicitly ignoret filter_groupss&Should filtered users appear in groupstfilter_users_in_groupss>The value of the password field the NSS provider should returntpwfieldsAOverride homedir value from the identity provider with this valuetoverride_homedirsISubstitute empty homedir value from the identity provider with this valuetfallback_homedirs?Override shell value from the identity provider with this valuetoverride_shells3The list of shells users are allowed to log in withtallowed_shellssLThe list of shells that will be vetoed, and replaced with the fallback shellt vetoed_shellssVIf a shell stored in central directory is allowed but not available, use this fallbacktshell_fallbacks.Shell to use if the provider does not list onet default_shells.How long will be in-memory cache records validtmemcache_timeoutsFAll spaces in group or user names will be replaced with this charactertoverride_spaces<How long to allow cached logins between online logins (days)toffline_credentials_expirations8How many failed logins attempts are allowed when offlinetoffline_failed_login_attemptssUHow long (minutes) to deny login after offline_failed_login_attempts has been reachedtoffline_failed_login_delaysEWhat kind of messages are displayed to the user during authenticationt pam_verbositys%Filter PAM responses send the pam_ssstpam_response_filtersEHow many seconds to keep identity information cached for PAM requeststpam_id_timeoutsFHow many days before password expiration a warning should be displayedtpam_pwd_expiration_warnings#List of trusted uids or user's nametpam_trusted_userss4List of domains accessible even for untrusted users.tpam_public_domainss-Message printed when user account is expired.tpam_account_expired_messages,Message printed when user account is locked.tpam_account_locked_messages1Allow certificate based/Smartcard authentication.t pam_cert_auths1Path to certificate databse with PKCS#11 modules.tpam_cert_db_paths:How many seconds will pam_sss wait for p11_child to finishtp11_child_timeouts;Whether to evaluate the time-based attributes in sudo rulest sudo_timeds;If true, SSSD will switch back to lower-wins ordering logictsudo_inverse_ordertautofs_negative_timeouts@Whether to hash host names and addresses in the known_hosts filetssh_hash_known_hostssZHow many seconds to keep a host in the known_hosts file after its host keys were requestedtssh_known_hosts_timeouts*Path to storage of trusted CA certificatestca_dbs>List of UIDs or user names allowed to access the PAC respondertallowed_uidssCList of UIDs or user names allowed to access the InfoPipe responders:List of user attributes the InfoPipe is allowed to publishtuser_attributessIdentity providertid_providersAuthentication providert auth_providersAccess control providertaccess_providersPassword change providertchpass_providers SUDO providert sudo_providersAutofs providertautofs_providersSession-loading providertsession_providersHost identity providerthostid_providersMinimum user IDtmin_idsMaximum user IDtmax_ids#Enable enumerating all users/groupst enumerates#Cache credentials for offline logintcache_credentialssStore password hasheststore_legacy_passwordss,Display users/groups in fully-qualified formtuse_fully_qualified_namess,Don't include group members in group lookupstignore_group_memberss$Entry cache timeout length (seconds)tentry_cache_timeoutsHRestrict or prefer a specific address family when performing DNS lookupstlookup_family_ordersBHow long to keep cached entries after last successful login (days)taccount_cache_expirationsFHow long to wait for replies from DNS when resolving servers (seconds)tdns_resolver_timeouts.The domain part of service discovery DNS querytdns_discovery_domains=Override GID value from the identity provider with this valuetoverride_gids!Treat usernames as case sensitivetcase_sensitivetentry_cache_user_timeouttentry_cache_group_timeouttentry_cache_netgroup_timeouttentry_cache_service_timeouttentry_cache_autofs_timeouttentry_cache_sudo_timeouts;How often