Author: jsuchome
Date: Fri Mar 18 16:29:21 2011
New Revision: 63602
URL: http://svn.opensuse.org/viewcvs/yast?rev=63602&view=rev
Log:
added support for SSSD (fate#308902)
Modified:
branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp
branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp
branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.out
Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp?rev=63602&r1=63601&r2=63602&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp (original)
+++ branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp Fri Mar 18 16:29:21 2011
@@ -31,6 +31,7 @@
import "Report";
import "Service";
import "Stage";
+ import "String";
import "Summary";
/**
@@ -310,6 +311,18 @@
// map with modifications of Password Policies objects
global map ppolicies = $[];
+ // packages needed for pam_ldap/nss_ldap configuration
+ global list<string> pam_nss_packages = ["pam_ldap", "nss_ldap"];
+
+ // packages needed for sssd configuration
+ global list<string> sssd_packages = [ "sssd" ];
+
+ // if sssd is used instead of pam_ldap/nss_ldap (fate#308902)
+ global boolean sssd = true;
+
+ // enable/disable offline authentication ('cache_credentials' key)
+ global boolean sssd_cache_credentials = false;
+
//----------------------------------------------------------------
/**
@@ -399,7 +412,8 @@
if (start)
required_packages = (list<string>)
- union (required_packages, ["pam_ldap", "nss_ldap"]);
+ union (required_packages, sssd ? sssd_packages : pam_nss_packages);
+
list<string> install_pkgs = UpdatedArchPackages (required_packages);
list remove_pkgs = [];
return ($["install": install_pkgs, "remove": remove_pkgs]);
@@ -434,6 +448,7 @@
tls_cacertfile = settings ["tls_cacertfile"]:"";
tls_checkpeer = settings ["tls_checkpeer"]:"yes";
mkhomedir = settings ["mkhomedir"]:mkhomedir;
+ sssd = settings ["sssd"]:sssd;
if (_start_autofs)
required_packages = (list<string>) union (required_packages, ["autofs"]);
@@ -475,7 +490,8 @@
"member_attribute" : member_attribute,
"create_ldap" : create_ldap,
"login_enabled" : login_enabled,
- "mkhomedir" : mkhomedir
+ "mkhomedir" : mkhomedir,
+ "sssd" : sssd
];
if (tls_checkpeer != "yes")
e["tls_checkpeer"] = tls_checkpeer;
@@ -513,14 +529,15 @@
summary = Summary::AddHeader(summary, _("LDAP Server"));
summary = Summary::AddLine(summary,( server!="") ? server : Summary::NotConfigured());
// summary item
- summary = Summary::AddHeader(summary, _("LDAP Version 2"));
- // summary (LDAP version 2?)
- summary = Summary::AddLine(summary, (ldap_v2) ? _("Yes") : Summary::NotConfigured());
- // summary item
summary = Summary::AddHeader(summary, _("LDAP TLS/SSL"));
// summary (use TLS?)
summary = Summary::AddLine(summary, (ldap_tls) ? _("Yes") : Summary::NotConfigured());
+ // summary item
+ summary = Summary::AddHeader(summary, _("System Security Services Daemon (SSSD) Set"));
+ // summary (LDAP version 2?)
+ summary = Summary::AddLine(summary, (sssd && start) ? _("Yes") : Summary::NotConfigured());
+
return summary;
}
@@ -549,6 +566,11 @@
// summary
summary = summary + "<br>" + _("LDAP TLS/SSL Configured");
}
+ if (start && sssd)
+ {
+ // summary
+ summary = summary + "<br>" + _("System Security Services Daemon (SSSD) Set");
+ }
return summary;
}
@@ -671,11 +693,29 @@
nsswitch[db] = Nsswitch::ReadDb (db);
});
+ // 'start' means that LDAP is present in nsswitch somehow... either as 'compat'/'ldap'...
