"Fossies" - the Fresh Open Source Software Archive

Member "sssd-2.4.2/src/config/cfg_rules.ini" (19 Feb 2021, 22170 Bytes) of package /linux/misc/sssd-2.4.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) INI source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "cfg_rules.ini": 2.4.1_vs_2.4.2.

    1 [rule/allowed_sections]
    2 validator = ini_allowed_sections
    3 section = sssd
    4 section = nss
    5 section = pam
    6 section = sudo
    7 section = autofs
    8 section = ssh
    9 section = pac
   10 section = ifp
   11 section = secrets
   12 section = kcm
   13 section = session_recording
   14 section_re = ^secrets/users/[0-9]\+$
   15 section_re = ^secrets/secrets$
   16 section_re = ^secrets/kcm$
   17 section_re = ^prompting/password$
   18 section_re = ^prompting/password/[^/\@]\+$
   19 section_re = ^prompting/2fa$
   20 section_re = ^prompting/2fa/[^/\@]\+$
   21 section_re = ^domain/[^/\@]\+$
   22 section_re = ^domain/[^/\@]\+/[^/\@]\+$
   23 section_re = ^application/[^/\@]\+$
   24 section_re = ^certmap/[^/\@]\+/[^/\@]\+$
   25 
   26 
   27 [rule/allowed_sssd_options]
   28 validator = ini_allowed_options
   29 section_re = ^sssd$
   30 
   31 option = debug
   32 option = debug_level
   33 option = debug_timestamps
   34 option = debug_microseconds
   35 option = debug_to_files
   36 option = command
   37 option = reconnection_retries
   38 option = fd_limit
   39 option = client_idle_timeout
   40 option = description
   41 
   42 # Monitor service
   43 option = services
   44 option = domains
   45 option = timeout
   46 option = sbus_timeout
   47 option = re_expression
   48 option = full_name_format
   49 option = krb5_rcache_dir
   50 option = user
   51 option = default_domain_suffix
   52 option = certificate_verification
   53 option = override_space
   54 option = config_file_version
   55 option = disable_netlink
   56 option = enable_files_domain
   57 option = domain_resolution_order
   58 option = try_inotify
   59 option = monitor_resolv_conf
   60 
   61 [rule/allowed_nss_options]
   62 validator = ini_allowed_options
   63 section_re = ^nss$
   64 
   65 option = timeout
   66 option = debug
   67 option = debug_level
   68 option = debug_timestamps
   69 option = debug_microseconds
   70 option = debug_to_files
   71 option = command
   72 option = reconnection_retries
   73 option = fd_limit
   74 option = client_idle_timeout
   75 option = description
   76 option = responder_idle_timeout
   77 option = cache_first
   78 
   79 # Name service
   80 option = user_attributes
   81 option = enum_cache_timeout
   82 option = entry_cache_nowait_percentage
   83 option = entry_negative_timeout
   84 option = local_negative_timeout
   85 option = filter_users
   86 option = filter_groups
   87 option = filter_users_in_groups
   88 option = pwfield
   89 option = override_homedir
   90 option = fallback_homedir
   91 option = homedir_substring
   92 option = override_shell
   93 option = allowed_shells
   94 option = vetoed_shells
   95 option = shell_fallback
   96 option = default_shell
   97 option = get_domains_timeout
   98 option = memcache_timeout
   99 option = memcache_size_passwd
  100 option = memcache_size_group
  101 option = memcache_size_initgroups
  102 
  103 [rule/allowed_pam_options]
  104 validator = ini_allowed_options
  105 section_re = ^pam$
  106 
  107 option = timeout
  108 option = debug
  109 option = debug_level
  110 option = debug_timestamps
  111 option = debug_microseconds
  112 option = debug_to_files
  113 option = command
  114 option = reconnection_retries
  115 option = fd_limit
  116 option = client_idle_timeout
  117 option = description
  118 option = responder_idle_timeout
  119 option = cache_first
  120 
  121 # Authentication service
  122 option = offline_credentials_expiration
  123 option = offline_failed_login_attempts
  124 option = offline_failed_login_delay
