diff options
-rw-r--r-- | src/man/sssd-ipa.5.xml | 140 | ||||
-rw-r--r-- | src/man/sssd.conf.5.xml | 25 |
2 files changed, 165 insertions, 0 deletions
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index 6e26d5ae9..547fee554 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -177,6 +177,25 @@ </varlistentry> <varlistentry> + <term>ipa_selinux_search_base (string)</term> + <listitem> + <para> + Optional. Use the given string as search base for + SELinux user maps. + </para> + <para> + See <quote>ldap_search_base</quote> for + information about configuring multiple search + bases. + </para> + <para> + Default: the value of + <emphasis>ldap_search_base</emphasis> + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>krb5_validate (boolean)</term> <listitem> <para> @@ -368,6 +387,127 @@ </para> </listitem> </varlistentry> + + <varlistentry> + <term>ipa_selinux_usermap_object_class (string)</term> + <listitem> + <para> + The object class of a host entry in LDAP. + </para> + <para> + Default: ipaHost + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>ipa_selinux_usermap_name (string)</term> + <listitem> + <para> + The LDAP attribute that contains the name + of SELinux usermap. + </para> + <para> + Default: cn + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>ipa_selinux_usermap_member_user (string)</term> + <listitem> + <para> + The LDAP attribute that contains all users / groups + this rule match against. + </para> + <para> + Default: memberUser + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>ipa_selinux_usermap_member_host (string)</term> + <listitem> + <para> + The LDAP attribute that contains all hosts / hostgroups + this rule match against. + </para> + <para> + Default: memberHost + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>ipa_selinux_usermap_see_also (string)</term> + <listitem> + <para> + The LDAP attribute that contains DN of HBAC + rule which can be used for matching instead + of memberUser and memberHost + </para> + <para> + Default: seeAlso + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>ipa_selinux_usermap_selinux_user (string)</term> + <listitem> + <para> + The LDAP attribute that contains SELinux user + string itself. + </para> + <para> + Default: ipaSELinuxUser + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>ipa_selinux_usermap_enabled (string)</term> + <listitem> + <para> + The LDAP attribute that contains whether + or not is user map enabled for usage. + </para> + <para> + Default: ipaEnabledFlag + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>ipa_selinux_usermap_user_category (string)</term> + <listitem> + <para> + The LDAP attribute that contains user category + such as 'all'. + </para> + <para> + Default: userCategory + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>ipa_selinux_usermap_host_category (string)</term> + <listitem> + <para> + The LDAP attribute that contains host category + such as 'all'. + </para> + <para> + Default: hostCategory + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>ipa_selinux_usermap_uuid (string)</term> + <listitem> + <para> + The LDAP attribute that contains unique ID + of the user map. + </para> + <para> + Default: ipaUniqueID + </para> + </listitem> + </varlistentry> </variablelist> </para> </refsect1> diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 7217c9dd7..0a81e7650 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -1026,6 +1026,31 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term>session_provider (string)</term> + <listitem> + <para> + The provider which should handle loading of session + settings. + Supported session providers are: + </para> + <para> + <quote>ipa</quote> to load session settings + from an IPA server. See + <citerefentry> + <refentrytitle>sssd-ipa</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> for more information on configuring IPA. + </para> + <para> + <quote>none</quote> disallows fetching session settings explicitly. + </para> + <para> + Default: <quote>id_provider</quote> is used if it + is set and can handle session loading requests. + </para> + </listitem> + </varlistentry> <varlistentry> <term>lookup_family_order (string)</term> |