summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-07-19 14:42:41 -0400
committerJakub Hrozek <jhrozek@redhat.com>2012-07-20 20:19:03 +0200
commit5f879ab8b6c1cefbc63e1c2303f79b09b6246ca3 (patch)
treedbf983d545bbef4eb670cc10cb6ae9a0711de72b
parent813c26345fb0d41f86f20d365abe9d579c2bc397 (diff)
downloadsssd-5f879ab8b6c1cefbc63e1c2303f79b09b6246ca3.tar.gz
sssd-5f879ab8b6c1cefbc63e1c2303f79b09b6246ca3.tar.xz
sssd-5f879ab8b6c1cefbc63e1c2303f79b09b6246ca3.zip
MAN: Improvements to the AD provider manpage
Add information about ID mapping (including how to disable it) as well as information on how to handle homedir and shell. https://fedorahosted.org/sssd/ticket/1433
-rw-r--r--src/man/sssd-ad.5.xml98
-rw-r--r--src/man/sssd.conf.5.xml16
2 files changed, 114 insertions, 0 deletions
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index 46660b306..f9ef0f3d6 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -59,6 +59,16 @@
provider. No configuration of the access provider is required on
the client side.
</para>
+ <para>
+ By default, the AD provider will map UID and GID values from the
+ objectSID parameter in Active Directory. For details on this, see
+ the <quote>ID MAPPING</quote> section below. If you want to
+ disable ID mapping and instead rely on POSIX attributes defined in
+ Active Directory, you should set
+ <programlisting>
+ldap_id_mapping = False
+ </programlisting>
+ </para>
</refsect1>
<refsect1 id='file-format'>
@@ -118,6 +128,92 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>override_homedir (string)</term>
+ <listitem>
+ <para>
+ Override the user's home directory. You
+ can either provide an absolute value or a
+ template. In the template, the following
+ sequences are substituted:
+ <variablelist>
+ <varlistentry>
+ <term>%u</term>
+ <listitem><para>login name</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>%U</term>
+ <listitem><para>UID number</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>%d</term>
+ <listitem><para>domain name</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>%f</term>
+ <listitem><para>fully qualified user name (user@domain)</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>%%</term>
+ <listitem><para>a literal '%'</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </para>
+ <para>
+ This option can also be set per-domain.
+ </para>
+ <para>
+ example:
+ <programlisting>
+override_homedir = /home/%u
+ </programlisting>
+ </para>
+ <para>
+ Default: Not set (SSSD will use the value
+ retrieved from LDAP)
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>fallback_homedir (string)</term>
+ <listitem>
+ <para>
+ Set a default template for a user's home directory
+ if one is not specified explicitly by the domain's
+ data provider.
+ </para>
+ <para>
+ The available values for this option are the same
+ as for override_homedir.
+ </para>
+ <para>
+ example:
+ <programlisting>
+fallback_homedir = /home/%u
+ </programlisting>
+ </para>
+ <para>
+ Default: not set (no substitution for unset home
+ directories)
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>default_shell</term>
+ <listitem>
+ <para>
+ The default shell to use if the provider does not
+ return one during lookup. This option supersedes
+ any other shell options if it takes effect.
+ </para>
+ <para>
+ Default: not set (Return NULL if no shell is
+ specified and rely on libc to substitute something
+ sensible when necessary, usually /bin/sh)
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</para>
</refsect1>
@@ -126,6 +222,8 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/service_discovery.xml" />
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/ldap_id_mapping.xml" />
+
<refsect1 id='example'>
<title>EXAMPLE</title>
<para>
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index dbacf7aaa..26f05eae6 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -449,6 +449,16 @@
<para>
This option can also be set per-domain.
</para>
+ <para>
+ example:
+ <programlisting>
+override_homedir = /home/%u
+ </programlisting>
+ </para>
+ <para>
+ Default: Not set (SSSD will use the value
+ retrieved from LDAP)
+ </para>
</listitem>
</varlistentry>
<varlistentry>
@@ -464,6 +474,12 @@
as for override_homedir.
</para>
<para>
+ example:
+ <programlisting>
+override_homedir = /home/%u
+ </programlisting>
+ </para>
+ <para>
Default: not set (no substitution for unset home
directories)
</para>