  125 option = pam_verbosity
  126 option = pam_response_filter
  127 option = pam_id_timeout
  128 option = pam_pwd_expiration_warning
  129 option = get_domains_timeout
  130 option = pam_trusted_users
  131 option = pam_public_domains
  132 option = pam_account_expired_message
  133 option = pam_account_locked_message
  134 option = pam_cert_auth
  135 option = pam_cert_db_path
  136 option = p11_child_timeout
  137 option = pam_app_services
  138 option = pam_p11_allowed_services
  139 option = p11_wait_for_card_timeout
  140 option = p11_uri
  141 option = pam_initgroups_scheme
  142 option = pam_gssapi_services
  143 option = pam_gssapi_check_upn
  144 option = pam_gssapi_indicators_map
  145 
  146 [rule/allowed_sudo_options]
  147 validator = ini_allowed_options
  148 section_re = ^sudo$
  149 
  150 option = timeout
  151 option = debug
  152 option = debug_level
  153 option = debug_timestamps
  154 option = debug_microseconds
  155 option = debug_to_files
  156 option = command
  157 option = reconnection_retries
  158 option = fd_limit
  159 option = client_idle_timeout
  160 option = description
  161 option = responder_idle_timeout
  162 option = cache_first
  163 
  164 # sudo service
  165 option = sudo_timed
  166 option = sudo_inverse_order
  167 option = sudo_threshold
  168 
  169 [rule/allowed_autofs_options]
  170 validator = ini_allowed_options
  171 section_re = ^autofs$
  172 
  173 option = timeout
  174 option = debug
  175 option = debug_level
  176 option = debug_timestamps
  177 option = debug_microseconds
  178 option = debug_to_files
  179 option = command
  180 option = reconnection_retries
  181 option = fd_limit
  182 option = client_idle_timeout
  183 option = description
  184 option = responder_idle_timeout
  185 option = cache_first
  186 
  187 # autofs service
  188 option = autofs_negative_timeout
  189 
  190 [rule/allowed_ssh_options]
  191 validator = ini_allowed_options
  192 section_re = ^ssh$
  193 
  194 option = timeout
  195 option = debug
  196 option = debug_level
  197 option = debug_timestamps
  198 option = debug_microseconds
  199 option = debug_to_files
  200 option = command
  201 option = reconnection_retries
  202 option = fd_limit
  203 option = client_idle_timeout
  204 option = description
  205 option = responder_idle_timeout
  206 option = cache_first
  207 
  208 # ssh service
  209 option = ssh_hash_known_hosts
  210 option = ssh_known_hosts_timeout
  211 option = ca_db
  212 option = ssh_use_certificate_keys
  213 option = ssh_use_certificate_matching_rules
  214 
  215 [rule/allowed_pac_options]
  216 validator = ini_allowed_options
  217 section_re = ^pac$
  218 
  219 option = timeout
  220 option = debug
  221 option = debug_level
  222 option = debug_timestamps
  223 option = debug_microseconds
  224 option = debug_to_files
  225 option = command
  226 option = reconnection_retries
  227 option = fd_limit
  228 option = client_idle_timeout
  229 option = description
  230 option = responder_idle_timeout
  231 option = cache_first
  232 
  233 # PAC responder
  234 option = allowed_uids
  235 option = pac_lifetime
  236 
  237 [rule/allowed_ifp_options]
  238 validator = ini_allowed_options
  239 section_re = ^ifp$
  240 
  241 option = timeout
  242 option = debug
  243 option = debug_level
  244 option = debug_timestamps
  245 option = debug_microseconds
  246 option = debug_to_files
  247 option = command
  248 option = reconnection_retries
  249 option = fd_limit
  250 option = client_idle_timeout
  251 option = description
  252 option = responder_idle_timeout
  253 option = cache_first
  254 
  255 # InfoPipe responder
  256 option = allowed_uids
  257 option = user_attributes
  258 
  259 # Secrets service
  260 [rule/allowed_sec_options]
  261 validator = ini_allowed_options
  262 section_re = ^secrets$
  263 
  264 option = timeout
  265 option = debug
  266 option = debug_level
  267 option = debug_timestamps
