diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2011-09-28 11:13:55 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-11-02 11:12:12 -0400 |
commit | 74a7d5805499a95a868ab4f43f77d34ccf9854a3 (patch) | |
tree | d47be04fe584895f4ed8680b01535e53d7c42f33 /src/man/sssd-ldap.5.xml | |
parent | 9fcfe80902655f495b7258218fc8114aa5d2c023 (diff) | |
download | sssd-74a7d5805499a95a868ab4f43f77d34ccf9854a3.tar.gz sssd-74a7d5805499a95a868ab4f43f77d34ccf9854a3.tar.xz sssd-74a7d5805499a95a868ab4f43f77d34ccf9854a3.zip |
LDAP: Update manpages with multiple search base information
Diffstat (limited to 'src/man/sssd-ldap.5.xml')
-rw-r--r-- | src/man/sssd-ldap.5.xml | 57 |
1 files changed, 56 insertions, 1 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 1e1958e71..7cc20ce66 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -109,7 +109,39 @@ performing LDAP user operations. </para> <para> - Default: If not set the value of the + Starting with SSSD 1.7.0, SSSD supports multiple + search bases using the syntax: + </para> + <para> + search_base[?scope?[filter][?search_base?scope?[filter]]*] + </para> + <para> + The scope can be one of "base", "onelevel" or "subtree". + </para> + <para> + The filter must be a valid LDAP search filter as + specified by http://www.ietf.org/rfc/rfc2254.txt + </para> + <para> + Examples: + </para> + <para> + ldap_search_base = dc=example,dc=com + (which is equivalent to) + ldap_search_base = dc=example,dc=com?subtree? + </para> + <para> + ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree? + </para> + <para> + Note: It is unsupported to have multiple search + bases which reference identically-named objects + (for example, groups with the same name in two + different search bases). This will lead to + unpredictable behavior on client machines. + </para> + <para> + Default: If not set, the value of the defaultNamingContext or namingContexts attribute from the RootDSE of the LDAP server is used. If defaultNamingContext does not exists or @@ -1456,6 +1488,11 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com to a specific subtree. </para> <para> + See <quote>ldap_search_base</quote> for + information about configuring multiple search + bases. + </para> + <para> Default: the value of <emphasis>ldap_search_base</emphasis> </para> @@ -1470,6 +1507,11 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com to a specific subtree. </para> <para> + See <quote>ldap_search_base</quote> for + information about configuring multiple search + bases. + </para> + <para> Default: the value of <emphasis>ldap_search_base</emphasis> </para> @@ -1484,6 +1526,11 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com to a specific subtree. </para> <para> + See <quote>ldap_search_base</quote> for + information about configuring multiple search + bases. + </para> + <para> Default: the value of <emphasis>ldap_search_base</emphasis> </para> @@ -1498,6 +1545,10 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com filter criteria that restrict user searches. </para> <para> + This option is <emphasis>deprecated</emphasis> in + favor of the syntax used by ldap_user_search_base. + </para> + <para> Default: not set </para> <para> @@ -1521,6 +1572,10 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com filter criteria that restrict group searches. </para> <para> + This option is <emphasis>deprecated</emphasis> in + favor of the syntax used by ldap_group_search_base. + </para> + <para> Default: not set </para> </listitem> |