From c76256a0500bc4ac1cf1bece34b9e040cc4099ff Mon Sep 17 00:00:00 2001 From: Hasan Kara Date: Tue, 16 Jul 2019 15:42:37 +0300 Subject: [PATCH] sssd ldap_sudo_search_base has been made dynamic --- src/base/registration/config-files/sssd.conf | 2 +- src/base/registration/execute_sssd_authentication.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/base/registration/config-files/sssd.conf b/src/base/registration/config-files/sssd.conf index fe17980..a05db82 100644 --- a/src/base/registration/config-files/sssd.conf +++ b/src/base/registration/config-files/sssd.conf @@ -37,7 +37,7 @@ override_shell = /bin/bash enumerate = true cache_credentials = true sudo_provider = ldap -ldap_sudo_search_base = ou=Roles,dc=liderahenk,dc=org +###ldap_sudo_search_base### ###90 days ldap_sudo_full_refresh_interval=7776000 ###30 days diff --git a/src/base/registration/execute_sssd_authentication.py b/src/base/registration/execute_sssd_authentication.py index b55bcd7..1271231 100644 --- a/src/base/registration/execute_sssd_authentication.py +++ b/src/base/registration/execute_sssd_authentication.py @@ -48,6 +48,7 @@ class ExecuteSSSDAuthentication: file_data = file_data.replace("###ldap_search_base###", "ldap_search_base = " + dn) file_data = file_data.replace("###ldap_user_search_base###", "ldap_user_search_base = " + dn) file_data = file_data.replace("###ldap_group_search_base###", "ldap_group_search_base = " + dn) + file_data = file_data.replace("###ldap_sudo_search_base###", "ldap_sudo_search_base = ou=Roles," + dn) file_sssd.close() file_sssd = open(sssd_config_file_path, 'w')