summaryrefslogtreecommitdiffstats
path: root/src/man/sssd-ldap.5.xml
Commit message (Collapse)AuthorAgeFilesLines
* MAN: page edit for ldap_use_tokengroupsDan Lavu2014-11-191-1/+12
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2448 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* LDAP: Disable token groups by defaultLukas Slebodnik2014-11-121-1/+1
| | | | | | | | | | | | | | | | We tried to speed up processing of initgroup lookups with tokenGroups even for the LDAP provider (if remote server is Active Directory), but it turns out that there are too many corner cases that we didn't catch during development that break. For instance, groups from other trusted domains might appear in TG and the LDAP provider isn't equipped to handle them. Overall, users who wish to use the added speed benefits of tokenGroups are advised to use the AD provider. Resolves: https://fedorahosted.org/sssd/ticket/2483 Reviewed-by: Michal Židek <mzidek@redhat.com>
* Revert "LDAP: Change defaults for ldap_user/group_objectsid"Lukas Slebodnik2014-11-101-2/+2
| | | | | | | | | | | | This reverts commit f834f712548db811695ea0fd6d6b31d3bd03e2a3. OpenLDAP server cannot dereference unknown attributes. The attribute objectSID isn't in any standard objectclass on OpenLDAP server. This is a reason why objectSID cannot be set by default in rfc2307 map and rfc2307bis map. It is the same problem as using non standard attribute "nsUniqueId" in ticket https://fedorahosted.org/sssd/ticket/2383 Reviewed-by: Michal Židek <mzidek@redhat.com>
* Fix uuid defaultsSumit Bose2014-11-061-2/+4
| | | | | | | | | | | | | | | | | | Recently the uuid attributes for user and groups were removed because it was found that there are not used at all and that some of them where causing issues (https://fedorahosted.org/sssd/ticket/2383). The new views/overrides feature of FreeIPA uses the ipaUniqueID attribute to relate overrides with the original IPA objects. The previous two patches revert the removal of the uuid attributes from users and groups with this patch set the default value of these attributes to ipaUniqueID from the IPA provider, to objectGUID for the AD provider and leaves them unset for the general LDAP case to avoid issues like the one from ticket #2383. Related to https://fedorahosted.org/sssd/ticket/2481 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Revert "LDAP: Remove unused option ldap_group_uuid"Sumit Bose2014-11-061-0/+13
| | | | | | This reverts commit b5242c146cc0ca96e2b898a74fb060efda15bc77. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Revert "LDAP: Remove unused option ldap_user_uuid"Sumit Bose2014-11-061-0/+13
| | | | | | This reverts commit dfb2960ab251f609466fa660449703835c97f99a. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* MAN PAGE: modified sssd-ldap.5.xml for sssd ticket #2451Dan Lavu2014-10-221-1/+25
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2451 Added a configuration example at the bottom for 'ldap_access_order = lockout'. Also added a line to note that 'ldap_access_provider = ldap' must be specified for this feature to work. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: Change defaults for ldap_user/group_objectsidMichal Zidek2014-10-161-2/+2
| | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2361 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MAN: Fix a conversion of seconds to hoursLukas Slebodnik2014-09-011-1/+1
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2423 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* SDAP: Set default value of ldap_user_ssh_public_key to "sshPublicKey"Jan Cholasta2014-09-011-0/+3
| | | | | | https://fedorahosted.org/sssd/ticket/1560 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MAN: options 'lockout' and 'ldap_pwdlockout_dn'Pavel Reichl2014-08-271-0/+27
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2364 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* LDAP: Remove unused option ldap_user_uuidLukas Slebodnik2014-07-251-13/+0
| | | | | | | | | | | | | | | | | | | | | | There is problem with OpenLDAP server and dereferencing of attributes that is not in the schema of the server? sh-4.2$ ldapsearch -x -LLL -h openldap.server.test -b 'dc=example,dc=com' \ -E 'deref=member:uid,dummy_attr' cn=ref_grp Protocol error (2) Additional information: Dereference control: attribute decoding error sh-4.2$ echo $? 2 The attribute nsUniqueID is a 389-only, non-standard attribute. It is an operational attribute that is not in the rfc2307bis nor inetOrgPerson nor posixAccount schema. It was a default value of option ldap_user_uuid, but it was not use anywhere. Resolves: https://fedorahosted.org/sssd/ticket/2383 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: Remove unused option ldap_group_uuidLukas Slebodnik2014-07-251-13/+0
