diff options
| -rw-r--r-- | src/man/sssd-ldap.5.xml | 57 |
1 files changed, 56 insertions, 1 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 1e1958e71..7cc20ce66 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -109,7 +109,39 @@ performing LDAP user operations. </para> <para> - Default: If not set the value of the + Starting with SSSD 1.7.0, SSSD supports multiple + search bases using the syntax: + </para> + <para> + search_base[?scope?[filter][?search_base?scope?[filter]]*] + </para> + <para> + The scope can be one of "base", "onelevel" or "subtree". + </para> + <para> + The filter must be a valid LDAP search filter as + specified by http://www.ietf.org/rfc/rfc2254.txt + </para> + <para> + Examples: + </para> + <para> + ldap_search_base = dc=example,dc=com + (which is equivalent to) + ldap_search_base = dc=example,dc=com?subtree? + </para> + <para> + ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree? + </para> + <para> + Note: It is unsupported to have multiple search + bases which reference identically-named objects + (for example, groups with the same name in two + different search bases). This will lead to + unpredictable behavior on client machines. + </para> + <para> + Default: If not set, the value of the defaultNamingContext or namingContexts attribute from the RootDSE of the LDAP server is used. If defaultNamingContext does not exists or @@ -1456,6 +1488,11 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com to a specific subtree. </para> <para> + See <quote>ldap_search_base</quote> for + information about configuring multiple search + bases. + </para> + <para> Default: the value of <emphasis>ldap_search_base</emphasis> </para> @@ -1470,6 +1507,11 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com to a specific subtree. </para> <para> + See <quote>ldap_search_base</quote> for + information about configuring multiple search + bases. + </para> + <para> Default: the value of <emphasis>ldap_search_base</emphasis> </para> @@ -1484,6 +1526,11 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com to a specific subtree. </para> <para> + See <quote>ldap_search_base</quote> for + information about configuring multiple search + bases. + </para> + <para> Default: the value of <emphasis>ldap_search_base</emphasis> </para> @@ -1498,6 +1545,10 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com filter criteria that restrict user searches. </para> <para> + This option is <emphasis>deprecated</emphasis> in + favor of the syntax used by ldap_user_search_base. + </para> + <para> Default: not set </para> <para> @@ -1521,6 +1572,10 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com filter criteria that restrict group searches. </para> <para> + This option is <emphasis>deprecated</emphasis> in + favor of the syntax used by ldap_group_search_base. + </para> + <para> Default: not set </para> </listitem> |