summaryrefslogtreecommitdiffstats
path: root/src/man
Commit message (Collapse)AuthorAgeFilesLines
* Views: apply user SSH public key overrideSumit Bose2014-11-051-0/+3
| | | | | | | | | | | | | With this patch the SSH public key override attribute is read from the FreeIPA server and saved in the cache with the other override data. Since it is possible to have multiple public SSH keys this override value does not replace any other data but will be added to existing values. Fixes https://fedorahosted.org/sssd/ticket/2454 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* nss: parse user_attributes optionSumit Bose2014-11-051-0/+26
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* NSS: Possibility to use any shells in 'allowed_shells'Denis Kutin2014-10-221-0/+10
| | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2219 Signed-off-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MAN PAGE: modified sssd-ldap.5.xml for sssd ticket #2451Dan Lavu2014-10-221-1/+25
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2451 Added a configuration example at the bottom for 'ldap_access_order = lockout'. Also added a line to note that 'ldap_access_provider = ldap' must be specified for this feature to work. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SSSD: Load a user to run a service as from configurationJakub Hrozek2014-10-221-0/+13
| | | | | | | | | | | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2370 Adds a option, user to run as, that is specified in the [sssd] section. When this option is specified, SSSD will run as this user and his private group. When these are not specified, SSSD will run as the configure-time user and group (usually root). Currently all services and providers are started as root. There is a temporary svc_supported_as_nonroot() function that returns true for a service if that service runs and was tested as nonroot and false otherwise. Currently this function always returns false, but will be amended in future patches. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Updating the translations for the 1.12.2 releasesssd-1_12_2Jakub Hrozek2014-10-2016-5290/+10380
|
* LDAP: Change defaults for ldap_user/group_objectsidMichal Zidek2014-10-161-2/+2
| | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2361 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* IPA: add view support and get view nameSumit Bose2014-10-161-0/+142
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* NSS: UPN as a template expansion for homedir mappingsPavel Reichl2014-10-121-0/+4
| | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2340 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Build the sss_rpcidmapd man page conditionallyJakub Hrozek2014-10-091-1/+4
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* MAN: Document the domains option of pam_sssJakub Hrozek2014-10-011-0/+27
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* PAM: new options pam_trusted_users & pam_public_domainsPavel Reichl2014-09-291-0/+50
| | | | | | | | | | | | | pam_public_domains option is a list of numerical UIDs or user names that are trusted. pam_public_domains option is a list of domains accessible even for untrusted users. Based on: https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* MAN: AD is allowed value of subdomains_providerJakub Hrozek2014-09-181-0/+9
| | | | | | https://fedorahosted.org/sssd/ticket/2442 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Updating translations for the 1.12.1 releasesssd-1_12_1Jakub Hrozek2014-09-0816-12884/+24359
|
* MAN: Add sss_rpcidmapd.5.xml to the list of translatable man pagesJakub Hrozek2014-09-081-0/+1
|
* AD-GPO: config changes for gpo_map_* optionsYassir Elley2014-09-081-0/+329
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* NFSv4 client: man pageNoam Meltzer2014-09-083-1/+139
| | | | | | | | changes from previous patch: * fixed idmapd.conf example (sss plugin name) * squahsed the rpm spec into one commit Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SSS_CACHE: Allow sss_cache tool to flush SSH hosts cacheWilliam B2014-09-052-0/+37
| | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2358 Signed-off-by: Jan Cholasta <jcholast@redhat.com> Reviewed-by: Jan Cholasta <jcholast@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Replace space: add some checksSumit Bose2014-09-011-3/+5
