4 files changed, 89 insertions, 1 deletions

diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 38c0e02eb..a26c42534 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -228,6 +228,13 @@ option_strings = {
     'ldap_netgroup_uuid' : _('Netgroup UUID attribute'),
     'ldap_netgroup_modify_timestamp' : _('Modification time attribute for netgroups'),
 
+    'ldap_service_search_base' : _('Base DN for service lookups'),
+    'ldap_service_object_class' : _('Objectclass for services'),
+    'ldap_service_name' : _('Service name attribute'),
+    'ldap_service_port' : _('Service port attribute'),
+    'ldap_service_proto' : _('Service protocol attribute'),
+    #replaced by ldap_entry_usn# 'ldap_service_entry_usn' : _('Service entryUSN attribute'),
+
     # [provider/ldap/auth]
     'ldap_pwd_policy' : _('Policy to evaluate the password expiration'),
 
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index 97e7ceedb..fae996312 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -96,6 +96,12 @@ ipa_netgroup_member_host = str, None, false
 ipa_netgroup_member_ext_host = str, None, false
 ipa_netgroup_domain = str, None, false
 ipa_netgroup_uuid = str, None, false
+ldap_service_object_class = str, None, false
+ldap_service_name = str, None, false
+ldap_service_port = str, None, false
+ldap_service_proto = str, None, false
+ldap_service_search_base = str, None, false
+ldap_service_entry_usn = str, None, false
 ipa_host_object_class = str, None, false
 ipa_host_fqdn = str, None, false
 
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index efeda3aee..57f7688c6 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -94,7 +94,12 @@ ldap_netgroup_member = str, None, false
 ldap_netgroup_triple = str, None, false
 ldap_netgroup_uuid = str, None, false
 ldap_netgroup_modify_timestamp = str, None, false
-
+ldap_service_object_class = str, None, false
+ldap_service_name = str, None, false
+ldap_service_port = str, None, false
+ldap_service_proto = str, None, false
+ldap_service_search_base = str, None, false
+ldap_service_entry_usn = str, None, false
 
 [provider/ldap/auth]
 ldap_pwd_policy = str, None, false
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 3228e624c..fc396d94e 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -887,6 +887,76 @@
                 </varlistentry>
 
                 <varlistentry>
+                    <term>ldap_service_object_class (string)</term>
+                    <listitem>
+                        <para>
+                            The object class of a service entry in LDAP.
+                        </para>
+                        <para>
+                            Default: ipService
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                    <term>ldap_service_name (string)</term>
+                    <listitem>
+                        <para>
+                            The LDAP attribute that contains the name of
+                            service attributes and their aliases.
+                        </para>
+                        <para>
+                            Default: cn
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                    <term>ldap_service_port (string)</term>
+                    <listitem>
+                        <para>
+                            The LDAP attribute that contains the port managed
+                            by this service.
+                        </para>
+                        <para>
+                            Default: ipServicePort
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                    <term>ldap_service_proto (string)</term>
+                    <listitem>
+                        <para>
+                            The LDAP attribute that contains the protocols
+                            understood by this service.
+                        </para>
+                        <para>
+                            Default: ipServiceProtocol
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                    <term>ldap_service_search_base (string)</term>
+                    <listitem>
+                        <para>
+                            An optional base DN to restrict service searches
+                            to a specific subtree.
+                        </para>
+                        <para>
+                            See <quote>ldap_search_base</quote> for
+                            information about configuring multiple search
+                            bases.
+                        </para>
+                        <para>
+                            Default: the value of
+                            <emphasis>ldap_search_base</emphasis>
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
                     <term>ldap_search_timeout (integer)</term>
                     <listitem>
                         <para>