Adding upstream version 2.9.4.upstream/2.9.4

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

9 files changed, 975 insertions, 0 deletions

diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
new file mode 100644
index 0000000..5ae6aab
--- /dev/null
+++ b/src/config/etc/sssd.api.conf
@@ -0,0 +1,228 @@
+# Format:
+# option = type, subtype, mandatory[, default]
+
+[service]
+# Options available to all services
+timeout = int, None, false
+debug = int, None, false
+debug_level = int, None, false
+debug_timestamps = bool, None, false
+debug_microseconds = bool, None, false
+debug_backtrace_enabled = bool, None, false
+command = str, None, false
+reconnection_retries = int, None, false
+fd_limit = int, None, false
+client_idle_timeout = int, None, false
+responder_idle_timeout = int, None, false
+cache_first = int, None, false
+description = str, None, false
+
+[sssd]
+# Monitor service
+config_file_version = int, None, false
+services = list, str, true, nss, pam
+domains = list, str, true
+re_expression = str, None, false
+full_name_format = str, None, false
+krb5_rcache_dir = str, None, false
+user = str, None, false
+default_domain_suffix = str, None, false
+certificate_verification = str, None, false
+override_space = str, None, false
+disable_netlink = bool, None, false
+enable_files_domain = str, None, false
+domain_resolution_order = list, str, false
+try_inotify = bool, None, false
+monitor_resolv_conf = bool, None, false
+implicit_pac_responder = bool, None, false
+core_dumpable = bool, None, false
+passkey_verification = str, None, false
+
+[nss]
+# Name service
+enum_cache_timeout = int, None, false
+entry_cache_nowait_percentage = int, None, false
+entry_negative_timeout = int, None, false
+local_negative_timeout = int, None, false
+filter_users = list, str, false
+filter_groups = list, str, false
+filter_users_in_groups = bool, None, false
+pwfield = str, None, false
+override_homedir = str, None, false
+fallback_homedir = str, None, false
+homedir_substring = str, None, false, /home
+override_shell = str, None, false
+allowed_shells = list, str, false
+vetoed_shells = list, str, false
+shell_fallback = str, None, false
+default_shell = str, None, false
+get_domains_timeout = int, None, false
+memcache_timeout = int, None, false
+user_attributes = str, None, false
+
+[pam]
+# Authentication service
+offline_credentials_expiration = int, None, false
+offline_failed_login_attempts = int, None, false
+offline_failed_login_delay = int, None, false
+pam_verbosity = int, None, false
+pam_response_filter = str, None, false
+pam_id_timeout = int, None, false
+pam_pwd_expiration_warning = int, None, false
+get_domains_timeout = int, None, false
+pam_trusted_users = str, None, false
+pam_public_domains = str, None, false
+pam_account_expired_message = str, None, false
+pam_account_locked_message = str, None, false
+pam_cert_auth = bool, None, false
+pam_cert_db_path = str, None, false
+pam_cert_verification = str, None, false
+p11_child_timeout = int, None, false
+pam_app_services = str, None, false
+pam_p11_allowed_services = str, None, false
+p11_wait_for_card_timeout = int, None, false
+p11_uri = str, None, false
+pam_initgroups_scheme = str, None, false
+pam_gssapi_services = str, None, false
+pam_gssapi_check_upn = bool, None, false
+pam_gssapi_indicators_map = str, None, false
+pam_passkey_auth = bool, None, false
+passkey_child_timeout = int, None, false
+passkey_debug_libfido2 = bool, None, false
+
+[sudo]
+# sudo service
+sudo_timed = bool, None, false
+sudo_inverse_order = bool, None, false
+sudo_threshold = int, None, false
+
+[autofs]
+# autofs service
+autofs_negative_timeout = int, None, false
+
+[ssh]
+# ssh service
+ssh_hash_known_hosts = bool, None, false
+ssh_known_hosts_timeout = int, None, false
+ca_db = str, None, false
+ssh_use_certificate_keys = bool, None, false
+ssh_use_certificate_matching_rules = str, None, false
+
+[pac]
+# PAC responder
+allowed_uids = str, None, false
+pac_lifetime = int, None, false
+pac_check = str, None, false
+
+[ifp]
+# InfoPipe responder
+allowed_uids = str, None, false
+user_attributes = str, None, false
+
+[session_recording]
+# Session recording service
+scope = str, None, false
+users = list, str, false
+groups = list, str, false
+exclude_users = list, str, false
+exclude_groups = list, str, false
+
+[provider]
+#Available provider types
+id_provider = str, None, true
+auth_provider = str, None, false
+access_provider = str, None, false
+chpass_provider = str, None, false
+sudo_provider = str, None, false
+autofs_provider = str, None, false
+hostid_provider = str, None, false
+subdomains_provider = str, None, false
+selinux_provider = str, None, false
+session_provider = str, None, false
+resolver_provider = str, None, false
+
+[domain]