start = contains (nsswitch["passwd"]:[], "ldap") ||
(contains (nsswitch["passwd"]:[], "compat") &&
contains (nsswitch["passwd_compat"]:[], "ldap")) ||
(oes && contains (nsswitch["passwd"]:[], "nam"));
+ if (start)
+ {
+ // nss_ldap is used
+ sssd = false;
+ }
+ else
+ {
+ // ... or as 'sssd'
+ start = contains (nsswitch["passwd"]:[], "sssd");
+ }
+
+ // nothing is configured, but some packages are installed
+ if (!start && Package::InstalledAll (pam_nss_packages) && !Package::InstalledAll (sssd_packages))
+ {
+ sssd = false;
+ }
+
old_start = start;
nis_available = contains (nsswitch["passwd"]:[], "nis") ||
@@ -808,6 +848,7 @@
Autologin::Read ();
+
// Now check if previous configuration of LDAP server didn't proposed
// some better values:
if (Stage::cont ())
@@ -1926,6 +1967,83 @@
return write_openldap_conf;
}
+ /**
+ * Write updated /etc/sssd/sssd.conf file
+ */
+ global boolean WriteSSSDConfig () {
+
+ list<string> sections = SCR::Dir (.etc.sssd_conf.section);
+
+ SCR::Write (.etc.sssd_conf.v.sssd.domains, "default");
+
+
+ // "The "services" setting should have the value "nss, pam"
+ SCR::Write (.etc.sssd_conf.v.sssd.services, "nss,pam");
+
+ // " Make sure that "filter_groups" and "filter_users" in the "[nss]" section contains "root".
+ string f_g = (string) SCR::Read (.etc.sssd_conf.v.nss.filter_groups);
+ list<string> l = (list<string>) union (splitstring (f_g, ","), ["root"]);
+ SCR::Write (.etc.sssd_conf.v.nss.filter_groups, mergestring (l, ","));
+
+ string f_u = (string) SCR::Read (.etc.sssd_conf.v.nss.filter_users);
+ l = (list<string>) union (splitstring (f_u, ","), ["root"]);
+ SCR::Write (.etc.sssd_conf.v.nss.filter_users, mergestring (l, ","));
+
+ path domain = add (.etc.sssd_conf.v, "domain/default");
+
+ string uri = sformat ("ldap%1://%2", ldap_tls ? "s" : "", String::FirstChunk (server, " \t"));
+ SCR::Write (add (domain, "ldap_uri"), uri);
+ SCR::Write (add (domain, "ldap_search_base"), base_dn);
+ SCR::Write (add (domain, "ldap_schema"), "rfc2307bis");
+ SCR::Write (add (domain, "id_provider"), "ldap");
+ SCR::Write (add (domain, "ldap_user_uuid"), "entryuuid");
+ SCR::Write (add (domain, "ldap_group_uuid"), "entryuuid");
+
+ SCR::Write (add (domain, "ldap_id_use_start_tls"), ldap_tls ? "True" : "False");
+ SCR::Write (add (domain, "cache_credentials"), sssd_cache_credentials ? "True" : "False");
+ SCR::Write (add (domain, "ldap_tls_cacertdir"), tls_cacertdir == "" ? nil : tls_cacertdir);
+ SCR::Write (add (domain, "ldap_tls_cacert"), tls_cacertfile == "" ? nil : tls_cacertfile);
+
+ if (!contains (sections, "domain/default"))
+ {
+ SCR::Write (add (.etc.sssd_conf.section_comment, "domain/default"), "\n# Section created by YaST\n");
+ }
+
+ // In a mixed Kerberos/LDAP setup the following changes are needed in the [domain/default] section:
+ if (Pam::Enabled("krb5"))
+ {
+ SCR::Write (add (domain, "auth_provider"), "krb5");
+ SCR::Write (add (domain, "chpass_provider"), "krb5");
+ /*
+ FIXME how to read krb settings:
+ a) use agent directly (moved out from yast2-kerberos-client)
+ b) use Read + Export of Kerberos.ycp
+
+ * Set "krb5_kdcip" to the hostname of the kerberos kdc
+ * Set "krb5_realm" to kerberos realm
+ */
+ if (Package::Installed ("yast2-kerberos-client"))
+ {
+ WFM::CallFunction ("kerberos-client_auto", ["Read"]);
+ any e = WFM::CallFunction ("kerberos-client_auto",["Export"]);
+ if (is (e,map) && e != $[])
+ {
+ map kerberos = (map) e;
+y2internal ("kerberos export map: %1", kerberos);
+ SCR::Write (add (domain, "krb5_realm"), kerberos["kerberos_client","default_domain"]:nil);
+ SCR::Write (add (domain, "krb5_kdcip"), kerberos["kerberos_client","kdc_server"]:nil);
+ }
+ }
+
+ }
+ else
+ {
+ SCR::Write (add (domain, "chpass_provider"), "ldap");
+ SCR::Write (add (domain, "auth_provider"), "ldap");
+ }
+
+ return true;
+ }
/**
* If a file does not + entry, add it.