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: Remove unused option ldap_netgroup_uuidLukas Slebodnik2014-07-251-17/+0
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Add reference to manual page sssd-sudoLukas Slebodnik2014-06-031-0/+9
| | | | Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* MAN: hint nested groups by simple access providerPavel Reichl2014-06-021-1/+8
| | | | | | | | | | | sssd-ldap hints to use the simple access provider if a nested group membership is needed. Add explicit notice in sssd-simple about support of nested group membership. Resolves: https://fedorahosted.org/sssd/ticket/2308 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* SDAP: Add option to disable use of Token-GroupsPavel Reichl2014-06-021-0/+14
| | | | | | | | | | | Disabling use of Token-Groups is mandatory if expansion of nested groups is not desired (ldap_group_nesting_level = 0) for AD provider. Resolves: https://fedorahosted.org/sssd/ticket/2294 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Detailed ldap_group_nesting_level optionPavel Reichl2014-06-021-0/+16
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2294 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: Make it possible to extend an attribute mapJakub Hrozek2014-05-021-0/+48
| | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2073 This commit adds a new option ldap_user_extra_attrs that is unset by default. When set, the option contains a list of LDAP attributes the LDAP provider would download and store in addition to the usual set. The list can either contain LDAP attribute names only, or colon-separated tuples of LDAP attribute and SSSD cache attribute name. In case only LDAP attribute name is specified, the attribute is saved to the cache verbatim. Using a custom SSSD attribute name might be required by environments that configure several SSSD domains with different LDAP schemas. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* MAN: Clarify the ldap_access_filter option furtherJakub Hrozek2014-02-261-4/+5
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/2235 The memberof example was misleading and was making aministrators think that the ldap_access_filter can resolve nested group memberships. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* Add new option ldap_group_typeSumit Bose2013-12-191-0/+21
|
* Add ldap_autofs_map_master_name optionCove Schneider2013-11-121-0/+13
|
* MAN: Fix refsect-idJakub Hrozek2013-10-111-1/+1
| | | | | | The refsect id was copied from sssd.conf(5) and was wrong. Fixing the refsect might help us if we ever generate other formats from XML and certainly wouldn't hurt.
* man: server side password policies always takes precedencePavel Březina2013-09-241-0/+5
| | | | https://fedorahosted.org/sssd/ticket/2091
* LDAP: Deprecate ldap_{user,group}_search_filterJakub Hrozek2013-09-201-44/+0
|
* MAN: Fix provider man page subtitleJakub Hrozek2013-09-201-1/+1
|
* Add now options ldap_min_id and ldap_max_idSumit Bose2013-06-281-0/+21
| | | | | | | Currently the range for Posix IDs stored in an LDAP server is unbound. This might lead to conflicts in a setup with AD and trusts when the configured domain uses IDs from LDAP. With the two noe options this conflict can be avoided.
* Fix minor typosYuri Chornoivan2013-06-121-1/+1
|
* A new option krb5_use_kdcinfoJakub Hrozek2013-06-101-0/+28
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/1883 The patch introduces a new Kerberos provider option called krb5_use_kdcinfo. The option is true by default in all providers. When set to false, the SSSD will not create krb5 info files that the locator plugin consumes and the user would have to set up the Kerberos options manually in krb5.conf
* man: document the need to set ldap_access_orderJakub Hrozek2013-06-101-0/+21
| | | | | | | | https://fedorahosted.org/sssd/ticket/1789 ldap_access_order must be set in order to non-default access control options to work. This patch amends the sssd-ldap man page to document this fact with all non-default ldap_access_order options.