+# Options available to all domains
+enabled = bool, None, false
+description = str, None, false
+domain_type = str, None, false
+debug = int, None, false
+debug_level = int, None, false
+debug_timestamps = bool, None, false
+command = str, None, false
+min_id = int, None, false
+max_id = int, None, false
+timeout = int, None, false
+enumerate = bool, None, false
+subdomain_enumerate = str, None, false
+offline_timeout = int, None, false
+offline_timeout_max = int, None, false
+offline_timeout_random_offset = int, None, false
+cache_credentials = bool, None, false
+cache_credentials_minimal_first_factor_length = int, None, false
+use_fully_qualified_names = bool, None, false
+ignore_group_members = bool, None, false
+entry_cache_timeout = int, None, false
+lookup_family_order = str, None, false
+account_cache_expiration = int, None, false
+pwd_expiration_warning = int, None, false
+filter_users = list, str, false
+filter_groups = list, str, false
+dns_resolver_server_timeout = int, None, false
+dns_resolver_op_timeout = int, None, false
+dns_resolver_timeout = int, None, false
+dns_discovery_domain = str, None, false
+override_gid = int, None, false
+case_sensitive = str, None, false
+override_homedir = str, None, false
+fallback_homedir = str, None, false
+homedir_substring = str, None, false
+override_shell = str, None, false
+default_shell = str, None, false
+description = str, None, false
+realmd_tags = str, None, false
+subdomain_refresh_interval = int, None, false
+subdomain_refresh_interval_offset = int, None, false
+subdomain_inherit = str, None, false
+subdomain_homedir = str, None, false
+cached_auth_timeout = int, None, false
+full_name_format = str, None, false
+re_expression = str, None, false
+auto_private_groups = str, None, false
+pam_gssapi_services = str, None, false
+pam_gssapi_check_upn = bool, None, false
+pam_gssapi_indicators_map = str, None, false
+local_auth_policy = str, None, false
+
+#Entry cache timeouts
+entry_cache_user_timeout = int, None, false
+entry_cache_group_timeout = int, None, false
+entry_cache_netgroup_timeout = int, None, false
+entry_cache_service_timeout = int, None, false
+entry_cache_autofs_timeout = int, None, false
+entry_cache_sudo_timeout = int, None, false
+entry_cache_ssh_host_timeout = int, None, false
+entry_cache_resolver_timeout = int, None, false
+refresh_expired_interval = int, None, false
+refresh_expired_interval_offset = int, None, false
+
+# Dynamic DNS updates
+dyndns_update = bool, None, false
+dyndns_ttl = int, None, false
+dyndns_iface = str, None, false
+dyndns_refresh_interval = int, None, false
+dyndns_refresh_interval_offset = int, None, false
+dyndns_update_ptr = bool, None, false
+dyndns_force_tcp = bool, None, false
+dyndns_auth = str, None, false
+dyndns_server = str, None, false
+
+# Special providers
+[provider/permit]
+
+[provider/permit/access]
+
+[provider/deny]
+
+[provider/deny/access]
+
diff --git a/src/config/etc/sssd.api.d/crash_test_dummy b/src/config/etc/sssd.api.d/crash_test_dummy
new file mode 100644
index 0000000..02e447e
--- /dev/null
+++ b/src/config/etc/sssd.api.d/crash_test_dummy
@@ -0,0 +1 @@
+Please do not delete this file, it is part of the config API self-test.
diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
new file mode 100644
index 0000000..3bf89ed
--- /dev/null
+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
@@ -0,0 +1,212 @@
+[provider/ad]
+ad_domain = str, None, false
+ad_enabled_domains = str, None, false
+ad_server = str, None, false
+ad_backup_server = str, None, false
+ad_hostname = str, None, false
+ad_enable_dns_sites = bool, None, false
+ad_access_filter = str, None, false
+ad_enable_gc = bool, None, false
+ad_gpo_access_control = str, None, false
+ad_gpo_cache_timeout = int, None, false
+ad_gpo_map_interactive = str, None, false
+ad_gpo_map_remote_interactive = str, None, false
+ad_gpo_map_network = str, None, false
+ad_gpo_map_batch = str, None, false
+ad_gpo_map_service = str, None, false
+ad_gpo_map_permit = str, None, false
+ad_gpo_map_deny = str, None, false
+ad_gpo_default_right = str, None, false
+ad_site = str, None, false
+ad_maximum_machine_account_password_age = int, None, false
+ad_machine_account_password_renewal_opts = str, None, false
+ad_update_samba_machine_account_password = bool, None, false
+ad_use_ldaps = bool, None, false
+ad_allow_remote_domain_local_groups = bool, None, false
+ldap_uri = str, None, false
+ldap_backup_uri = str, None, false
+ldap_search_base = str, None, false
+ldap_schema = str, None, false
+ldap_pwmodify_mode = str, None, false
+ldap_default_bind_dn = str, None, false
+ldap_default_authtok_type = str, None, false
+ldap_default_authtok = str, None, false
+ldap_network_timeout = int, None, false
+ldap_opt_timeout = int, None, false
+ldap_offline_timeout = int, None, false