  268 option = debug_microseconds
  269 option = debug_to_files
  270 option = command
  271 option = reconnection_retries
  272 option = fd_limit
  273 option = client_idle_timeout
  274 option = description
  275 option = containers_nest_level
  276 option = max_secrets
  277 option = max_payload_size
  278 option = responder_idle_timeout
  279 
  280 [rule/allowed_sec_hive_options]
  281 validator = ini_allowed_options
  282 section_re = ^secrets/\(secrets\|kcm\)$
  283 
  284 # Secrets service - per-hive configuration
  285 option = containers_nest_level
  286 option = max_secrets
  287 option = max_uid_secrets
  288 option = max_payload_size
  289 
  290 [rule/allowed_sec_users_options]
  291 validator = ini_allowed_options
  292 section_re = ^secrets/users/[0-9]\+$
  293 
  294 # Secrets service - proxy
  295 option = provider
  296 option = proxy_url
  297 option = auth_type
  298 option = auth_header_name
  299 option = auth_header_value
  300 option = forward_headers
  301 option = username
  302 option = password
  303 option = verify_peer
  304 option = verify_host
  305 option = capath
  306 option = cacert
  307 option = cert
  308 option = key
  309 
  310 # KCM responder
  311 [rule/allowed_kcm_options]
  312 validator = ini_allowed_options
  313 section_re = ^kcm$
  314 
  315 option = timeout
  316 option = debug
  317 option = debug_level
  318 option = debug_timestamps
  319 option = debug_microseconds
  320 option = debug_to_files
  321 option = command
  322 option = reconnection_retries
  323 option = fd_limit
  324 option = client_idle_timeout
  325 option = description
  326 option = socket_path
  327 option = ccache_storage
  328 option = responder_idle_timeout
  329 option = max_ccaches
  330 option = max_uid_ccaches
  331 option = max_ccache_size
  332 
  333 # Session recording
  334 [rule/allowed_session_recording_options]
  335 validator = ini_allowed_options
  336 section_re = ^session_recording$
  337 
  338 option = scope
  339 option = users
  340 option = groups
  341 option = exclude_users
  342 option = exclude_groups
  343 
  344 # Prompting during authentication
  345 [rule/allowed_prompting_password_options]
  346 validator = ini_allowed_options
  347 section_re = ^prompting/password$
  348 
  349 option = password_prompt
  350 
  351 [rule/allowed_prompting_2fa_options]
  352 validator = ini_allowed_options
  353 section_re = ^prompting/2fa$
  354 
  355 option = single_prompt
  356 option = first_prompt
  357 option = second_prompt
  358 
  359 [rule/allowed_prompting_password_subsec_options]
  360 validator = ini_allowed_options
  361 section_re = ^prompting/password/[^/\@]\+$
  362 
  363 option = password_prompt
  364 
  365 [rule/allowed_prompting_2fa_subsec_options]
  366 validator = ini_allowed_options
  367 section_re = ^prompting/2fa/[^/\@]\+$
  368 
  369 option = single_prompt
  370 option = first_prompt
  371 option = second_prompt
  372 
  373 
  374 [rule/allowed_domain_options]
  375 validator = ini_allowed_options
  376 section_re = ^\(domain\|application\)/[^/]\+$
  377 
  378 option = debug
  379 option = debug_level
  380 option = debug_timestamps
  381 option = debug_microseconds
  382 option = debug_to_files
  383 option = command
  384 option = reconnection_retries
  385 option = fd_limit
  386 option = client_idle_timeout
  387 option = description
  388 
  389 #Available provider types
  390 option = id_provider
  391 option = auth_provider
  392 option = access_provider
  393 option = chpass_provider
  394 option = sudo_provider
  395 option = autofs_provider
  396 option = hostid_provider
  397 option = subdomains_provider
  398 option = selinux_provider
  399 option = session_provider
  400 option = resolver_provider
  401 
  402 # Options available to all domains
  403 option = enabled
  404 option = domain_type
  405 option = min_id
  406 option = max_id
  407 option = timeout
  408 option = enumerate