should expired entries be refreshed in backgroundtrefresh_expired_intervals6Whether to automatically update the client's DNS entryt dyndns_updates<The TTL to apply to the client's DNS entry after updating itt dyndns_ttls=The interface whose IP should be used for dynamic DNS updatestdyndns_ifaces7How often to periodically update the client's DNS entrytdyndns_refresh_intervalsDWhether the provider should explicitly update the PTR record as welltdyndns_update_ptrs8Whether the nsupdate utility should default to using TCPtdyndns_force_tcpsDWhat kind of authentication should be used to perform the DNS updatetdyndns_auths6Override the DNS server used to perform the DNS updatet dyndns_servers&Control enumeration of trusted domainstsubdomain_enumerates-How often should subdomains list be refreshedtsubdomain_refresh_intervals9List of options that should be inherited into a subdomaintsubdomain_inheritsAHow long can cached credentials be used for cached authenticationtcached_auth_timeouts IPA domaint ipa_domainsIPA server addresst ipa_serversAddress of backup IPA servertipa_backup_serversIPA client hostnametipa_hostnamesAWhether to automatically update the client's DNS entry in FreeIPAtipa_dyndns_updatetipa_dyndns_ttltipa_dyndns_ifaces$Search base for HBAC related objectstipa_hbac_search_basesKThe amount of time between lookups of the HBAC rules against the IPA servertipa_hbac_refreshsXThe amount of time in seconds between lookups of the SELinux maps against the IPA servertipa_selinux_refreshs;If set to false, host argument given by PAM will be ignoredtipa_hbac_support_srchosts1The automounter location this IPA client is usingtipa_automount_locations7Search base for object containing info about IPA domaintipa_master_domain_search_bases7Search base for objects containing info about ID rangestipa_ranges_search_bases3Enable DNS sites - location based service discoverytipa_enable_dns_sitessSearch base for view containerstipa_views_search_basesObjectclass for view containerstipa_view_classs#Attribute with the name of the viewt ipa_view_names Objectclass for override objectstipa_overide_object_classs3Attribute with the reference to the original objecttipa_anchor_uuids%Objectclass for user override objectstipa_user_override_object_classs&Objectclass for group override objectstipa_group_override_object_classsActive Directory domaint ad_domains Enabled Active Directory domainstad_enabled_domainssActive Directory server addresst ad_servers&Active Directory backup server addresstad_backup_servers Active Directory client hostnametad_hostnametad_enable_dns_sitess*LDAP filter to determine access privilegestad_access_filters-Whether to use the Global Catalog for lookupstad_enable_gcs+Operation mode for GPO-based access controltad_gpo_access_controlsPThe amount of time between lookups of the GPO policy files against the AD servertad_gpo_cache_timeoutsQPAM service names that map to the GPO (Deny)InteractiveLogonRight policy settingstad_gpo_map_interactivesWPAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight policy settingstad_gpo_map_remote_interactivesMPAM service names that map to the GPO (Deny)NetworkLogonRight policy settingstad_gpo_map_networksKPAM service names that map to the GPO (Deny)BatchLogonRight policy settingstad_gpo_map_batchsMPAM service names that map to the GPO (Deny)ServiceLogonRight policy settingstad_gpo_map_services>PAM service names for which GPO-based access is always grantedtad_gpo_map_permits=PAM service names for which GPO-based access is always deniedtad_gpo_map_denysJDefault logon right (or permit/deny) to use for unmapped PAM service namestad_gpo_default_rights*a particular site to be used by the clienttad_sitesIMaximum age in days before the machine account password should be renewedt'ad_maximum_machine_account_password_ages1Option for tuing the machine account renewal taskt(ad_machine_account_password_renewal_optssKerberos server addresst krb5_kdciptkrb5_serversKerberos backup server addresstkrb5_backup_serversKerberos