+ldap_tls_cacert = str, None, false
+ldap_tls_cacertdir = str, None, false
+ldap_tls_cert = str, None, false
+ldap_tls_key = str, None, false
+ldap_tls_cipher_suite = str, None, false
+ldap_tls_reqcert = str, None, false
+ldap_sasl_mech = str, None, false
+ldap_sasl_authid = str, None, false
+ldap_sasl_minssf = int, None, false
+ldap_sasl_maxssf = int, None, false
+krb5_kdcip = str, None, false
+krb5_server = str, None, false
+krb5_backup_server = str, None, false
+krb5_realm = str, None, false
+krb5_auth_timeout = int, None, false
+krb5_canonicalize = bool, None, false
+krb5_use_kdcinfo = bool, None, false
+ldap_krb5_keytab = str, None, false
+ldap_krb5_init_creds = bool, None, false
+ldap_entry_usn = str, None, false
+ldap_rootdse_last_usn = str, None, false
+ldap_referrals = bool, None, false
+ldap_krb5_ticket_lifetime = int, None, false
+ldap_dns_service_name = str, None, false
+ldap_deref = str, None, false
+ldap_page_size = int, None, false
+ldap_deref_threshold = int, None, false
+ldap_connection_expire_timeout = int, None, false
+ldap_connection_expire_offset = int, None, false
+ldap_connection_idle_timeout = int, None, false
+ldap_disable_paging = bool, None, false
+krb5_confd_path = str, None, false
+wildcard_limit = int, None, false
+
+[provider/ad/id]
+ldap_search_timeout = int, None, false
+ldap_enumeration_refresh_timeout = int, None, false
+ldap_purge_cache_timeout = int, None, false
+ldap_id_use_start_tls = bool, None, false
+ldap_id_mapping = bool, None, false
+ldap_user_search_base = str, None, false
+ldap_user_search_scope = str, None, false
+ldap_user_search_filter = str, None, false
+ldap_user_extra_attrs = str, None, false
+ldap_user_object_class = str, None, false
+ldap_user_name = str, None, false
+ldap_user_uid_number = str, None, false
+ldap_user_gid_number = str, None, false
+ldap_user_gecos = str, None, false
+ldap_user_home_directory = str, None, false
+ldap_user_shell = str, None, false
+ldap_user_uuid = str, None, false
+ldap_user_objectsid = str, None, false
+ldap_user_primary_group = str, None, false
+ldap_user_principal = str, None, false
+ldap_user_fullname = str, None, false
+ldap_user_member_of = str, None, false
+ldap_user_modify_timestamp = str, None, false
+ldap_user_entry_usn = str, None, false
+ldap_user_shadow_last_change = str, None, false
+ldap_user_shadow_min = str, None, false
+ldap_user_shadow_max = str, None, false
+ldap_user_shadow_warning = str, None, false
+ldap_user_shadow_inactive = str, None, false
+ldap_user_shadow_expire = str, None, false
+ldap_user_shadow_flag = str, None, false
+ldap_user_krb_last_pwd_change = str, None, false
+ldap_user_krb_password_expiration = str, None, false
+ldap_pwd_attribute = str, None, false
+ldap_user_ssh_public_key = str, None, false
+ldap_user_auth_type = str, None, false
+ldap_user_certificate = str, None, false
+ldap_user_email = str, None, false
+ldap_user_passkey = str, None, false
+ldap_group_search_base = str, None, false
+ldap_group_search_scope = str, None, false
+ldap_group_search_filter = str, None, false
+ldap_group_object_class = str, None, false
+ldap_group_name = str, None, false
+ldap_group_gid_number = str, None, false
+ldap_group_member = str, None, false
+ldap_group_uuid = str, None, false
+ldap_group_objectsid = str, None, false
+ldap_group_modify_timestamp = str, None, false
+ldap_group_entry_usn = str, None, false
+ldap_group_type = str, None, false
+ldap_group_external_member = str, None, false
+ldap_force_upper_case_realm = bool, None, false
+ldap_group_nesting_level = int, None, false
+ldap_netgroup_search_base = str, None, false
+ldap_service_object_class = str, None, false
+ldap_service_name = str, None, false
+ldap_service_port = str, None, false
+ldap_service_proto = str, None, false
+ldap_service_search_base = str, None, false
+ldap_service_entry_usn = str, None, false
+ldap_idmap_range_min = int, None, false
+ldap_idmap_range_max = int, None, false
+ldap_idmap_range_size = int, None, false
+ldap_idmap_autorid_compat = bool, None, false
+ldap_idmap_default_domain = str, None, false
+ldap_idmap_default_domain_sid = str, None, false
+ldap_idmap_helper_table_size = int, None, false
+ldap_use_tokengroups = bool, None, false
+ldap_rfc2307_fallback_to_local_users = bool, None, false
+ldap_pwdlockout_dn = str, None, false
+
+[provider/ad/auth]
+krb5_ccachedir = str, None, false
+krb5_ccname_template = str, None, false
+krb5_keytab = str, None, false
+krb5_validate = bool, None, false
+ldap_pwd_policy = str, None, false
+krb5_store_password_if_offline = bool, None, false
+krb5_renewable_lifetime = str, None, false
+krb5_lifetime = str, None, false
+krb5_renew_interval = str, None, false
+krb5_use_fast = str, None, false
+krb5_fast_principal = str, None, false
+krb5_fast_use_anonymous_pkinit = bool, None, false