@@ -2372,19 +2490,26 @@
AddLdapConfEntry ("pam_filter", "objectClass=posixAccount");
}
- // save the user and group bases
- user_base = base_dn;
- group_base = base_dn;
-
- WriteLdapConfEntry ("nss_base_passwd",
- (nss_base_passwd != base_dn && nss_base_passwd != "") ?
- nss_base_passwd : nil);
- WriteLdapConfEntry ("nss_base_shadow",
- (nss_base_shadow != base_dn && nss_base_shadow != "") ?
- nss_base_shadow : nil);
- WriteLdapConfEntry ("nss_base_group",
- (nss_base_group != base_dn && nss_base_group != "") ?
- nss_base_group : nil);
+ if (sssd)
+ {
+ WriteSSSDConfig ();
+ }
+ else
+ {
+ // save the user and group bases
+ user_base = base_dn;
+ group_base = base_dn;
+
+ WriteLdapConfEntry ("nss_base_passwd",
+ (nss_base_passwd != base_dn && nss_base_passwd != "") ?
+ nss_base_passwd : nil);
+ WriteLdapConfEntry ("nss_base_shadow",
+ (nss_base_shadow != base_dn && nss_base_shadow != "") ?
+ nss_base_shadow : nil);
+ WriteLdapConfEntry ("nss_base_group",
+ (nss_base_group != base_dn && nss_base_group != "") ?
+ nss_base_group : nil);
+ }
// default value is 'yes'
WriteLdapConfEntry ("tls_checkpeer", tls_checkpeer == "yes" ? nil : tls_checkpeer);
@@ -2408,38 +2533,52 @@
if (!oes)
{
- // pam settigs
- if (Pam::Enabled("krb5"))
+ if (sssd)
{
- // If kerberos is used for authentication we configure
- // pam_ldap in a way that we use only the account checking.
- // Other configuration would mess up password changing
- Pam::Add ("ldap-account_only");
+ Pam::Add ("sss");
+ // Add "sss" to the passwd and group databases in nsswitch.conf
+ Nsswitch::WriteDb ("passwd", (list<string>)
+ union (nsswitch["passwd"]:[], ["sss"]));
+ Nsswitch::WriteDb ("group", (list<string>)
+ union (nsswitch["group"]:[], ["sss"]));
}
else
{
- Pam::Add ("ldap");
- }
- // modify sources in /etc/nsswitch.conf
- Nsswitch::WriteDb ("passwd", ["compat"]);
- Nsswitch::WriteDb ("passwd_compat", (list<string>)
- union (nsswitch["passwd_compat"]:[], ["ldap"]));
+ // pam settigs
+ if (Pam::Enabled("krb5"))
+ {
+ // If kerberos is used for authentication we configure
+ // pam_ldap in a way that we use only the account checking.