realmt krb5_realmsAuthentication timeouttkrb5_auth_timeoutsWhether to create kdcinfo filestkrb5_use_kdcinfos"Where to drop krb5 config snippetstkrb5_confd_paths$Directory to store credential cachestkrb5_ccachedirs'Location of the user's credential cachetkrb5_ccname_templates.Location of the keytab to validate credentialstkrb5_keytabsEnable credential validationt krb5_validates9Store password if offline for later online authenticationtkrb5_store_password_if_offlinesRenewable lifetime of the TGTtkrb5_renewable_lifetimesLifetime of the TGTt krb5_lifetimes#Time between two checks for renewaltkrb5_renew_intervalsEnables FASTt krb5_use_fasts%Selects the principal to use for FASTtkrb5_fast_principals"Enables principal canonicalizationtkrb5_canonicalizesEnables enterprise principalstkrb5_use_enterprise_principals5A mapping from user names to kerberos principal namest krb5_map_usersEServer where the change password service is running if not on the KDCtkrb5_kpasswdtkrb5_backup_kpasswds$ldap_uri, The URI of the LDAP servertldap_uris+ldap_backup_uri, The URI of the LDAP servertldap_backup_urisThe default base DNtldap_search_bases2The Schema Type in use on the LDAP server, rfc2307tldap_schemasThe default bind DNtldap_default_bind_dns;The type of the authentication token of the default bind DNtldap_default_authtok_types/The authentication token of the default bind DNtldap_default_authtoks$Length of time to attempt connectiontldap_network_timeouts5Length of time to attempt synchronous LDAP operationstldap_opt_timeouts:Length of time between attempts to reconnect while offlinetldap_offline_timeouts'Use only the upper case for realm namestldap_force_upper_case_realms"File that contains CA certificatestldap_tls_cacerts Path to CA certificate directorytldap_tls_cacertdirs)File that contains the client certificatet ldap_tls_certs!File that contains the client keytldap_tls_keysList of possible ciphers suitestldap_tls_cipher_suites$Require TLS certificate verificationtldap_tls_reqcerts!Specify the sasl mechanism to usetldap_sasl_mechs(Specify the sasl authorization id to usetldap_sasl_authids+Specify the sasl authorization realm to usetldap_sasl_realms3Specify the minimal SSF for LDAP sasl authorizationtldap_sasl_minssfsKerberos service keytabtldap_krb5_keytabs%Use Kerberos auth for LDAP connectiontldap_krb5_init_credssFollow LDAP referralstldap_referralss#Lifetime of TGT for LDAP connectiontldap_krb5_ticket_lifetimesHow to dereference aliasest ldap_derefs$Service name for DNS service lookupstldap_dns_service_names8The number of records to retrieve in a single LDAP querytldap_page_sizesBThe number of members that must be missing to trigger a full dereftldap_deref_thresholdsiWhether the LDAP library should perform a reverse lookup to canonicalize the host name during a SASL bindtldap_sasl_canonicalizesentryUSN attributetldap_entry_usnslastUSN attributetldap_rootdse_last_usnsGHow long to retain a connection to the LDAP server before disconnectingt"ldap_connection_expiration_timeoutsDisable the LDAP paging controltldap_disable_pagings(Disable Active Directory range retrievaltldap_disable_range_retrievals+Length of time to wait for a search requesttldap_search_timeouts0Length of time to wait for a enumeration requesttldap_enumeration_search_timeouts*Length of time between enumeration updatest ldap_enumeration_refresh_timeouts%Length of time between cache cleanupstldap_purge_cache_timeoutsRequire TLS for ID lookupstldap_id_use_start_tlss2Use ID-mapping of objectSID instead of pre-set IDstldap_id_mappingsBase DN for user lookupstldap_user_search_basesScope of user lookupstldap_user_search_scopesFilter for user lookupstldap_user_search_filtersObjectclass for userstldap_user_object_classsUsername attributetldap_user_names UID attributetldap_user_uid_numbersPrimary GID attributetldap_user_gid_numbersGECOS attributetldap_user_gecossHome directory attributetldap_user_home_directorysShell attributetldap_user_shellsUUID attributetldap_user_uuidsobjectSID