+krb5_use_enterprise_principal = bool, None, false
+krb5_use_subdomain_realm = bool, None, false
+krb5_map_user = str, None, false
+
+[provider/ad/access]
+
+[provider/ad/chpass]
+krb5_kpasswd = str, None, false
+krb5_backup_kpasswd = str, None, false
+
+[provider/ad/subdomains]
+
+[provider/ad/sudo]
+ldap_sudo_search_base = str, None, false
+ldap_sudo_full_refresh_interval = int, None, false
+ldap_sudo_smart_refresh_interval = int, None, false
+ldap_sudo_random_offset = int, None, false
+ldap_sudo_use_host_filter = bool, None, false
+ldap_sudo_hostnames = str, None, false
+ldap_sudo_ip = str, None, false
+ldap_sudo_include_netgroups = bool, None, false
+ldap_sudo_include_regexp = bool, None, false
+ldap_sudorule_object_class = str, None, false
+ldap_sudorule_object_class_attr = str, None, false
+ldap_sudorule_name = str, None, false
+ldap_sudorule_command = str, None, false
+ldap_sudorule_host = str, None, false
+ldap_sudorule_user = str, None, false
+ldap_sudorule_option = str, None, false
+ldap_sudorule_runas = str, None, false
+ldap_sudorule_runasuser = str, None, false
+ldap_sudorule_runasgroup = str, None, false
+ldap_sudorule_notbefore = str, None, false
+ldap_sudorule_notafter = str, None, false
+ldap_sudorule_order = str, None, false
+
+[provider/ad/autofs]
+ldap_autofs_map_master_name = str, None, false
+ldap_autofs_map_object_class = str, None, false
+ldap_autofs_map_name = str, None, false
+ldap_autofs_entry_object_class = str, None, false
+ldap_autofs_entry_key = str, None, false
+ldap_autofs_entry_value = str, None, false
+ldap_autofs_search_base = str, None, false
+
+[provider/ad/resolver]
+ldap_iphost_search_base = str, None, false
+ldap_iphost_object_class = str, None, false
+ldap_iphost_name = str, None, false
+ldap_iphost_number = str, None, false
+ldap_iphost_entry_usn = str, None, false
+ldap_ipnetwork_search_base = str, None, false
+ldap_ipnetwork_object_class = str, None, false
+ldap_ipnetwork_name = str, None, false
+ldap_ipnetwork_number = str, None, false
+ldap_ipnetwork_entry_usn = str, None, false
diff --git a/src/config/etc/sssd.api.d/sssd-files.conf b/src/config/etc/sssd.api.d/sssd-files.conf
new file mode 100644
index 0000000..2444d49
--- /dev/null
+++ b/src/config/etc/sssd.api.d/sssd-files.conf
@@ -0,0 +1,3 @@
+[provider/files]
+passwd_files = str, None, false
+group_files = str, None, false
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
new file mode 100644
index 0000000..b28281c
--- /dev/null
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -0,0 +1,286 @@
+# Format:
+# option = type, subtype, mandatory[, default]
+[provider/ipa]
+ipa_domain = str, None, false
+ipa_server = str, None, false
+ipa_backup_server = str, None, false
+ipa_hostname = str, None, false
+ipa_deskprofile_search_base = str, None, false
+ipa_subid_ranges_search_base = str, None, false
+ipa_access_order = str, None, false
+ipa_dyndns_update = bool, None, false
+ipa_dyndns_ttl = int, None, false
+ipa_dyndns_iface = str, None, false
+ipa_hbac_search_base = str, None, false
+ipa_host_search_base = str, None, false
+ipa_master_domain_search_base = str, None, false
+ipa_ranges_search_base = str, None, false
+ipa_enable_dns_sites = bool, None, false
+ldap_uri = str, None, false
+ldap_backup_uri = str, None, false
+ldap_search_base = str, None, false
+ldap_schema = str, None, false
+ldap_pwmodify_mode = str, None, false
+ldap_default_bind_dn = str, None, false
+ldap_default_authtok_type = str, None, false
+ldap_default_authtok = str, None, false
+ldap_network_timeout = int, None, false
+ldap_opt_timeout = int, None, false
+ldap_offline_timeout = int, None, false
+ldap_tls_cacert = str, None, false
+ldap_tls_cacertdir = str, None, false
+ldap_tls_cert = str, None, false
+ldap_tls_key = str, None, false
+ldap_tls_cipher_suite = str, None, false
+ldap_tls_reqcert = str, None, false
+ldap_sasl_mech = str, None, false
+ldap_sasl_authid = str, None, false
+ldap_sasl_minssf = int, None, false
+ldap_sasl_maxssf = int, None, false
+krb5_kdcip = str, None, false
+krb5_server = str, None, false
+krb5_backup_server = str, None, false
+krb5_realm = str, None, false
+krb5_auth_timeout = int, None, false
+krb5_use_kdcinfo = bool, None, false
+krb5_kpasswd = str, None, false
+krb5_backup_kpasswd = str, None, false
+krb5_canonicalize = bool, None, false
+ldap_krb5_keytab = str, None, false
+ldap_krb5_init_creds = bool, None, false
+ldap_entry_usn = str, None, false
+ldap_rootdse_last_usn = str, None, false
+ldap_referrals = bool, None, false
+ldap_krb5_ticket_lifetime = int, None, false
+ldap_dns_service_name = str, None, false
+ldap_deref = str, None, false
+ldap_page_size = int, None, false
+ldap_deref_threshold = int, None, false
+ldap_connection_expire_timeout = int, None, false
+ldap_connection_expire_offset = int, None, false