+ // Other configuration would mess up password changing
+ Pam::Add ("ldap-account_only");
+ }
+ else
+ {
+ Pam::Add ("ldap");
+ }
- foreach (string db, ["services","netgroup","aliases"], {
- Nsswitch::WriteDb (db, ["files", "ldap"]);
- });
+ // modify sources in /etc/nsswitch.conf
+ Nsswitch::WriteDb ("passwd", ["compat"]);
+ Nsswitch::WriteDb ("passwd_compat", (list<string>)
+ union (nsswitch["passwd_compat"]:[], ["ldap"]));
+
+ foreach (string db, ["services","netgroup","aliases"], {
+ Nsswitch::WriteDb (db, ["files", "ldap"]);
+ });
- if (contains (nsswitch["group"]:[], "compat") &&
- contains (nsswitch["group_compat"]:[], "ldap"))
- {
- y2milestone ("group_compat present, not changing");
- }
- else
- {
- Nsswitch::WriteDb ("group", ["files", "ldap"]);
+ if (contains (nsswitch["group"]:[], "compat") &&
+ contains (nsswitch["group_compat"]:[], "ldap"))
+ {
+ y2milestone ("group_compat present, not changing");
+ }
+ else
+ {
+ Nsswitch::WriteDb ("group", ["files", "ldap"]);
+ }
}
Nsswitch::Write ();
+
}
Autologin::Write (write_only);
}
@@ -2449,18 +2588,17 @@
foreach (string db, [ "passwd", "group" ], ``{
string new_db = db+"_compat";
nsswitch [db] = filter (
- string v, nsswitch[db]:[], ``(v != "ldap"));
+ string v, nsswitch[db]:[], ``(v != "ldap" && v != "sss"));
if (nsswitch[db]:[] == [] || nsswitch[db]:[] == ["files"])
nsswitch [db] = ["compat"];
nsswitch [new_db] = filter (
- string v, nsswitch[new_db]:[], ``(v != "ldap"));
+ string v, nsswitch[new_db]:[], ``(v != "ldap" && v != "sss"));
Nsswitch::WriteDb (db, nsswitch[db]:["compat"]);
Nsswitch::WriteDb (new_db, nsswitch[new_db]:[]);
});
-
foreach (string db, ["services" ,"netgroup", "aliases" ], {
list<string> db_l = (list<string>) filter (
- string v, Nsswitch::ReadDb (db), ``(v != "ldap"));
+ string v, Nsswitch::ReadDb (db), ``(v != "ldap" && v != "sss"));
if (db_l == [])
db_l = ["files"];
Nsswitch::WriteDb (db, db_l);
@@ -2476,6 +2614,10 @@
{
Pam::Remove ("ldap-account_only");
}
+ if (Pam::Enabled ("sss"))
+ {
+ Pam::Remove ("sss");
+ }
}
@@ -2527,6 +2669,20 @@
if (!write_only)
{
+ if (sssd && start)
+ {
+ // enable the sssd daemon to be started at bootup
+ Service::Adjust ("sssd", "enable");
+ if (Service::Status ("sssd") == 0)
+ {
+ Service::Restart ("sssd");
+ }
+ else
+ {
+ Service::Start ("sssd");
+ }
+ }
+
if (Package::Installed ("nscd") && modified)
{
SCR::Execute (.target.bash, "/usr/sbin/nscd -i passwd");
@@ -2647,8 +2803,9 @@
block<boolean> abort = ``{ return false; };
- list<string> needed_packages =
- UpdatedArchPackages (["pam_ldap", "nss_ldap"]);
+ list<string> needed_packages = sssd?