  409 option = subdomain_enumerate
  410 option = offline_timeout
  411 option = offline_timeout_max
  412 option = cache_credentials
  413 option = cache_credentials_minimal_first_factor_length
  414 option = use_fully_qualified_names
  415 option = ignore_group_members
  416 option = entry_cache_timeout
  417 option = lookup_family_order
  418 option = account_cache_expiration
  419 option = pwd_expiration_warning
  420 option = filter_users
  421 option = filter_groups
  422 option = dns_resolver_server_timeout
  423 option = dns_resolver_op_timeout
  424 option = dns_resolver_timeout
  425 option = dns_discovery_domain
  426 option = override_gid
  427 option = case_sensitive
  428 option = override_homedir
  429 option = fallback_homedir
  430 option = homedir_substring
  431 option = override_shell
  432 option = default_shell
  433 option = description
  434 option = realmd_tags
  435 option = subdomain_refresh_interval
  436 option = subdomain_inherit
  437 option = subdomain_homedir
  438 option = cached_auth_timeout
  439 option = wildcard_limit
  440 option = full_name_format
  441 option = re_expression
  442 option = auto_private_groups
  443 option = pam_gssapi_services
  444 option = pam_gssapi_check_upn
  445 option = pam_gssapi_indicators_map
  446 
  447 #Entry cache timeouts
  448 option = entry_cache_user_timeout
  449 option = entry_cache_group_timeout
  450 option = entry_cache_netgroup_timeout
  451 option = entry_cache_service_timeout
  452 option = entry_cache_autofs_timeout
  453 option = entry_cache_sudo_timeout
  454 option = entry_cache_ssh_host_timeout
  455 option = entry_cache_computer_timeout
  456 option = entry_cache_resolver_timeout
  457 option = refresh_expired_interval
  458 
  459 # Dynamic DNS updates
  460 option = dyndns_update
  461 option = dyndns_ttl
  462 option = dyndns_iface
  463 option = dyndns_refresh_interval
  464 option = dyndns_update_ptr
  465 option = dyndns_force_tcp
  466 option = dyndns_auth
  467 option = dyndns_auth_ptr
  468 option = dyndns_server
  469 
  470 # files provider specific options
  471 option = passwd_files
  472 option = group_files
  473 
  474 # local provider specific options
  475 option = create_homedir
  476 option = remove_homedir
  477 option = homedir_umask
  478 option = skel_dir
  479 option = mail_dir
  480 option = userdel_cmd
  481 option = base_directory
  482 
  483 # proxy provider specific options
  484 option = proxy_lib_name
  485 option = proxy_resolver_lib_name
  486 option = proxy_fast_alias
  487 option = proxy_pam_target
  488 option = proxy_max_children
  489 
  490 # simple access provider specific options
  491 option = simple_allow_users
  492 option = simple_deny_users
  493 option = simple_allow_groups
  494 option = simple_deny_groups
  495 
  496 # AD provider specific options
  497 option = ad_access_filter
  498 option = ad_backup_server
  499 option = ad_domain
  500 option = ad_enable_dns_sites
  501 option = ad_enabled_domains
  502 option = ad_enable_gc
  503 option = ad_gpo_access_control
  504 option = ad_gpo_implicit_deny
  505 option = ad_gpo_ignore_unreadable
  506 option = ad_gpo_cache_timeout
  507 option = ad_gpo_default_right
  508 option = ad_gpo_map_batch
  509 option = ad_gpo_map_deny
  510 option = ad_gpo_map_interactive
  511 option = ad_gpo_map_network
  512 option = ad_gpo_map_permit
  513 option = ad_gpo_map_remote_interactive
  514 option = ad_gpo_map_service
  515 option = ad_hostname
  516 option = ad_machine_account_password_renewal_opts
  517 option = ad_maximum_machine_account_password_age
  518 option = ad_server
  519 option = ad_site
  520 option = ad_update_samba_machine_account_password
  521 option = ad_use_ldaps
  522 option = ad_allow_remote_domain_local_groups
  523 
  524 # IPA provider specific options
  525 option = ipa_anchor_uuid
  526 option = ipa_automount_location
  527 option = ipa_backup_server