+ldap_connection_idle_timeout = int, None, false
+ldap_disable_paging = bool, None, false
+krb5_confd_path = str, None, false
+wildcard_limit = int, None, false
+
+[provider/ipa/id]
+ldap_search_timeout = int, None, false
+ldap_enumeration_refresh_timeout = int, None, false
+ldap_purge_cache_timeout = int, None, false
+ldap_id_use_start_tls = bool, None, false
+ldap_id_mapping = bool, None, false
+ldap_user_search_base = str, None, false
+ldap_user_search_scope = str, None, false
+ldap_user_search_filter = str, None, false
+ldap_user_extra_attrs = str, None, false
+ldap_user_object_class = str, None, false
+ldap_user_name = str, None, false
+ldap_user_uid_number = str, None, false
+ldap_user_gid_number = str, None, false
+ldap_user_gecos = str, None, false
+ldap_user_home_directory = str, None, false
+ldap_user_shell = str, None, false
+ldap_user_uuid = str, None, false
+ldap_user_objectsid = str, None, false
+ldap_user_primary_group = str, None, false
+ldap_user_principal = str, None, false
+ldap_user_fullname = str, None, false
+ldap_user_member_of = str, None, false
+ldap_user_modify_timestamp = str, None, false
+ldap_user_entry_usn = str, None, false
+ldap_user_shadow_last_change = str, None, false
+ldap_user_shadow_min = str, None, false
+ldap_user_shadow_max = str, None, false
+ldap_user_shadow_warning = str, None, false
+ldap_user_shadow_inactive = str, None, false
+ldap_user_shadow_expire = str, None, false
+ldap_user_shadow_flag = str, None, false
+ldap_user_krb_last_pwd_change = str, None, false
+ldap_user_krb_password_expiration = str, None, false
+ldap_pwd_attribute = str, None, false
+ldap_user_ssh_public_key = str, None, false
+ldap_user_auth_type = str, None, false
+ldap_user_certificate = str, None, false
+ldap_user_email = str, None, false
+ldap_user_passkey = str, None, false
+ldap_group_search_base = str, None, false
+ldap_group_search_scope = str, None, false
+ldap_group_search_filter = str, None, false
+ldap_group_object_class = str, None, false
+ldap_group_name = str, None, false
+ldap_group_gid_number = str, None, false
+ldap_group_member = str, None, false
+ldap_group_uuid = str, None, false
+ldap_group_objectsid = str, None, false
+ldap_group_modify_timestamp = str, None, false
+ldap_group_entry_usn = str, None, false
+ldap_group_type = str, None, false
+ldap_group_external_member = str, None, false
+ldap_force_upper_case_realm = bool, None, false
+ldap_group_nesting_level = int, None, false
+ldap_netgroup_search_base = str, None, false
+ipa_netgroup_object_class = str, None, false
+ipa_netgroup_name = str, None, false
+ipa_netgroup_member = str, None, false
+ipa_netgroup_member_of = str, None, false
+ipa_netgroup_member_user = str, None, false
+ipa_netgroup_member_host = str, None, false
+ipa_netgroup_member_ext_host = str, None, false
+ipa_netgroup_domain = str, None, false
+ipa_netgroup_uuid = str, None, false
+ldap_service_object_class = str, None, false
+ldap_service_name = str, None, false
+ldap_service_port = str, None, false
+ldap_service_proto = str, None, false
+ldap_service_search_base = str, None, false
+ldap_service_entry_usn = str, None, false
+ipa_host_object_class = str, None, false
+ipa_host_fqdn = str, None, false
+ipa_host_ssh_public_key = str, None, false
+ldap_idmap_range_min = int, None, false
+ldap_idmap_range_max = int, None, false
+ldap_idmap_range_size = int, None, false
+ldap_idmap_autorid_compat = bool, None, false
+ldap_idmap_default_domain = str, None, false
+ldap_idmap_default_domain_sid = str, None, false
+ldap_idmap_helper_table_size = int, None, false
+ldap_use_tokengroups = bool, None, false
+ldap_rfc2307_fallback_to_local_users = bool, None, false
+ipa_server_mode = bool, None, false
+ldap_pwdlockout_dn = str, None, false
+ipa_views_search_base = str, None, false
+ipa_view_class = str, None, false
+ipa_view_name = str, None, false
+ipa_override_object_class = str, None, false
+ipa_anchor_uuid = str, None, false
+ipa_user_override_object_class = str, None, false
+ipa_group_override_object_class = str, None, false
+
+[provider/ipa/auth]
+krb5_ccachedir = str, None, false
+krb5_ccname_template = str, None, false
+krb5_keytab = str, None, false
+krb5_validate = bool, None, false
+ldap_pwd_policy = str, None, false
+krb5_store_password_if_offline = bool, None, false
+krb5_renewable_lifetime = str, None, false
+krb5_lifetime = str, None, false
+krb5_renew_interval = str, None, false
+krb5_use_fast = str, None, false
+krb5_fast_principal = str, None, false
+krb5_fast_use_anonymous_pkinit = bool, None, false
+krb5_use_enterprise_principal = bool, None, false
+krb5_use_subdomain_realm = bool, None, false
+krb5_map_user = str, None, false
+
+[provider/ipa/access]
+ipa_hbac_refresh = int, None, false
+ipa_selinux_refresh = int, None, false
+ipa_hbac_support_srchost = bool, None, false
