Ñò ìÿÒXc @sddklZddklZlZlZlZlZlZddkTddk l Z ddkl Z ddk l Z dZe d ƒZd „Zdefd„ƒYZeieƒdefd„ƒYZeieƒdefd„ƒYZeieƒdS(iÿÿÿÿ(tapi(tBooltInttStrtIA5StrtStrEnumtDNParam(t*(tvalidate_selinuxuser(t_(tValidationErrort nsaccountlocktmembertmemberoftmemberindirecttmemberofindirects´ Server configuration Manage the default values that IPA uses and some of its tuning parameters. NOTES: The password notification value (--pwdexpnotify) is stored here so it will be replicated. It is not currently used to notify users in advance of an expiring password. Some attributes are read-only, provided only for information purposes. These include: Certificate Subject base: the configured certificate subject base, e.g. O=EXAMPLE.COM. This is configurable only at install time. Password plug-in features: currently defines additional hashes that the password will generate (there may be other conditions). When setting the order list for mapping SELinux users you may need to quote the value so it isn't interpreted by the shell. EXAMPLES: Show basic server configuration: ipa config-show Show all configuration options: ipa config-show --all Change maximum username length to 99 characters: ipa config-mod --maxusername=99 Increase default time and size limits for maximum IPA server search: ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000 Set default user e-mail domain: ipa config-mod --emaildomain=example.com Enable migration mode to make "ipa migrate-ds" command operational: ipa config-mod --enable-migration=TRUE Define SELinux user map order: ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023' cCs0|djotdddtdƒƒ‚ndS(Nitnametipasearchtimelimitterrors"searchtimelimit must be -1 or > 1.(R R tNone(tugettexttlimit((s9/usr/lib/python2.6/site-packages/ipalib/plugins/config.pytvalidate_searchtimelimitNs tconfigcBs_eZdZedƒZdddddddd d d d d ddddgZedƒZedƒZeddddedƒddƒe ddddedƒdedƒƒe ddddedƒdedƒƒe ddd ded!ƒded"ƒƒe d#dd$ded%ƒded%ƒƒede dd&ded'ƒded(ƒdd)ƒeddd*ded+ƒded,ƒdd)ƒe d dd-ded.ƒded/ƒƒe d dd0dd1ded2ƒƒe d dd3ded4ƒded4ƒƒe d dd5ded6ƒded7ƒd8d9gƒe d:dd;ded<ƒded=ƒd>eƒe d?dd@dedAƒdedBƒd>eƒed ddCdedDƒdedEƒddFƒedGdddedHƒdedIƒdJd[d>eƒe ddedOƒdedPƒƒe dQdedRƒdedSƒƒedTddUdedVƒdedWƒdJd\d>eƒfZdZ„ZRS(]s" IPA configuration object sconfiguration optionstipamaxusernamelengthtipahomesrootdirtipadefaultloginshelltipadefaultprimarygrouptipadefaultemaildomainRtipasearchrecordslimittipausersearchfieldstipagroupsearchfieldstipamigrationenabledtipacertificatesubjectbasetipapwdexpadvnotifytipaselinuxusermapordertipaselinuxusermapdefaulttipaconfigstringtipakrbauthzdatat Configurationtcli_namet maxusernametlabelsMaximum username lengthtminvalueit homedirectorysHome directory basetdocs$Default location of home directoriest defaultshells Default shellsDefault shell for new userst defaultgroupsDefault users groupsDefault group for new userssipadefaultemaildomain?t emaildomainsDefault e-mail domaintsearchtimelimitsSearch time limitsHMaximum amount of time (seconds) for a search (> 0, or -1 for unlimited)iÿÿÿÿtsearchrecordslimitsSearch size limits5Maximum number of records to search (-1 is unlimited)t usersearchsUser search fieldssFA comma-separated list of fields to search in when searching for userst groupsearchsGroup search fieldssGA comma-separated list of fields to search in when searching for groupstenable_migrationsEnable migration modetsubjectsCertificate Subject bases1Base for certificate subjects (OU=Test,O=Example)tflagst no_updatesipagroupobjectclasses+tgroupobjectclassessDefault group objectclassess2Default group objectclasses (comma-separated list)tcsvsipauserobjectclasses+tuserobjectclassessDefault user objectclassess1Default user objectclasses (comma-separated list)t pwdexpnotifys'Password Expiration Notification (days)s8Number of days's notice of impending password expirationisipaconfigstring*sPassword plugin featuress,Extra hashes to generate in password plug-intvaluesu AllowLMhashu AllowNThashuKDC:Disable Last SuccessuKDC:Disable LockoutsSELinux user map orders=Order in increasing priority of SELinux users, delimited by $sipaselinuxusermapdefault?sDefault SELinux users?Default SELinux user when no match is found in SELinux map rulesipakrbauthzdata*tpac_typesDefault PAC typess+Default types of PAC supported for servicesuMS-PACuPADcOs tddƒS(Ntcnt ipaconfigtetc(R?R@(R?RA(tDN(tselftkeystkwargs((s9/usr/lib/python2.6/site-packages/ipalib/plugins/config.pytget_dnÊs(u AllowLMhashu AllowNThashuKDC:Disable Last SuccessuKDC:Disable Lockout(uMS-PACuPAD(t__name__t __module__t__doc__R t object_nametdefault_attributesR*tlabel_singularRRRRRRtTrueRt takes_paramsRF(((s9/usr/lib/python2.6/site-packages/ipalib/plugins/config.pyRSs¸                                                            t config_modcBseZedƒZd„ZRS(sModify configuration options.cOs¿d|joW|d}ytidi|ƒWqdtij otidtdƒƒ‚qdXnh}d|jod|ds . ,  z g