  528 option = ipa_deskprofile_refresh
  529 option = ipa_deskprofile_request_interval
  530 option = ipa_deskprofile_search_base
  531 option = ipa_domain
  532 option = ipa_dyndns_iface
  533 option = ipa_dyndns_ttl
  534 option = ipa_dyndns_update
  535 option = ipa_enable_dns_sites
  536 option = ipa_group_override_object_class
  537 option = ipa_hbac_refresh
  538 option = ipa_hbac_search_base
  539 option = ipa_hbac_support_srchost
  540 option = ipa_host_fqdn
  541 option = ipa_hostgroup_memberof
  542 option = ipa_hostgroup_member
  543 option = ipa_hostgroup_name
  544 option = ipa_hostgroup_objectclass
  545 option = ipa_hostgroup_uuid
  546 option = ipa_host_member_of
  547 option = ipa_host_name
  548 option = ipa_hostname
  549 option = ipa_host_object_class
  550 option = ipa_host_search_base
  551 option = ipa_host_serverhostname
  552 option = ipa_host_ssh_public_key
  553 option = ipa_host_uuid
  554 option = ipa_master_domain_search_base
  555 option = ipa_netgroup_domain
  556 option = ipa_netgroup_member_ext_host
  557 option = ipa_netgroup_member_host
  558 option = ipa_netgroup_member_of
  559 option = ipa_netgroup_member
  560 option = ipa_netgroup_member_user
  561 option = ipa_netgroup_name
  562 option = ipa_netgroup_object_class
  563 option = ipa_netgroup_uuid
  564 option = ipa_override_object_class
  565 option = ipa_ranges_search_base
  566 option = ipa_selinux_refresh
  567 option = ipa_selinux_usermap_enabled
  568 option = ipa_selinux_usermap_host_category
  569 option = ipa_selinux_usermap_member_host
  570 option = ipa_selinux_usermap_member_user
  571 option = ipa_selinux_usermap_name
  572 option = ipa_selinux_usermap_object_class
  573 option = ipa_selinux_usermap_see_also
  574 option = ipa_selinux_usermap_selinux_user
  575 option = ipa_selinux_usermap_user_category
  576 option = ipa_selinux_usermap_uuid
  577 option = ipa_server_mode
  578 option = ipa_server
  579 option = ipa_subdomains_search_base
  580 option = ipa_sudocmdgroup_entry_usn
  581 option = ipa_sudocmdgroup_member
  582 option = ipa_sudocmdgroup_name
  583 option = ipa_sudocmdgroup_object_class
  584 option = ipa_sudocmdgroup_uuid
  585 option = ipa_sudocmd_memberof
  586 option = ipa_sudocmd_object_class
  587 option = ipa_sudocmd_sudoCmd
  588 option = ipa_sudocmd_uuid
  589 option = ipa_sudorule_allowcmd
  590 option = ipa_sudorule_cmdcategory
  591 option = ipa_sudorule_denycmd
  592 option = ipa_sudorule_enabled_flag
  593 option = ipa_sudorule_entry_usn
  594 option = ipa_sudorule_externaluser
  595 option = ipa_sudorule_hostcategory
  596 option = ipa_sudorule_host
  597 option = ipa_sudorule_name
  598 option = ipa_sudorule_notafter
  599 option = ipa_sudorule_notbefore
  600 option = ipa_sudorule_object_class
  601 option = ipa_sudorule_option
  602 option = ipa_sudorule_runasextgroup
  603 option = ipa_sudorule_runasextusergroup
  604 option = ipa_sudorule_runasextuser
  605 option = ipa_sudorule_runasgroupcategory
  606 option = ipa_sudorule_runasgroup
  607 option = ipa_sudorule_runasusercategory
  608 option = ipa_sudorule_sudoorder
  609 option = ipa_sudorule_usercategory
  610 option = ipa_sudorule_user
  611 option = ipa_sudorule_uuid
  612 option = ipa_user_override_object_class
  613 option = ipa_view_class
  614 option = ipa_view_name
  615 option = ipa_views_search_base
  616 
  617 # krb5 provider specific options
  618 option = krb5_auth_timeout
  619 option = krb5_backup_kpasswd
  620 option = krb5_backup_server
  621 option = krb5_canonicalize
  622 option = krb5_ccachedir
  623 option = krb5_ccname_template
  624 option = krb5_confd_path
  625 option = krb5_fast_principal
  626 option = krb5_kdcip
  627 option = krb5_keytab
  628 option = krb5_kpasswd
  629 option = krb5_lifetime
  630 option = krb5_map_user
  631 option = krb5_realm
  632 option = krb5_realm
  633 option = krb5_renewable_lifetime
  634 option = krb5_renew_interval
  635 option = krb5_server
