summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/man/sssd-ipa.5.xml140
-rw-r--r--src/man/sssd.conf.5.xml25
2 files changed, 165 insertions, 0 deletions
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index 6e26d5ae9..547fee554 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -177,6 +177,25 @@
</varlistentry>
<varlistentry>
+ <term>ipa_selinux_search_base (string)</term>
+ <listitem>
+ <para>
+ Optional. Use the given string as search base for
+ SELinux user maps.
+ </para>
+ <para>
+ See <quote>ldap_search_base</quote> for
+ information about configuring multiple search
+ bases.
+ </para>
+ <para>
+ Default: the value of
+ <emphasis>ldap_search_base</emphasis>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>krb5_validate (boolean)</term>
<listitem>
<para>
@@ -368,6 +387,127 @@
</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term>ipa_selinux_usermap_object_class (string)</term>
+ <listitem>
+ <para>
+ The object class of a host entry in LDAP.
+ </para>
+ <para>
+ Default: ipaHost
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ipa_selinux_usermap_name (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains the name
+ of SELinux usermap.
+ </para>
+ <para>
+ Default: cn
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ipa_selinux_usermap_member_user (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains all users / groups
+ this rule match against.
+ </para>
+ <para>
+ Default: memberUser
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ipa_selinux_usermap_member_host (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains all hosts / hostgroups
+ this rule match against.
+ </para>
+ <para>
+ Default: memberHost
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ipa_selinux_usermap_see_also (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains DN of HBAC
+ rule which can be used for matching instead
+ of memberUser and memberHost
+ </para>
+ <para>
+ Default: seeAlso
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ipa_selinux_usermap_selinux_user (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains SELinux user
+ string itself.
+ </para>
+ <para>
+ Default: ipaSELinuxUser
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ipa_selinux_usermap_enabled (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains whether
+ or not is user map enabled for usage.
+ </para>
+ <para>
+ Default: ipaEnabledFlag
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ipa_selinux_usermap_user_category (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains user category
+ such as 'all'.
+ </para>
+ <para>
+ Default: userCategory
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ipa_selinux_usermap_host_category (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains host category
+ such as 'all'.
+ </para>
+ <para>
+ Default: hostCategory
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ipa_selinux_usermap_uuid (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains unique ID
+ of the user map.
+ </para>
+ <para>
+ Default: ipaUniqueID
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</para>
</refsect1>
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 7217c9dd7..0a81e7650 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -1026,6 +1026,31 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>session_provider (string)</term>
+ <listitem>
+ <para>
+ The provider which should handle loading of session
+ settings.
+ Supported session providers are:
+ </para>
+ <para>
+ <quote>ipa</quote> to load session settings
+ from an IPA server. See
+ <citerefentry>
+ <refentrytitle>sssd-ipa</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry> for more information on configuring IPA.
+ </para>
+ <para>
+ <quote>none</quote> disallows fetching session settings explicitly.
+ </para>
+ <para>
+ Default: <quote>id_provider</quote> is used if it
+ is set and can handle session loading requests.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term>lookup_family_order (string)</term>