attributetldap_user_objectsids7Active Directory primary group attribute for ID-mappingtldap_user_primary_groups'User principal attribute (for Kerberos)tldap_user_principals Full Nametldap_user_fullnamesmemberOf attributetldap_user_member_ofsModification time attributetldap_user_modify_timestampsshadowLastChange attributetldap_user_shadow_last_changesshadowMin attributetldap_user_shadow_minsshadowMax attributetldap_user_shadow_maxsshadowWarning attributetldap_user_shadow_warningsshadowInactive attributetldap_user_shadow_inactivesshadowExpire attributetldap_user_shadow_expiresshadowFlag attributetldap_user_shadow_flags)Attribute listing authorized PAM servicestldap_user_authorized_services)Attribute listing authorized server hoststldap_user_authorized_hostskrbLastPwdChange attributetldap_user_krb_last_pwd_changeskrbPasswordExpiration attributet!ldap_user_krb_password_expirationsBAttribute indicating that server side password policies are activetldap_pwd_attributesaccountExpires attribute of ADtldap_user_ad_account_expiress"userAccountControl attribute of ADt!ldap_user_ad_user_account_controlsnsAccountLock attributetldap_ns_account_locksloginDisabled attribute of NDStldap_user_nds_login_disableds$loginExpirationTime attribute of NDSt#ldap_user_nds_login_expiration_times$loginAllowedTimeMap attribute of NDSt$ldap_user_nds_login_allowed_time_mapsSSH public key attributetldap_user_ssh_public_keys9attribute listing allowed authentication types for a usertldap_user_auth_types5attribute containing the X509 certificate of the usertldap_user_certificates@A list of extra attributes to download along with the user entrytldap_user_extra_attrssBase DN for group lookupstldap_group_search_basesObjectclass for groupstldap_group_object_classs Group nametldap_group_namesGroup passwordtldap_group_pwds GID attributetldap_group_gid_numbersGroup member attributetldap_group_membersGroup UUID attributetldap_group_uuidtldap_group_objectsids&Modification time attribute for groupstldap_group_modify_timestamps!Type of the group and other flagstldap_group_types&Maximum nesting level SSSd will followtldap_group_nesting_levelsBase DN for netgroup lookupstldap_netgroup_search_basesObjectclass for netgroupstldap_netgroup_object_classs Netgroup nametldap_netgroup_namesNetgroups members attributetldap_netgroup_membersNetgroup triple attributetldap_netgroup_triples)Modification time attribute for netgroupstldap_netgroup_modify_timestampsBase DN for service lookupstldap_service_search_basesObjectclass for servicestldap_service_object_classsService name attributetldap_service_namesService port attributetldap_service_portsService protocol attributetldap_service_protosLower bound for ID-mappingtldap_idmap_range_minsUpper bound for ID-mappingtldap_idmap_range_maxs,Number of IDs for each slice when ID-mappingtldap_idmap_range_sizes/Use autorid-compatible algorithm for ID-mappingtldap_idmap_autorid_compats)Name of the default domain for ID-mappingtldap_idmap_default_domains(SID of the default domain for ID-mappingtldap_idmap_default_domain_sidsNumber of secondary slicestldap_idmap_helper_table_sizes1Use LDAP_MATCHING_RULE_IN_CHAIN for group lookupst&ldap_groups_use_matching_rule_in_chains5Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookupst*ldap_initgroups_use_matching_rule_in_chainsWhether to use Token-Groupstldap_use_tokengroupss7Set lower boundary for allowed IDs from the LDAP servertldap_min_ids7Set upper boundary for allowed IDs from the LDAP servertldap_max_idsDN for ppolicy queriestldap_pwdlockout_dns;How many maximum entries to fetch during a wildcard requesttwildcard_limits*Policy to evaluate the password expirationtldap_pwd_policytldap_access_filtersCWhich attributes shall be used to evaluate if an account is expiredtldap_account_expire_policys5Which rules should be used to evaluate access controltldap_access_orders8URI of an LDAP server where password changes are allowedtldap_chpass_uris>URI of a backup LDAP server where password changes