+ipa_host_object_class = str, None, false
+ipa_host_name = str, None, false
+ipa_host_fqdn = str, None, false
+ipa_host_serverhostname = str, None, false
+ipa_host_member_of = str, None, false
+ipa_host_ssh_public_key = str, None, false
+ipa_host_uuid = str, None, false
+ipa_hostgroup_objectclass = str, None, false
+ipa_hostgroup_name = str, None, false
+ipa_hostgroup_member = str, None, false
+ipa_hostgroup_memberof = str, None, false
+ipa_hostgroup_uuid = str, None, false
+
+[provider/ipa/autofs]
+ipa_automount_location = str, None, false
+ldap_autofs_map_master_name = str, None, false
+ldap_autofs_map_object_class = str, None, false
+ldap_autofs_map_name = str, None, false
+ldap_autofs_entry_object_class = str, None, false
+ldap_autofs_entry_key = str, None, false
+ldap_autofs_entry_value = str, None, false
+ldap_autofs_search_base = str, None, false
+
+[provider/ipa/chpass]
+
+[provider/ipa/session]
+ipa_deskprofile_refresh = int, None, false
+ipa_deskprofile_request_interval = int, None, false
+ipa_host_object_class = str, None, false
+ipa_host_name = str, None, false
+ipa_host_fqdn = str, None, false
+ipa_host_serverhostname = str, None, false
+ipa_host_member_of = str, None, false
+ipa_host_ssh_public_key = str, None, false
+ipa_host_uuid = str, None, false
+ipa_selinux_usermap_object_class = str, None, false
+ipa_selinux_usermap_name = str, None, false
+ipa_selinux_usermap_member_user = str, None, false
+ipa_selinux_usermap_member_host = str, None, false
+ipa_selinux_usermap_see_also = str, None, false
+ipa_selinux_usermap_selinux_user = str, None, false
+ipa_selinux_usermap_enabled = str, None, false
+ipa_selinux_usermap_user_category = str, None, false
+ipa_selinux_usermap_host_category = str, None, false
+ipa_selinux_usermap_uuid = str, None, false
+
+[provider/ipa/hostid]
+
+[provider/ipa/subdomains]
+ipa_subdomains_search_base = str, None, false
+
+[provider/ipa/sudo]
+ldap_sudo_search_base = str, None, false
+ldap_sudo_full_refresh_interval = int, None, false
+ldap_sudo_smart_refresh_interval = int, None, false
+ldap_sudo_random_offset = int, None, false
+ldap_sudo_use_host_filter = bool, None, false
+ldap_sudo_hostnames = str, None, false
+ldap_sudo_ip = str, None, false
+ldap_sudo_include_netgroups = bool, None, false
+ldap_sudo_include_regexp = bool, None, false
+ldap_sudorule_object_class = str, None, false
+ldap_sudorule_object_class_attr = str, None, false
+ldap_sudorule_name = str, None, false
+ldap_sudorule_command = str, None, false
+ldap_sudorule_host = str, None, false
+ldap_sudorule_user = str, None, false
+ldap_sudorule_option = str, None, false
+ldap_sudorule_runas = str, None, false
+ldap_sudorule_runasuser = str, None, false
+ldap_sudorule_runasgroup = str, None, false
+ldap_sudorule_notbefore = str, None, false
+ldap_sudorule_notafter = str, None, false
+ldap_sudorule_order = str, None, false
+ipa_sudorule_object_class = str, None, false
+ipa_sudorule_name = str, None, false
+ipa_sudorule_uuid = str, None, false
+ipa_sudorule_enabled_flag = str, None, false
+ipa_sudorule_option = str, None, false
+ipa_sudorule_runasgroup = str, None, false
+ipa_sudorule_runasgroup = str, None, false
+ipa_sudorule_allowcmd = str, None, false
+ipa_sudorule_denycmd = str, None, false
+ipa_sudorule_host = str, None, false
+ipa_sudorule_user = str, None, false
+ipa_sudorule_notafter = str, None, false
+ipa_sudorule_notbefore = str, None, false
+ipa_sudorule_sudoorder = str, None, false
+ipa_sudorule_cmdcategory = str, None, false
+ipa_sudorule_hostcategory = str, None, false
+ipa_sudorule_usercategory = str, None, false
+ipa_sudorule_runasusercategory = str, None, false
+ipa_sudorule_runasgroupcategory = str, None, false
+ipa_sudorule_runasextuser = str, None, false
+ipa_sudorule_runasextgroup = str, None, false
+ipa_sudorule_runasextusergroup = str, None, false
+ipa_sudorule_externaluser = str, None, false
+ipa_sudorule_entry_usn = str, None, false
+ipa_sudocmdgroup_object_class = str, None, false
+ipa_sudocmdgroup_uuid = str, None, false
+ipa_sudocmdgroup_name = str, None, false
+ipa_sudocmdgroup_member = str, None, false
+ipa_sudocmdgroup_entry_usn = str, None, false
+ipa_sudocmd_object_class = str, None, false
+ipa_sudocmd_uuid = str, None, false
+ipa_sudocmd_sudoCmd = str, None, false
+ipa_sudocmd_memberof = str, None, false
diff --git a/src/config/etc/sssd.api.d/sssd-krb5.conf b/src/config/etc/sssd.api.d/sssd-krb5.conf
new file mode 100644
index 0000000..0ae9ec5
--- /dev/null
+++ b/src/config/etc/sssd.api.d/sssd-krb5.conf
@@ -0,0 +1,31 @@
+[provider/krb5]
+krb5_kdcip = str, None, false
+krb5_server = str, None, false
+krb5_backup_server = str, None, false
+krb5_realm = str, None, true
+krb5_auth_timeout = int, None, false
+krb5_use_kdcinfo = bool, None, false
+krb5_kpasswd = str, None, false