+ UpdatedArchPackages (sssd_packages) :
+ UpdatedArchPackages (pam_nss_packages);
if (_start_autofs && !Package::Installed("autofs"))
{
Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp?rev=63602&r1=63601&r2=63602&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp (original)
+++ branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp Fri Mar 18 16:29:21 2011
@@ -226,11 +226,11 @@
string base_dn = Ldap::GetBaseDN ();
string server = Ldap::server;
- boolean ldap_tls = Ldap::ldap_tls;
+ boolean ldap_tls = Ldap::ldap_tls || Ldap::sssd; // force TLS to true if sssd is used
string tls_checkpeer = Ldap::tls_checkpeer;
boolean login_enabled = Ldap::login_enabled;
string certTmpFile = sformat ("%1/__LDAPcert.crt", Directory::tmpdir);
-
+ boolean sssd_cache_credentials = Ldap::sssd_cache_credentials;
boolean autofs = Ldap::_start_autofs;
term autofs_con = `Empty ();
if (Ldap::_autofs_allowed)
@@ -248,7 +248,7 @@
Ldap::_autofs_allowed ? `VSpacing (0) : `VSpacing (0.5),
`Left(`CheckBox(`id(`mkhomedir),
// checkbox label
- _("Create Home Directory on Login"), mkhomedir
+ _("C&reate Home Directory on Login"), mkhomedir
))
);
@@ -261,7 +261,7 @@
`Left(`HVSquash(`VBox (
`Left (`RadioButton(`id(`ldapno), `opt (`notify),
// radio button label
- _("Do N&ot Use LDAP"), !start)),
+ _("Do &Not Use LDAP"), !start)),
`Left(`RadioButton(`id(`ldapyes), `opt (`notify),
// radio button label
_("&Use LDAP"), start)),
@@ -304,12 +304,14 @@
// check box label
`Left (`CheckBox (`id(`ldaps), `opt (`notify), _("LDAP &TLS/SSL"), ldap_tls)),
// push button label
- `PushButton (`id(`import_cert), _("Download CA Certificate"))
+ `PushButton (`id(`import_cert), _("Do&wnload CA Certificate"))
),
`VSpacing (0.2)
), `HSpacing (0.5))),
autofs_con,
mkhomedir_term,
+ // check box label
+ `Left (`CheckBox (`id (`sssd_cache_credentials), _("SSSD O&ffline Authentication"), sssd_cache_credentials)),
`VSpacing(0.4),
// pushbutton label
`PushButton (`id(`advanced), _("&Advanced Configuration..."))
@@ -329,6 +331,7 @@
UI::ChangeWidget (`id(`server),`ValidChars, Address::ValidChars + " ");
UI::ChangeWidget (`id(`import_cert),`Enabled, ldap_tls);
+ UI::ChangeWidget (`id(`sssd_cache_credentials),`Enabled, Ldap::sssd);
symbol result = `not_next;
do {
@@ -341,7 +344,8 @@
server = (string) UI::QueryWidget(`id(`server), `Value);
ldap_tls = (boolean) UI::QueryWidget(`id(`ldaps), `Value);
mkhomedir = (boolean) UI::QueryWidget (`id(`mkhomedir),`Value);
-
+ sssd_cache_credentials =
+ (boolean) UI::QueryWidget (`id(`sssd_cache_credentials), `Value);
UI::ChangeWidget (`id(`import_cert), `Enabled, ldap_tls);
if (result == `slp)
@@ -497,8 +501,9 @@
}
}
- list<string> needed_packages =
- Ldap::UpdatedArchPackages (["pam_ldap", "nss_ldap"]);
+ list<string> needed_packages = Ldap::sssd ?