are allowedtldap_chpass_backup_uris0DNS service name for LDAP password change servertldap_chpass_dns_service_namesTWhether to update the ldap_user_shadow_last_change attribute after a password changetldap_chpass_update_last_changesBase DN for sudo rules lookupstldap_sudo_search_basesAutomatic full refresh periodtldap_sudo_full_refresh_intervalsAutomatic smart refresh periodt ldap_sudo_smart_refresh_intervals=Whether to filter rules by hostname, IP addresses and networktldap_sudo_use_host_filtersRHostnames and/or fully qualified domain names of this machine to filter sudo rulestldap_sudo_hostnamessFIPv4 or IPv6 addresses or network of this machine to filter sudo rulestldap_sudo_ipsAWhether to include rules that contains netgroup in host attributetldap_sudo_include_netgroupssKWhether to include rules that contains regular expression in host attributetldap_sudo_include_regexpsObject class for sudo rulestldap_sudorule_object_classsSudo rule nametldap_sudorule_namesSudo rule command attributetldap_sudorule_commandsSudo rule host attributetldap_sudorule_hostsSudo rule user attributetldap_sudorule_usersSudo rule option attributetldap_sudorule_optionsSudo rule runas attributetldap_sudorule_runassSudo rule runasuser attributetldap_sudorule_runasusersSudo rule runasgroup attributetldap_sudorule_runasgroupsSudo rule notbefore attributetldap_sudorule_notbeforesSudo rule notafter attributetldap_sudorule_notaftersSudo rule order attributetldap_sudorule_orders!Object class for automounter mapstldap_autofs_map_object_classsAutomounter map name attributetldap_autofs_map_names(Object class for automounter map entriestldap_autofs_entry_object_classs#Automounter map entry key attributetldap_autofs_entry_keys%Automounter map entry value attributetldap_autofs_entry_values#Base DN for automounter map lookupstldap_autofs_search_bases%Comma separated list of allowed userstsimple_allow_userss(Comma separated list of prohibited userstsimple_deny_userssDefault shell, /bin/bashsBase for home directoriestbase_directorys'The number of preforked proxy children.tproxy_max_childrens"The name of the NSS library to usetproxy_lib_names>Whether to look up canonical group name from cache if possibletproxy_fast_aliassPAM stack to usetproxy_pam_targetcCs%g}|D]}||iƒq~S(N(tstrip(tlt_[1]tx((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyt striplist´scCs9g}x,|D]$}||jo|i|ƒq q W|S(N(tappend(toptions1toptions2toverlaptoption((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pytoptions_overlap·s tSSSDConfigSchemacBs>eZd„Zd„Zd„Zd„Zd„Zd„ZRS(cCsKti|ƒ|p d}n|p d}ny{t|dƒ}|i|ƒ|iƒxNtd„ti|ƒƒD]1}t|d|ƒ}|i|ƒ|iƒqtWWn.tj o ‚nt j o t ‚nXhtd6td6t idd jotntd 6td6td6td 6dd6|_htd6td6|_dS(Ns/usr/share/sssd/sssd.api.confs/usr/share/sssd/sssd.api.dtrcSstid|ƒS(s^sssd-.*\.conf$(tretsearch(tf((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pytÍst/tbooltintiitlongtfloattstrtlisttNonetfalsettrue(Rt__init__topentreadfptclosetfiltertostlistdirtIOErrortSyntaxErrorRRgRhtsystversion_infoRiRjRkRlRmttype_lookuptFalsetTruetbool_lookup(tselft schemafiletschemaplugindirtfdtfile((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRp¿s< " cCs÷|i|ƒp t‚n|i|ƒ}d}d}d}d}h}x©|i|ƒD]˜}|d} t| idƒƒ} t| ƒ}|i| |}|i| |} |i| |}|dt jot |d}nd}|djo!|| ||df||dcCsî|ii|i|ƒo|ii|i|ƒ}nk|iid|ƒo|iid|ƒ}n<||ijo||i|cCs‚|iid|ƒ}|o'|i|iid||fƒƒn;|iƒ}x+||D]}|i|i||ƒƒq[W|S(s If provider_type is specified, list all options applicable to that target, otherwise list all possible options available for a provider. type: Provider backend type. (e.g. local, ldap, krb5, etc.) provider_type: Subtype of the backend type. (e.g. id, auth, access, chpass) === Returns === A dictionary of configurable options for the specified provider type. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the type is not a collection type), the translated option description, and the default value (or 'None') as the value. === Errors === NoSuchProviderError: The specified provider is not listed in the schema or plugins NoSuchProviderSubtypeError: The specified provider subtype is not listed in the schema sprovider/%ssprovider/%s/%s(R¼R R¾tlist_providerstlist_provider_options(RRªt provider_typeRˆtknown_providers((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRÑ0scCs |iiƒS(s> Return a dictionary of providers. === Returns === Returns a dictionary of providers, keyed on the primary type, with the value being a tuple of the subtypes it supports. Example: { 'ldap' : ('id', 'auth', 'chpass') } === Errors === No Errors (R¼R³(R((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRÐWsc Cs&|iƒ}||iƒjotd|i|fƒ‚n|djo|i|ƒdS||}t}|dtjoLt|ƒtjo9t|ƒt jot |idƒƒ}qÈ|g}nt|ƒ|djoïy‰|dtjo-t|ƒt jo|i i|iƒ}nH|dtjo&t|ƒt jot|dƒ}n|d|ƒ}Wn1tj o t}ntj o t}nX|o'td|d|t|ƒfƒ‚qÎnt|ƒtjoÚy}g}xp|D]h}|dtjo7t|ƒt jo$|i|i i|iƒgƒqñ|i|d|ƒgƒqñWWn1tj o t}ntj o t}nX|otd|dƒ‚n|}n|idƒ}|djo>|| } y|i|| ƒWq"tj o t‚q"Xn||i|ti|ƒt||ƒ|_d|_t|_d|_dS(s+ Initialize the SSSD config parser/editor. This constructor does not open or create a config file. If the schemafile and schemaplugindir are not passed, it will use the system defaults. schemafile: The path to the api schema config file. Usually /usr/share/sssd/sssd.api.conf schemaplugindir: The path the directory containing the provider schema config files. Usually /usr/share/sssd/sssd.api.d === Returns === The newly-created SSSDConfig object. === Errors === IOError: Exception raised when the schema file could not be opened for reading. ParsingError: The main schema file or one of those in the plugin directory could not be parsed. iN( RRpR`R¼Rmt configfileR|tinitializedtAPI_VERSION(RR€R((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRpDs c CsÁ|io t‚n|p d}nt|dƒ}y|i|ƒWn t‚nX|iƒ||_t|_y6t|i ddƒƒ|i jotdƒ‚nWntj onXdS(s– Read in a config file, populating all of the service and domain objects with the read values. configfile: The path to the SSSD config file. If not specified, use the system default, usually /etc/sssd.conf === Returns === No return value === Errors === IOError: Exception raised when the file could not be opened for reading ParsingError: Exception raised when errors occur attempting to parse a file. AlreadyInitializedError: This SSSDConfig object was already initialized by a call to import_config() or new_config() s/etc/sssd/sssd.confRatsssdtconfig_file_versionsWrong config_file_versionN(RåRRqRrRRsRäR}RhtgetRæR»(RRäR‚((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyt import_configbs" "cCsJ|io t‚nt|_x&|iiƒD]}|i|ƒ}q-WdS(s/ Initialize the SSSDConfig object with the defaults from the schema. === Returns === No return value === Errors === AlreadyInitializedError: This SSSDConfig object was already initialized by a call to import_config() or new_config() N(RåRR}R¼R®tnew_service(RR¿R¨((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyt new_config‘s cCs©|ip t‚n|djo'|idjo t‚n|i}ntidƒ}t|dƒ}|i|i ƒi dƒ}|i|ƒ|iƒti|ƒdS(s€ Write out the configuration to a file. outputfile: The path to write the new config file. If it is not specified, it will use the path specified by the import() call. === Returns === No return value === Errors === IOError: Exception raised when the file could not be opened for writing NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoOutputFileError: No outputfile was specified and this SSSDConfig object was not initialized by import() itwbsutf-8N( RåRRmRäRRutumaskRqtdumptoptstencodetwriteRs(Rt outputfilet old_umasktoftoutput((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRò¦s cCsÄ|ip t‚n|iddƒo“t|iddƒidƒƒ}ti|ƒ}d|jo|d=n|iƒ}x,|i ƒD]}||jo||=qˆqˆWt |ƒ}ng}|S(s Return a list of all active services. === Returns === The list of active services. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. RçRR…t(RåRR¡RYRéRŠR£tfromkeyst list_servicesR¤Rl(Rtactive_servicestservice_dicttconfigured_servicestsrv((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pytlist_active_servicesËs ! cCsŽ|ip t‚n|iddƒo%t|iddƒidƒƒ}ng}g}|iƒD]}||jo||qcqc~}|S(s Return a list of all disabled services. === Returns === The list of inactive services. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. RçRR…(RåRR¡RYRéRŠRù(RRúRWRXR((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pytlist_inactive_servicesís %!cCs[|ip t‚ng}|iƒD])}|didƒp||dq%q%~}|S(s Retrieve a list of known services. === Returns === The list of known services. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. R†R©(RåRR«R¬(RRWRXR((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRùs ,cCs™|ip t‚n|i|ƒp t‚nt||iƒ}xR|i|i|ƒƒD]8}y|i|d|dƒWqYt j oqYXqYW|S(sø Get an SSSDService object to edit a service. name: The name of the service to return. === Returns === An SSSDService instance containing the current state of a service in the SSSDConfig === Errors === NoServiceError: There is no such service with the specified name in the SSSDConfig. NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. R†R„( RåRR‡RR¹R¼R‰RˆRÈR (RR†R¨Rá((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pytget_services cCsW|ip t‚n|i|ƒot|ƒ‚nt||iƒ}|i|ƒ|S(s¾ Create a new service from the defaults and return the SSSDService object for it. This function will also add this service to the list of active services in the [SSSD] section. name: The name of the service to create and return. === Returns === The newly-created SSSDService object === Errors === ServiceNotRecognizedError: There is no such service in the schema. ServiceAlreadyExistsError: The service being created already exists in the SSSDConfig object. NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. (RåRR‡RR¹R¼tsave_service(RR†R¨((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRë:s cCsÐ|ip t‚n||iƒjo t‚n|iddƒd}|p|idd|ƒdStit|di dƒƒƒ}d|jo|d=nd||<|idddi|iƒƒƒdS( s“ Activate a service name: The name of the service to activate === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoServiceError: There is no such service with the specified name in the SSSDConfig. RçRiNR„R…R÷s, ( RåRRùRtget_option_indextsetR£RøRYRŠRmtjoinR¤(RR†titemRû((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pytactivate_serviceXs " cCsÞ|ip t‚n||iƒjo t‚n|iddƒd}|p|idddƒdStit|di dƒƒƒ}d|jo|d=n||jo||=n|idddi |iƒƒƒdS( s— Deactivate a service name: The name of the service to deactivate === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoServiceError: There is no such service with the specified name in the SSSDConfig. RçRiR÷NR„R…s, (RåRRùRRRR£RøRYRŠRR¤(RR†RRû((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pytdeactivate_service‚s " cCs(|ip t‚n|id|ƒdS(s« Remove a service from the SSSDConfig object. This function will also remove this service from the list of active services in the [SSSD] section. Has no effect if the service does not exist. === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. R‘N(RåRt delete_option(RR†((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pytdelete_service¬s cCsÚ|ip t‚nt|tƒp t‚n|iƒ}|id|ƒ}g}xn|iƒiƒD]Z\}}t |ƒt jodi|ƒ}n|ihdd6|d6t |ƒd6ƒqeW|i|||ƒdS(sÓ Save the changes made to the service object back to the SSSDConfig object. service_object: The SSSDService object to save to the configuration. === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. TypeError: service_object was not of the type SSSDService R‘s, R^RR†R„N(RåRRºR¹R»RµRR·titemsRRlRRZRktadd_section(RR¨R†tindextaddkwR^R„((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyR¾s cCsÄ|ip t‚n|iddƒo“t|iddƒidƒƒ}ti|ƒ}d|jo|d=n|iƒ}x,|i ƒD]}||jo||=qˆqˆWt |ƒ}ng}|S(s Return a list of all active domains. === Returns === The list of configured, active domains. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. RçR R…R÷(RåRR¡RYRéRŠR£Røtlist_domainsR¤Rl(Rtactive_domainstdomain_dicttconfigured_domainstdom((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pytlist_active_domainsæs ! cCsŽ|ip t‚n|iddƒo%t|iddƒidƒƒ}ng}g}|iƒD]}||jo||qcqc~}|S(s. Return a list of all configured, but disabled domains. === Returns === The list of configured, inactive domains. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. RçR R…(RåRR¡RYRéRŠR(RRRWRXR ((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pytlist_inactive_domainss %!cCs_|ip t‚ng}|iƒD]-}|didƒo||ddq%q%~}|S(sL Return a list of all configured domains, including inactive domains. === Returns === The list of configured domains, both active and inactive. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. R†sdomain/i(RåRR«R¬(RRWRXR ((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyR s Gc Cs||ip t‚n|id|ƒpt|ƒ‚nt||iƒ}g}|i|id|ƒƒD]9}|didƒdjo||d|dfqkqk~}x>|D]6\}}y|i ||ƒWq´t j oq´Xq´Wxu|i|id|ƒƒD]W}|d|df|jo6y|i |d|dƒWqbt j oqbXqqW|i|ƒ|_|S(sñ Get an SSSDDomain object to edit a domain. name: The name of the domain to return. === Returns === An SSSDDomain instance containing the current state of a domain in the SSSDConfig === Errors === NoDomainError: There is no such domain with the specified name in the SSSDConfig. NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. s domain/%sR†RÔiR„( RåRR‡R RÊR¼R‰RˆRÕRÈR tis_domain_activeRË( RR†R©RWRXR°R^R„Rá((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyt get_domain1s, '< cCsU|ip t‚n|id|ƒo t‚nt||iƒ}|i|ƒ|S(sê Create a new, empty domain and return the SSSDDomain object for it. name: The name of the domain to create and return. === Returns === The newly-created SSSDDomain object === Errors === DomainAlreadyExistsError: The service being created already exists in the SSSDConfig object. NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. s domain/%s(RåRR‡RRÊR¼tsave_domain(RR†R©((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyt new_domainfs cCsA|ip t‚n||iƒjo t‚n||iƒjS(s¯ Is a particular domain set active name: The name of the configured domain to check === Returns === True if the domain is active, False if it is inactive === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoDomainError: No domain by this name is configured (RåRRR R(RR†((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyR€s cCsÐ|ip t‚n||iƒjo t‚n|iddƒd}|p|idd|ƒdStit|di dƒƒƒ}d|jo|d=nd||<|idddi|iƒƒƒdS( s‡ Activate a configured domain name: The name of the configured domain to activate === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoDomainError: No domain by this name is configured RçR iNR„R…R÷s, ( RåRRR RRR£RøRYRŠRmRR¤(RR†RR((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pytactivate_domainšs " cCsÞ|ip t‚n||iƒjo t‚n|iddƒd}|p|idddƒdStit|di dƒƒƒ}d|jo|d=n||jo||=n|idddi |iƒƒƒdS( s‹ Deactivate a configured domain name: The name of the configured domain to deactivate === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoDomainError: No domain by this name is configured RçR iR÷NR„R…s, (RåRRR RRR£RøRYRŠRR¤(RR†RR((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pytdeactivate_domainÄs " cCs9|ip t‚n|i|ƒ|idd|ƒdS(s‹ Remove a domain from the SSSDConfig object. This function will also remove this domain from the list of active domains in the [SSSD] section, if it is there. === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. R‘s domain/%sN(RåRRR(RR†((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyt delete_domainîs c CsÕ|ip t‚nt|tƒp t‚n|iƒ}d}|ioF|i|jo6|i|iƒ|i dd|iƒ}d|_nd|}|i |id|ƒ\}}||iƒjo|i |gƒnxe|i|ƒD]T}|ddjo=|d|iƒjo"|i|dd|dtƒqCqïqïWx_|iƒiƒD]K\}}t|ƒtjodi|ƒ}n|i||t|ƒƒqZW|io|i|ƒn|i|ƒdS( s9 Save the changes made to the domain object back to the SSSDConfig object. If this domain is marked active, ensure it is present in the active domain list in the [SSSD] section domain_object: The SSSDDomain object to save to the configuration. === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. TypeError: domain_object was not of type SSSDDomain R‘s domain/%sRR^R†R„s, N(RåRRºRÊR»RµRmRÌRRtfindOptsRðRRRˆR·tdelete_option_subtreeR}R RRlRRRkRËR( RR©R†toldindextsectionnametnotsection_subtreeR^R„((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRs8 * N(RRRÉRmRpRêRìRòRþRÿRùRRëRRR RRRRRRRRRRR(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pyRã?s0/ % " " * * ( " 5 * * ((RÉRutgettextRbRyt ipachangeconfRt ExceptionRRRRRRR R RRR RRRRRtPACKAGEt LOCALEDIRttranslationR}Rzt_tugettextRŒRYR_R`tobjectR´R¹RÊRã(((s7/usr/lib/python2.6/site-packages/SSSDConfig/__init__.pytsÌ È<Ùÿ¥