def format_pam_cert_auth_conf(config):
"""Format a basic SSSD configuration"""
return unindent("""\
[sssd]
debug_level = 10
domains = auth_only
services = pam, nss
[nss]
debug_level = 10
[pam]
pam_cert_auth = True
pam_p11_allowed_services = +pam_sss_service, +pam_sss_sc_required, \
+pam_sss_try_sc, +pam_sss_allow_missing_name
pam_cert_db_path = {config.PAM_CERT_DB_PATH}
p11_child_timeout = 5
p11_wait_for_card_timeout = 5
debug_level = 10
[domain/auth_only]
debug_level = 10
id_provider = files
fallback_to_nss = False
[certmap/auth_only/user1]
matchrule = <SUBJECT>.*CN=SSSD test cert 0001.*
""").format(**locals())
def format_pam_cert_auth_conf_name_format(config):
"""Format SSSD configuration with full_name_format"""
return unindent("""\
[sssd]
debug_level = 10
domains = auth_only
services = pam, nss
[nss]
debug_level = 10
[pam]
pam_cert_auth = True
pam_p11_allowed_services = +pam_sss_service, +pam_sss_sc_required, \
+pam_sss_try_sc, +pam_sss_allow_missing_name
pam_cert_db_path = {config.PAM_CERT_DB_PATH}
p11_child_timeout = 5
p11_wait_for_card_timeout = 5
debug_level = 10
[domain/auth_only]
use_fully_qualified_names = True
full_name_format = %2$s\\%1$s
debug_level = 10
id_provider = files
[certmap/auth_only/user1]
matchrule = <SUBJECT>.*CN=SSSD test cert 0001.*
""").format(**locals())
def format_pam_cert_auth_conf(config):
"""Format a basic SSSD configuration"""
return unindent("""\
[sssd]
debug_level = 10
domains = auth_only
services = pam, nss
[nss]
debug_level = 10
[pam]
pam_cert_auth = True
pam_p11_allowed_services = +pam_sss_service, +pam_sss_sc_required, \
+pam_sss_try_sc
pam_cert_db_path = {config.PAM_CERT_DB_PATH}
p11_child_timeout = 5
p11_wait_for_card_timeout = 5
debug_level = 10
[domain/auth_only]
debug_level = 10
id_provider = files
[certmap/auth_only/user1]
matchrule = <SUBJECT>.*CN=SSSD test cert 0001.*
""").format(**locals())
def format_pam_krb5_auth_domains(config, kdc_instance):
"""Format SSSD configuration for krb5 authentication"""
return unindent("""\
[sssd]
debug_level = 10
domains = wrong.dom1, wrong.dom2, krb5_auth, wrong.dom3
services = pam, nss
[nss]
debug_level = 10
[pam]
debug_level = 10
[domain/wrong.dom1]
debug_level = 10
id_provider = files
fallback_to_nss = False
auth_provider = krb5
krb5_realm = WRONG1REALM
krb5_server = localhost:{kdc_instance.kdc_port}
[domain/wrong.dom2]
debug_level = 10
id_provider = files
fallback_to_nss = False
auth_provider = krb5
krb5_realm = WRONG2REALM
krb5_server = localhost:{kdc_instance.kdc_port}
[domain/wrong.dom3]
debug_level = 10
id_provider = files
fallback_to_nss = False
auth_provider = krb5
krb5_realm = WRONG3REALM
krb5_server = localhost:{kdc_instance.kdc_port}
[domain/krb5_auth]
debug_level = 10
id_provider = files
fallback_to_nss = False
auth_provider = krb5
krb5_realm = PAMKRB5TEST
krb5_server = localhost:{kdc_instance.kdc_port}
""").format(**locals())
def format_pam_krb5_auth(config, kdc_instance):
"""Format SSSD configuration for krb5 authentication"""
return unindent("""\
[sssd]
debug_level = 10
domains = krb5_auth
services = pam, nss
[nss]
debug_level = 10
[pam]
debug_level = 10
[domain/krb5_auth]
debug_level = 10
id_provider = files
auth_provider = krb5
krb5_realm = PAMKRB5TEST
krb5_server = localhost:{kdc_instance.kdc_port}
""").format(**locals())
def format_basic_conf(ldap_conn):
"""Format a basic SSSD configuration"""
return unindent("""\
[sssd]
domains = FakeAD
services = pam, nss
[nss]
[pam]
debug_level = 10
[domain/FakeAD]
debug_level = 10
ldap_search_base = {ldap_conn.ad_inst.base_dn}
ldap_referrals = false
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
access_provider = ldap
ldap_uri = {ldap_conn.ad_inst.ldap_url}
ldap_default_bind_dn = {ldap_conn.ad_inst.admin_dn}
ldap_default_authtok_type = password
ldap_default_authtok = {ldap_conn.ad_inst.admin_pw}
ldap_schema = ad
ldap_id_mapping = true
ldap_idmap_default_domain_sid = S-1-5-21-1305200397-2901131868-73388776
case_sensitive = False
[prompting/password]
password_prompt = My global prompt
[prompting/password/pam_sss_alt_service]
password_prompt = My alt service prompt
""").format(**locals())
def format_basic_conf(ldap_conn):
"""Format a basic SSSD configuration"""
return unindent("""\
[sssd]
domains = FakeAD
services = pam, nss
[nss]
[pam]
debug_level = 10
[domain/FakeAD]
debug_level = 10
ldap_search_base = {ldap_conn.ad_inst.base_dn}
ldap_referrals = false
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
access_provider = ldap
ldap_uri = {ldap_conn.ad_inst.ldap_url}
ldap_default_bind_dn = {ldap_conn.ad_inst.admin_dn}
ldap_default_authtok_type = password
ldap_default_authtok = {ldap_conn.ad_inst.admin_pw}
ldap_schema = ad
ldap_id_mapping = true
ldap_idmap_default_domain_sid = S-1-5-21-1305200397-2901131868-73388776
case_sensitive = False
[prompting/password]
password_prompt = My global prompt
[prompting/password/pam_sss_alt_service]
password_prompt = My alt service prompt
""").format(**locals())
def format_pam_cert_auth_conf(config):
"""Format a basic SSSD configuration"""
return unindent("""\
[sssd]
debug_level = 10
domains = auth_only
services = pam, nss
[nss]
debug_level = 10
[pam]
pam_cert_auth = True
pam_p11_allowed_services = +pam_sss_service
pam_cert_db_path = {config.PAM_CERT_DB_PATH}
debug_level = 10
[domain/auth_only]
debug_level = 10
id_provider = files
[certmap/auth_only/user1]
matchrule = <SUBJECT>.*CN=SSSD test cert 0001.*
""").format(**locals())