* Adding option to disable retrieving large AD groups.Lukas Slebodnik2013-05-231-0/+21
| | | | | | | | | This commit adds new option ldap_disable_range_retrieval with default value FALSE. If this option is enabled, large groups(>1500) will not be retrieved and behaviour will be similar like was before commit ae8d047122c "LDAP: Handle very large Active Directory groups" https://fedorahosted.org/sssd/ticket/1823
* ldap: Fallback option for rfc2307 schemaSimo Sorce2013-03-201-0/+31
| | | | | | | | | | | Add option to fallback to fetch local users if rfc2307is being used. This is useful for cases where people added local users as LDAP members and rely on these group memberships to be maintained on the local host. Disabled by default as it violates identity domain separation. Ticket: https://fedorahosted.org/sssd/ticket/1020
* Remove enumerate=true from man sssd-ldapJakub Hrozek2013-02-261-1/+0
| | | | https://fedorahosted.org/sssd/ticket/1737
* sudo manpage: clarify that sudoHost may contain wildcards and not regular ↵Pavel Březina2012-12-111-1/+1
| | | | | | expression https://fedorahosted.org/sssd/ticket/1690
* LDAP: Make it possible to use full principal in ldap_sasl_authid againJakub Hrozek2012-11-191-0/+5
|
* MAN: document the ldap_sasl_realm optionJakub Hrozek2012-11-191-0/+13
| | | | The option was completely undocumented.
* man: Note that automounter must be restarted to re-read the master mapJakub Hrozek2012-10-051-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1563
* manpage: ldap_access_filter is not always mandatoryPavel Březina2012-10-051-5/+7
| | | | https://fedorahosted.org/sssd/ticket/1540
* Flip the default value of ldap_initgroups_use_matching_rule_in_chainJakub Hrozek2012-10-021-2/+2
| | | | https://fedorahosted.org/sssd/ticket/1535
* sudo and autofs search bases should not be marked experimentalJakub Hrozek2012-10-011-2/+2
| | | | https://fedorahosted.org/sssd/ticket/1541
* Document ldap_chpass_update_last_changeJakub Hrozek2012-10-011-0/+15
| | | | | | Add the option to the manual page and the configAPI https://fedorahosted.org/sssd/ticket/1494
* sssd-ldap manpage: ldap_scheme formattingOndrej Kos2012-09-261-6/+26
| | | | | | fixes https://fedorahosted.org/sssd/ticket/1483 ldap schemes now displayed as bullet list
* autofs, sudo, ssh and PAC are not experimental anymoreJakub Hrozek2012-09-241-2/+0
|
* MAN: Improve description of ldap_*_search_base optionsStephen Gallagher2012-08-101-96/+6
| | | | | It was ambiguous that these options supported the new multiple search base format, as well as the search filters.
* MAN: Fix minor typo in ldap_search_base sectionStephen Gallagher2012-08-101-1/+1
|
* Change default value of ldap_sasl_string to host/hostname@REALM in man page.Michal Zidek2012-08-091-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1464
* Primary server support: new options in krb5 providerJan Zeleny2012-08-011-1/+1
| | | | | | This patch adds support for new config options krb5_backup_server and krb5_backup_kpasswd. The description of this option's functionality is included in man page in one of previous patches.
* Primary server support: new option in ldap providerJan Zeleny2012-08-011-4/+4
| | | | | | This patch adds support for new config option ldap_backup_uri. The description of this option's functionality is included in man page in previous patch.
* sudo ldap provider: support autoconfiguration of hostnamesPavel Březina2012-07-301-3/+3
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1420 sudoHost attribute may contain hostname or fqdn of the machine. Sudo itself supports only one hostname and its fqdn - the one that is returned by gethostbyname(). This patch implements autoconfiguration of hostname and fqdn if it has not been set manually by ldap_sudo_hostnames option.
* MAN: Unify "SEE ALSO" sectionsStephen Gallagher2012-07-061-14/+2
|
generated by cgit (git 2.34.1) at 2024-05-18 03:26:09 +0000