+krb5_backup_kpasswd = str, None, false
+
+[provider/krb5/auth]
+krb5_ccachedir = str, None, false
+krb5_ccname_template = str, None, false
+krb5_keytab = str, None, false
+krb5_validate = bool, None, false
+krb5_store_password_if_offline = bool, None, false
+krb5_renewable_lifetime = str, None, false
+krb5_lifetime = str, None, false
+krb5_renew_interval = str, None, false
+krb5_use_fast = str, None, false
+krb5_fast_principal = str, None, false
+krb5_fast_use_anonymous_pkinit = bool, None, false
+krb5_canonicalize = bool, None, false
+krb5_use_enterprise_principal = bool, None, false
+krb5_use_subdomain_realm = bool, None, false
+krb5_map_user = str, None, false
+
+[provider/krb5/access]
+
+[provider/krb5/chpass]
+
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
new file mode 100644
index 0000000..237cf40
--- /dev/null
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -0,0 +1,195 @@
+[provider/ldap]
+ldap_uri = str, None, false
+ldap_backup_uri = str, None, false
+ldap_search_base = str, None, false
+ldap_schema = str, None, false
+ldap_pwmodify_mode = str, None, false
+ldap_default_bind_dn = str, None, false
+ldap_default_authtok_type = str, None, false
+ldap_default_authtok = str, None, false
+ldap_network_timeout = int, None, false
+ldap_opt_timeout = int, None, false
+ldap_offline_timeout = int, None, false
+ldap_tls_cacert = str, None, false
+ldap_tls_cacertdir = str, None, false
+ldap_tls_cert = str, None, false
+ldap_tls_key = str, None, false
+ldap_tls_cipher_suite = str, None, false
+ldap_tls_reqcert = str, None, false
+ldap_sasl_mech = str, None, false
+ldap_sasl_authid = str, None, false
+krb5_kdcip = str, None, false
+krb5_server = str, None, false
+krb5_realm = str, None, false
+krb5_canonicalize = bool, None, false
+krb5_use_kdcinfo = bool, None, false
+ldap_krb5_keytab = str, None, false
+ldap_krb5_init_creds = bool, None, false
+ldap_entry_usn = str, None, false
+ldap_rootdse_last_usn = str, None, false
+ldap_referrals = bool, None, false
+ldap_krb5_ticket_lifetime = int, None, false
+ldap_dns_service_name = str, None, false
+ldap_deref = str, None, false
+ldap_page_size = int, None, false
+ldap_deref_threshold = int, None, false
+ldap_ignore_unreadable_references = bool, None, false
+ldap_sasl_canonicalize = bool, None, false
+ldap_sasl_minssf = int, None, false
+ldap_sasl_maxssf = int, None, false
+ldap_connection_expire_timeout = int, None, false
+ldap_connection_expire_offset = int, None, false
+ldap_connection_idle_timeout = int, None, false
+ldap_disable_paging = bool, None, false
+ldap_disable_range_retrieval = bool, None, false
+wildcard_limit = int, None, false
+
+[provider/ldap/id]
+ldap_search_timeout = int, None, false
+ldap_enumeration_search_timeout = int, None, false
+ldap_enumeration_refresh_timeout = int, None, false
+ldap_purge_cache_timeout = int, None, false
+ldap_id_use_start_tls = bool, None, false
+ldap_id_mapping = bool, None, false
+ldap_user_search_base = str, None, false
+ldap_user_search_scope = str, None, false
+ldap_user_search_filter = str, None, false
+ldap_user_extra_attrs = str, None, false
+ldap_user_object_class = str, None, false
+ldap_user_name = str, None, false
+ldap_user_uid_number = str, None, false
+ldap_user_gid_number = str, None, false
+ldap_user_gecos = str, None, false
+ldap_user_home_directory = str, None, false
+ldap_user_shell = str, None, false
+ldap_user_uuid = str, None, false
+ldap_user_objectsid = str, None, false
+ldap_user_primary_group = str, None, false
+ldap_user_principal = str, None, false
+ldap_user_fullname = str, None, false
+ldap_user_member_of = str, None, false
+ldap_user_modify_timestamp = str, None, false
+ldap_user_entry_usn = str, None, false
+ldap_user_shadow_last_change = str, None, false
+ldap_user_shadow_min = str, None, false
+ldap_user_shadow_max = str, None, false
+ldap_user_shadow_warning = str, None, false
+ldap_user_shadow_inactive = str, None, false
+ldap_user_shadow_expire = str, None, false
+ldap_user_shadow_flag = str, None, false
+ldap_user_krb_last_pwd_change = str, None, false
+ldap_user_krb_password_expiration = str, None, false
+ldap_user_authorized_service = str, None, false
+ldap_user_authorized_host = str, None, false
+ldap_user_authorized_rhost = str, None, false
+ldap_pwd_attribute = str, None, false
+ldap_user_ad_account_expires = str, None, false
+ldap_user_ad_user_account_control = str, None, false
+ldap_ns_account_lock = str, None, false
+ldap_user_nds_login_disabled = str, None, false
+ldap_user_nds_login_expiration_time = str, None, false
+ldap_user_nds_login_allowed_time_map = str, None, false
+ldap_user_ssh_public_key = str, None, false
+ldap_user_auth_type = str, None, false
+ldap_user_certificate = str, None, false
+ldap_user_email = str, None, false
+ldap_user_passkey = str, None, false