  636 option = krb5_store_password_if_offline
  637 option = krb5_use_enterprise_principal
  638 option = krb5_use_subdomain_realm
  639 option = krb5_use_fast
  640 option = krb5_use_kdcinfo
  641 option = krb5_validate
  642 
  643 # ldap provider specific options
  644 option = ldap_access_filter
  645 option = ldap_access_order
  646 option = ldap_account_expire_policy
  647 option = ldap_autofs_entry_key
  648 option = ldap_autofs_entry_object_class
  649 option = ldap_autofs_entry_value
  650 option = ldap_autofs_map_master_name
  651 option = ldap_autofs_map_name
  652 option = ldap_autofs_map_object_class
  653 option = ldap_autofs_search_base
  654 option = ldap_backup_uri
  655 option = ldap_chpass_backup_uri
  656 option = ldap_chpass_dns_service_name
  657 option = ldap_chpass_update_last_change
  658 option = ldap_chpass_uri
  659 option = ldap_connection_expire_timeout
  660 option = ldap_connection_expire_offset
  661 option = ldap_default_authtok
  662 option = ldap_default_authtok_type
  663 option = ldap_default_bind_dn
  664 option = ldap_deref
  665 option = ldap_deref_threshold
  666 option = ldap_disable_paging
  667 option = ldap_disable_range_retrieval
  668 option = ldap_dns_service_name
  669 option = ldap_entry_usn
  670 option = ldap_enumeration_refresh_timeout
  671 option = ldap_enumeration_search_timeout
  672 option = ldap_force_upper_case_realm
  673 option = ldap_group_entry_usn
  674 option = ldap_group_external_member
  675 option = ldap_group_gid_number
  676 option = ldap_group_member
  677 option = ldap_group_modify_timestamp
  678 option = ldap_group_name
  679 option = ldap_group_nesting_level
  680 option = ldap_group_object_class
  681 option = ldap_group_objectsid
  682 option = ldap_group_search_base
  683 option = ldap_group_search_filter
  684 option = ldap_group_search_scope
  685 option = ldap_group_type
  686 option = ldap_group_uuid
  687 option = ldap_idmap_autorid_compat
  688 option = ldap_idmap_default_domain_sid
  689 option = ldap_idmap_default_domain
  690 option = ldap_idmap_helper_table_size
  691 option = ldap_id_mapping
  692 option = ldap_idmap_range_max
  693 option = ldap_idmap_range_min
  694 option = ldap_idmap_range_size
  695 option = ldap_id_use_start_tls
  696 option = ldap_krb5_init_creds
  697 option = ldap_krb5_keytab
  698 option = ldap_krb5_ticket_lifetime
  699 option = ldap_library_debug_level
  700 option = ldap_max_id
  701 option = ldap_min_id
  702 option = ldap_netgroup_member
  703 option = ldap_netgroup_modify_timestamp
  704 option = ldap_netgroup_name
  705 option = ldap_netgroup_object_class
  706 option = ldap_netgroup_search_base
  707 option = ldap_netgroup_triple
  708 option = ldap_network_timeout
  709 option = ldap_ns_account_lock
  710 option = ldap_offline_timeout
  711 option = ldap_opt_timeout
  712 option = ldap_page_size
  713 option = ldap_purge_cache_timeout
  714 option = ldap_pwd_attribute
  715 option = ldap_pwdlockout_dn
  716 option = ldap_pwd_policy
  717 option = ldap_referrals
  718 option = ldap_rfc2307_fallback_to_local_users
  719 option = ldap_rootdse_last_usn
  720 option = ldap_sasl_authid
  721 option = ldap_sasl_canonicalize
  722 option = ldap_sasl_mech
  723 option = ldap_sasl_minssf
  724 option = ldap_sasl_maxssf
  725 option = ldap_sasl_realm
  726 option = ldap_schema
  727 option = ldap_pwmodify_mode
  728 option = ldap_search_base
  729 option = ldap_search_timeout
  730 option = ldap_service_entry_usn
  731 option = ldap_service_name
  732 option = ldap_service_object_class
  733 option = ldap_service_port
  734 option = ldap_service_proto
  735 option = ldap_service_search_base
  736 option = ldap_sudo_full_refresh_interval
  737 option = ldap_sudo_hostnames
  738 option = ldap_sudo_include_netgroups
  739 option = ldap_sudo_include_regexp
  740 option = ldap_sudo_ip
  741 option = ldap_sudorule_command
  742 option = ldap_sudorule_host