+ Ldap::UpdatedArchPackages (Ldap::sssd_packages) :
+ Ldap::UpdatedArchPackages (Ldap::pam_nss_packages) :
if (start && !Package::InstalledAll (needed_packages))
{
@@ -539,7 +544,8 @@
Ldap::server != server ||
Ldap::ldap_tls != ldap_tls || Ldap::_start_autofs != autofs ||
Ldap::login_enabled != login_enabled ||
- Ldap::mkhomedir != mkhomedir)
+ Ldap::mkhomedir != mkhomedir ||
+ Ldap::sssd_cache_credentials != sssd_cache_credentials)
{
if (result == `next)
{
@@ -594,6 +600,7 @@
Ldap::_start_autofs = autofs;
Ldap::login_enabled = login_enabled;
Ldap::mkhomedir = mkhomedir;
+ Ldap::sssd_cache_credentials = sssd_cache_credentials;
Ldap::modified = true;
}
}
@@ -695,6 +702,7 @@
boolean ldap_v2 = Ldap::ldap_v2;
string tls_cacertdir = Ldap::tls_cacertdir;
string tls_cacertfile = Ldap::tls_cacertfile;
+ boolean sssd = Ldap::sssd;
list<term>member_attributes = [
`item (`id("member"), "member", member_attribute == "member"),
@@ -815,6 +823,8 @@
term cont = `Top (`HBox(`HSpacing (5), `VBox(
`VSpacing(0.4),
+ `Left (`CheckBox (`id (`sssd), `opt (`notify), _("Use S&ystem Security Services Daemon (SSSD)"), sssd)),
+ `VSpacing(0.4),
// frame label
`Frame (_("Naming Contexts"), `HBox(
`HSpacing (1), `VBox(
@@ -865,7 +875,7 @@
`VSpacing(0.4),
`HBox (
`HWeight (1, `HBox (
- `InputField (`id (`tls_cacertdir), `opt (`hstretch), _("Certificate Directory"),
+ `InputField (`id (`tls_cacertdir), `opt (`hstretch), _("Cer&tificate Directory"),
tls_cacertdir
),
`VBox (
@@ -874,7 +884,7 @@
`PushButton (`id(`br_tls_cacertdir), _("B&rowse"))
)
)), `HWeight (1, `HBox (
- `InputField (`id (`tls_cacertfile), `opt (`hstretch), _("CA Certificate File"),
+ `InputField (`id (`tls_cacertfile), `opt (`hstretch), _("CA Cert&ificate File"),
tls_cacertfile
),
`VBox (
@@ -891,6 +901,10 @@
UI::ReplaceWidget (`tabContents, cont);
if (has_tabs)
UI::ChangeWidget (`id (`tabs), `CurrentItem, `client);
+
+ foreach (symbol ui, [ `nss_base_passwd, `nss_base_group, `nss_base_shadow, `br_passwd, `br_shadow, `br_group ], {
+ UI::ChangeWidget (`id (ui), `Enabled, UI::QueryWidget (`id (`sssd), `Value) == false);
+ });
}
define void set_admin_term () {
@@ -1046,6 +1060,13 @@
UI::ChangeWidget (`id(br2entry[result]:nil), `Value, dn);
}
}
+ if (result == `sssd)
+ {
+ sssd = (boolean) UI::QueryWidget (`id (`sssd), `Value);
+ foreach (symbol ui, [ `nss_base_passwd, `nss_base_group, `nss_base_shadow, `br_passwd, `br_shadow, `br_group ], {
+ UI::ChangeWidget (`id (ui), `Enabled, !sssd);
+ });
+ }
if (result == `br_tls_cacertdir)
{
string dir = UI::AskForExistingDirectory (tls_cacertdir, _("Choose the directory with certificates"));
@@ -1230,7 +1251,8 @@
Ldap::nss_base_shadow != nss_base_shadow ||
Ldap::ldap_v2 != ldap_v2 ||
Ldap::tls_cacertdir != tls_cacertdir ||
- Ldap::tls_cacertfile != tls_cacertfile
+ Ldap::tls_cacertfile != tls_cacertfile ||
+ Ldap::sssd != sssd
)
{
Ldap::bind_dn = bind_dn;
@@ -1245,6 +1267,7 @@
Ldap::ldap_v2 = ldap_v2;
Ldap::tls_cacertdir = tls_cacertdir;
Ldap::tls_cacertfile = tls_cacertfile;
+ Ldap::sssd = sssd;
Ldap::modified = true;
}
break;
Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.out
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.out?rev=63602&r1=63601&r2=63602&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.out (original)
+++ branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.out Fri Mar 18 16:29:21 2011
@@ -18,4 +18,4 @@
Read .passwd.passwd.pluslines ["+"]
Return true
Dump ============================================
-Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "ldap_v2":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "start_autofs":false, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
+Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "ldap_v2":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":false, "start_autofs":false, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org