+ldap_group_search_base = str, None, false
+ldap_group_search_scope = str, None, false
+ldap_group_search_filter = str, None, false
+ldap_group_object_class = str, None, false
+ldap_group_name = str, None, false
+ldap_group_gid_number = str, None, false
+ldap_group_member = str, None, false
+ldap_group_uuid = str, None, false
+ldap_group_objectsid = str, None, false
+ldap_group_modify_timestamp = str, None, false
+ldap_group_entry_usn = str, None, false
+ldap_group_type = str, None, false
+ldap_group_external_member = str, None, false
+ldap_group_nesting_level = int, None, false
+ldap_force_upper_case_realm = bool, None, false
+ldap_netgroup_search_base = str, None, false
+ldap_netgroup_object_class = str, None, false
+ldap_netgroup_name = str, None, false
+ldap_netgroup_member = str, None, false
+ldap_netgroup_triple = str, None, false
+ldap_netgroup_modify_timestamp = str, None, false
+ldap_service_object_class = str, None, false
+ldap_service_name = str, None, false
+ldap_service_port = str, None, false
+ldap_service_proto = str, None, false
+ldap_service_search_base = str, None, false
+ldap_service_entry_usn = str, None, false
+ldap_idmap_range_min = int, None, false
+ldap_idmap_range_max = int, None, false
+ldap_idmap_range_size = int, None, false
+ldap_idmap_autorid_compat = bool, None, false
+ldap_idmap_default_domain = str, None, false
+ldap_idmap_default_domain_sid = str, None, false
+ldap_idmap_helper_table_size = int, None, false
+ldap_use_tokengroups = bool, None, false
+ldap_rfc2307_fallback_to_local_users = bool, None, false
+ldap_min_id = int, None, false
+ldap_max_id = int, None, false
+ldap_pwdlockout_dn = str, None, false
+ldap_library_debug_level = int, None, false
+
+[provider/ldap/auth]
+ldap_pwd_policy = str, None, false
+
+[provider/ldap/access]
+ldap_access_filter = str, None, false
+ldap_account_expire_policy = str, None, false
+ldap_access_order = str, None, false
+
+[provider/ldap/chpass]
+ldap_chpass_uri = str, None, false
+ldap_chpass_backup_uri = str, None, false
+ldap_chpass_dns_service_name = str, None, false
+ldap_chpass_update_last_change = bool, None, false
+
+[provider/ldap/sudo]
+ldap_sudo_search_base = str, None, false
+ldap_sudo_full_refresh_interval = int, None, false
+ldap_sudo_smart_refresh_interval = int, None, false
+ldap_sudo_random_offset = int, None, false
+ldap_sudo_use_host_filter = bool, None, false
+ldap_sudo_hostnames = str, None, false
+ldap_sudo_ip = str, None, false
+ldap_sudo_include_netgroups = bool, None, false
+ldap_sudo_include_regexp = bool, None, false
+ldap_sudorule_object_class = str, None, false
+ldap_sudorule_object_class_attr = str, None, false
+ldap_sudorule_name = str, None, false
+ldap_sudorule_command = str, None, false
+ldap_sudorule_host = str, None, false
+ldap_sudorule_user = str, None, false
+ldap_sudorule_option = str, None, false
+ldap_sudorule_runas = str, None, false
+ldap_sudorule_runasuser = str, None, false
+ldap_sudorule_runasgroup = str, None, false
+ldap_sudorule_notbefore = str, None, false
+ldap_sudorule_notafter = str, None, false
+ldap_sudorule_order = str, None, false
+
+[provider/ldap/autofs]
+ldap_autofs_map_master_name = str, None, false
+ldap_autofs_map_object_class = str, None, false
+ldap_autofs_map_name = str, None, false
+ldap_autofs_entry_object_class = str, None, false
+ldap_autofs_entry_key = str, None, false
+ldap_autofs_entry_value = str, None, false
+ldap_autofs_search_base = str, None, false
+
+[provider/ldap/resolver]
+ldap_iphost_search_base = str, None, false
+ldap_iphost_object_class = str, None, false
+ldap_iphost_name = str, None, false
+ldap_iphost_number = str, None, false
+ldap_iphost_entry_usn = str, None, false
+ldap_ipnetwork_search_base = str, None, false
+ldap_ipnetwork_object_class = str, None, false
+ldap_ipnetwork_name = str, None, false
+ldap_ipnetwork_number = str, None, false
+ldap_ipnetwork_entry_usn = str, None, false
diff --git a/src/config/etc/sssd.api.d/sssd-proxy.conf b/src/config/etc/sssd.api.d/sssd-proxy.conf
new file mode 100644
index 0000000..09bf82a
--- /dev/null
+++ b/src/config/etc/sssd.api.d/sssd-proxy.conf
@@ -0,0 +1,12 @@
+[provider/proxy]
+proxy_max_children = int, None, false
+
+[provider/proxy/id]
+proxy_lib_name = str, None, true
+proxy_fast_alias = bool, None, true
+
+[provider/proxy/auth]
+proxy_pam_target = str, None, true
+
+[provider/proxy/chpass]
+
diff --git a/src/config/etc/sssd.api.d/sssd-simple.conf b/src/config/etc/sssd.api.d/sssd-simple.conf
new file mode 100644
index 0000000..e14ea45
--- /dev/null
+++ b/src/config/etc/sssd.api.d/sssd-simple.conf
@@ -0,0 +1,7 @@
+[provider/simple]
+
+[provider/simple/access]
+simple_allow_users = str, None, false
+simple_deny_users = str, None, false
+simple_allow_groups = str, None, false
+simple_deny_groups = str, None, false