  743 option = ldap_sudorule_name
  744 option = ldap_sudorule_notafter
  745 option = ldap_sudorule_notbefore
  746 option = ldap_sudorule_object_class
  747 option = ldap_sudorule_option
  748 option = ldap_sudorule_order
  749 option = ldap_sudorule_runasgroup
  750 option = ldap_sudorule_runas
  751 option = ldap_sudorule_runasuser
  752 option = ldap_sudorule_user
  753 option = ldap_sudo_search_base
  754 option = ldap_sudo_smart_refresh_interval
  755 option = ldap_sudo_use_host_filter
  756 option = ldap_tls_cacertdir
  757 option = ldap_tls_cacert
  758 option = ldap_tls_cert
  759 option = ldap_tls_cipher_suite
  760 option = ldap_tls_key
  761 option = ldap_tls_reqcert
  762 option = ldap_uri
  763 option = ldap_user_ad_account_expires
  764 option = ldap_user_ad_user_account_control
  765 option = ldap_user_authorized_host
  766 option = ldap_user_authorized_rhost
  767 option = ldap_user_authorized_service
  768 option = ldap_user_auth_type
  769 option = ldap_user_certificate
  770 option = ldap_user_email
  771 option = ldap_user_entry_usn
  772 option = ldap_user_extra_attrs
  773 option = ldap_user_fullname
  774 option = ldap_user_gecos
  775 option = ldap_user_gid_number
  776 option = ldap_user_home_directory
  777 option = ldap_user_krb_last_pwd_change
  778 option = ldap_user_krb_password_expiration
  779 option = ldap_user_member_of
  780 option = ldap_user_modify_timestamp
  781 option = ldap_user_name
  782 option = ldap_user_nds_login_allowed_time_map
  783 option = ldap_user_nds_login_disabled
  784 option = ldap_user_nds_login_expiration_time
  785 option = ldap_user_object_class
  786 option = ldap_user_objectsid
  787 option = ldap_user_primary_group
  788 option = ldap_user_principal
  789 option = ldap_user_search_base
  790 option = ldap_user_search_filter
  791 option = ldap_user_search_scope
  792 option = ldap_user_shadow_expire
  793 option = ldap_user_shadow_flag
  794 option = ldap_user_shadow_inactive
  795 option = ldap_user_shadow_last_change
  796 option = ldap_user_shadow_max
  797 option = ldap_user_shadow_min
  798 option = ldap_user_shadow_warning
  799 option = ldap_user_shell
  800 option = ldap_user_ssh_public_key
  801 option = ldap_user_uid_number
  802 option = ldap_user_uuid
  803 option = ldap_use_tokengroups
  804 option = ldap_host_object_class
  805 option = ldap_host_name
  806 option = ldap_host_fqdn
  807 option = ldap_host_serverhostname
  808 option = ldap_host_member_of
  809 option = ldap_host_search_base
  810 option = ldap_host_ssh_public_key
  811 option = ldap_host_uuid
  812 option = ldap_iphost_search_base
  813 option = ldap_iphost_object_class
  814 option = ldap_iphost_name
  815 option = ldap_iphost_number
  816 option = ldap_iphost_entry_usn
  817 option = ldap_ipnetwork_search_base
  818 option = ldap_ipnetwork_object_class
  819 option = ldap_ipnetwork_name
  820 option = ldap_ipnetwork_number
  821 option = ldap_ipnetwork_entry_usn
  822 
  823 # For application domains
  824 option = inherit_from
  825 
  826 [rule/allowed_subdomain_options]
  827 validator = ini_allowed_options
  828 section_re = ^domain/[^/\@]\+/[^/\@]\+$
  829 
  830 option = ldap_search_base
  831 option = ldap_user_search_base
  832 option = ldap_group_search_base
  833 option = ldap_netgroup_search_base
  834 option = ldap_service_search_base
  835 option = ldap_sasl_mech
  836 option = ad_server
  837 option = ad_backup_server
  838 option = ad_site
  839 option = use_fully_qualified_names
  840 option = auto_private_groups
  841 option = pam_gssapi_services
  842 option = pam_gssapi_check_upn
  843 option = pam_gssapi_indicators_map
  844 
  845 [rule/sssd_checks]
  846 validator = sssd_checks
  847 
  848 [rule/allowed_certmap_options]
  849 validator = ini_allowed_options
  850 section_re = ^certmap/[^/\@]\+/[^/\@]\+$
  851 
  852 option = matchrule
  853 option = maprule
  854 option = priority
  855 option = domains