diff options
author | Jan Zeleny <jzeleny@redhat.com> | 2010-08-25 09:27:31 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-09-07 10:26:47 -0400 |
commit | 8592686dfcd2e682e847a136716f840b35f639de (patch) | |
tree | ec843ca1ed8595d8c3ceec48ddcabf66d1240482 | |
parent | 91e8aec6b798a86e84d882cf2f55e1d76b5dbb27 (diff) | |
download | sssd-8592686dfcd2e682e847a136716f840b35f639de.tar.gz sssd-8592686dfcd2e682e847a136716f840b35f639de.tar.xz sssd-8592686dfcd2e682e847a136716f840b35f639de.zip |
Reviewed sssd-ldap man page
Some config options updated, newly documented 12 new options.
-rw-r--r-- | src/man/sssd-ldap.5.xml | 214 |
1 files changed, 207 insertions, 7 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 333ab31e2..346faf8de 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -87,17 +87,17 @@ attribute names retrieved from the servers may vary. The way that some attributes are handled may also differ. - Two schema types are currently supported: + Three schema types are currently supported: rfc2307 rfc2307bis + IPA - The main difference between these two schema types is + The main difference between these schema types is how group memberships are recorded in the server. With rfc2307, group members are listed by name in the <emphasis>memberUid</emphasis> attribute. - With rfc2307bis, group members are listed by DN and - stored in the <emphasis>member</emphasis> attribute. - + With rfc2307bis and IPA, group members are listed by DN + and stored in the <emphasis>member</emphasis> attribute. </para> <para> Default: rfc2307 @@ -253,6 +253,160 @@ </varlistentry> <varlistentry> + <term>ldap_user_modify_timestamp (string)</term> + <listitem> + <para> + The LDAP attribute that contains timestamp of the + last modification of the parent object. + </para> + <para> + Default: modifyTimestamp + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_user_shadow_last_change (string)</term> + <listitem> + <para> + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + <citerefentry> + <refentrytitle>shadow</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> counterpart (date of the last + password change). + </para> + <para> + Default: shadowLastChange + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_user_shadow_min (string)</term> + <listitem> + <para> + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + <citerefentry> + <refentrytitle>shadow</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> counterpart (minimum password age). + </para> + <para> + Default: shadowMin + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_user_shadow_max (string)</term> + <listitem> + <para> + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + <citerefentry> + <refentrytitle>shadow</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> counterpart (maximum password age). + </para> + <para> + Default: shadowMax + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_user_shadow_warning (string)</term> + <listitem> + <para> + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + <citerefentry> + <refentrytitle>shadow</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> counterpart (password warning + period). + </para> + <para> + Default: shadowWarning + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_user_shadow_inactive (string)</term> + <listitem> + <para> + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + <citerefentry> + <refentrytitle>shadow</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> counterpart (password inactivity + period). + </para> + <para> + Default: shadowInactive + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_user_shadow_expire (string)</term> + <listitem> + <para> + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + <citerefentry> + <refentrytitle>shadow</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> counterpart (account expiration date). + </para> + <para> + Default: shadowExpire + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_user_krb_last_pwd_change (string)</term> + <listitem> + <para> + When using ldap_pwd_policy=mit_kerberos, this + parameter contains the name of an LDAP attribute + storing the date and time of last password change + in kerberos. + </para> + <para> + Default: krbLastPwdChange + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_user_krb_password_expiration (string)</term> + <listitem> + <para> + When using ldap_pwd_policy=mit_kerberos, this + parameter contains the name of an LDAP attribute + storing the date and time when current password + expires. + </para> + <para> + Default: krbPasswordExpiration + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ldap_user_principal (string)</term> <listitem> <para> @@ -282,6 +436,20 @@ </varlistentry> <varlistentry> + <term>ldap_enumeration_refresh_timeout (integer)</term> + <listitem> + <para> + The LDAP attribute that contains how many seconds + SSSD has to wait before refreshing its cache of + enumerated records. + </para> + <para> + Default: 300 + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ldap_user_fullname (string)</term> <listitem> <para> @@ -386,6 +554,38 @@ </varlistentry> <varlistentry> + <term>ldap_group_modify_timestamp (string)</term> + <listitem> + <para> + The LDAP attribute that contains timestamp of the + last modification of the parent object. + </para> + <para> + Default: modifyTimestamp + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_search_timeout (integer)</term> + <listitem> + <para> + Specifies the timeout (in seconds) that ldap searches + are allowed to run before they are cancelled and + cached results are returned (and offline mode is + entered) + + Note: this option is subject to change in future versions + of the SSSD. It will likely be replaced at some point by + a series of timeouts for specific lookup types. + </para> + <para> + Default: 60 + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ldap_network_timeout (integer)</term> <listitem> <para> @@ -406,7 +606,7 @@ returns in case of no activity. </para> <para> - Default: 5 + Default: 6 </para> </listitem> </varlistentry> @@ -421,7 +621,7 @@ when communicating with the KDC in case of SASL bind. </para> <para> - Default: 5 + Default: 6 </para> </listitem> </varlistentry> |