| | | | | | | | | | | | | | | | | | | | | | | This patch adds some additional checks if the option for replacing spaces in user and group names is used. When replacing space with the replacement character it is checked if the name already contains the replacement character. If it does the unmodified name is returned because in this case a revers operation would not be possible. For the reverse operation is it checked if the input contains both a space and the replacement character. If this is true the unmodified name is returned as well, because we have to assume that it is the original name because otherwise it wouldn't contain both characters. Additionally a shortcut if the replacement characters is a space and tests for the new checks are added. The man page is updated accordingly. Related to https://fedorahosted.org/sssd/ticket/1854 and https://fedorahosted.org/sssd/ticket/2397 . Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Fix a conversion of seconds to hoursLukas Slebodnik2014-09-011-1/+1
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2423 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* SDAP: Set default value of ldap_user_ssh_public_key to "sshPublicKey"Jan Cholasta2014-09-011-0/+3
| | | | | | https://fedorahosted.org/sssd/ticket/1560 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MAN: options 'lockout' and 'ldap_pwdlockout_dn'Pavel Reichl2014-08-271-0/+27
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2364 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* BE: Handle SIGUSR2Jakub Hrozek2014-08-131-4/+8
| | | | | | | | | It was possible to send SIGUSR1 and to both sssd and sssd_be processes, but only possible to send SIGUSR2 to sssd. This patches fixes the dichotomy by making the sssd_be process handle SIGUSR2 as well. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Dan Lavu <dlavu@redhat.com>
* Make the space override responder-agnosticJakub Hrozek2014-08-131-17/+23
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2397 In order to make the override_space option usable by other responders, we need to move the override_space option to the generic responder structure. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Only replace space with the specified substitutionJakub Hrozek2014-08-131-5/+5
| | | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2397 - make sss_replace_whitespaces only replace space (' ') not any whitespace - make sss_replace_whitespaces only replace a single char, not the whole string - rename CONFDB_NSS_OVERRIDE_DEFAULT_WHITESPACE to CONFDB_NSS_OVERRIDE_DEFAULT_SPACE - rename the override_default_whitespace option to override_space - rename sss_replace_whitespaces() to sss_replace_space() - rename sss_reverse_replace_whitespaces() to sss_reverse_replace_space() - rename nctx->override_default_wsp_str to nctx->override_space - make the return value of sss_replace_space non-const to avoid freeing the result without compilation warnings Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* MAN: offline_timeoutMichal Zidek2014-08-121-4/+22
| | | | | | | | Amend the man page to reflect current behaviour. https://fedorahosted.org/sssd/ticket/2401 Reviewed-by: Dan Lavu <dlavu@redhat.com>
* build: Don't install ad and ipa man pages unnecessarilyNikolai Kondrashov2014-08-101-1/+5
| | | | | | | Don't install sssd-ipa and sssd-ad man pages if corresponding providers weren't built (i.e. --without-samba was specified to configure). Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* AD-GPO: add ad_gpo_cache_timeout optionYassir Elley2014-07-311-0/+16
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: case_sensitivity man page updateMichal Zidek2014-07-291-3/+30
| | | | | | | | Fixes: https://fedorahosted.org/sssd/ticket/2367 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* NSS: Replace spaces with specified string in names.Lukas Slebodnik2014-07-281-0/+17
| | | | | | | | | | | | This patch add possibility to replace whitespace in user and group names with a specified string. With string "-", sssd will return the same result as winbind enabled option "winbind normalize names" Resolves: https://fedorahosted.org/sssd/ticket/1854 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>
* LDAP: Remove unused option ldap_user_uuidLukas Slebodnik2014-07-251-13/+0
| | | | | | | | | | | | | | | | | | | | | | There is problem with OpenLDAP server and dereferencing of attributes that is not in the schema of the server? sh-4.2$ ldapsearch -x -LLL -h openldap.server.test -b 'dc=example,dc=com' \ -E 'deref=member:uid,dummy_attr' cn=ref_grp Protocol error (2) Additional information: Dereference control: attribute decoding error sh-4.2$ echo $? 2 The attribute nsUniqueID is a 389-only, non-standard attribute. It is an operational attribute that is not in the rfc2307bis nor inetOrgPerson nor posixAccount schema. It was a default value of option ldap_user_uuid, but it was not use anywhere. Resolves: https://fedorahosted.org/sssd/ticket/2383 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: Remove unused option ldap_group_uuidLukas Slebodnik2014-07-251-13/+0
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: Remove unused option ldap_netgroup_uuidLukas Slebodnik2014-07-251-17/+0
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Document that each provider type uses its own set of optionsJakub Hrozek2014-07-141-1/+4
| | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2281 Many users were configuring the combination of id_provider=ad access_provider=ldap expecting that the access_provider would use the same serves the id_provider does. That's not the case, each provider type must be configured separately. Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* MAN: local auth_provider is not documented in sssd.confJakub Hrozek2014-07-141-0/+4
| | | | | | | | https://fedorahosted.org/sssd/ticket/2359 Reported by Stephan Mueller. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Updating translations for the 1.12.0 releaseJakub Hrozek2014-07-0914-756/+758
|
* Updating the translations for the 1.12beta2 releasesssd-1_12_0_beta2Jakub Hrozek2014-06-0416-13816/+13737
|
* MAN: Fix a typo in the ldap_id_mapping pageJakub Hrozek2014-06-041-1/+1
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MAN: Add reference to manual page sssd-sudoLukas Slebodnik2014-06-032-0/+37
| | | | Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* PAM: add ignore_authinfo_unavail optionLukas Slebodnik2014-06-031-0/+14
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2232 Reviewed-by: Sumit Bose <sbose@redhat.com>
* MAN: hint nested groups by simple access providerPavel Reichl2014-06-022-1/+22
| | | | | | | | | | | sssd-ldap hints to use the simple access provider if a nested group membership is needed. Add explicit notice in sssd-simple about support of nested group membership. Resolves: https://fedorahosted.org/sssd/ticket/2308 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* NSS: Add option to expand homedir template formatLukas Slebodnik2014-06-025-0/+28
| | | | | | | | | LDAP server can contain template for home directory instead of plain string. This patch adds new expand option "%H", which will be replaced with value from configuration option homedir_substring (from sssd.conf) Resolves: https://fedorahosted.org/sssd/ticket/1853
* SDAP: Add option to disable use of Token-GroupsPavel Reichl2014-06-021-0/+14
| | | | | | | | | | | Disabling use of Token-Groups is mandatory if expansion of nested groups is not desired (ldap_group_nesting_level = 0) for AD provider. Resolves: https://fedorahosted.org/sssd/ticket/2294 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Detailed ldap_group_nesting_level optionPavel Reichl2014-06-021-0/+16
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2294 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TOOLS: Allow adding and modifying custom attributes with sss_usermodJakub Hrozek2014-06-011-0/+36
| | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2182 Adds three new options to the sss_usermod tool: --addattr --setattr --delattr The syntax is attrname=val1,val2, For example: sss_usermod --addattr=phone-123-456 tuser The operations are performed in the order of add, mod, del. Reviewed-by: Michal Židek <mzidek@redhat.com>
* man: clarify refresh_expired_intervalPavel Březina2014-06-011-3/+7
| | | | | | https://fedorahosted.org/sssd/ticket/2114 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* Updating the translations for the 1.12 beta1 releasesssd-1_12_0_beta1sssd-1_11_91sssd-1_11_90Jakub Hrozek2014-05-3016-22311/+31039
|
* MAN: Add sssd-ifp to the list of translatable manual pagesJakub Hrozek2014-05-301-0/+1
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* man: Substitute entity values for entity referencesLukas Slebodnik2014-05-301-1/+1
| | | | | | | | | | | Validation of xml files failed with new version of libxml2 (CVE-2014-0191) make[2]: Entering directory `/builddir/build/BUILD/sssd-1.9.2/src/man' /usr/bin/xmllint --catalogs --postvalid --nonet --xinclude --noout sss_usermod.8.xml sss_usermod.8.xml:4: element reference: validity error : No declaration for element reference sss_usermod.8.xml:5: element title: validity error : No declaration for element title Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: Per-attribute ACL for usersJakub Hrozek2014-05-131-0/+62
| | | | | | | | | | | Introduces a new option called user_attributes that allows to specify which user attributes are allowed to be queried from the IFP responder. By default only the default POSIX set is allowed, this option allows to either add other attributes (+attrname) or remove them from the default set (-attrname). Reviewed-by: Pavel Březina <pbrezina@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-26 00:58:28 +0000