From 1957db5ed61770e3196fc82512824dacfbb64d58 Mon Sep 17 00:00:00 2001 From: David O'Brien Date: Tue, 12 Jan 2010 12:28:19 +1000 Subject: Copy-edit, mainly fixing typos and English Some reformatting to stay within 79 char line length. Better definition of server vs. machine usage in failover section. --- server/man/include/failover.xml | 5 +- server/man/sssd-ldap.5.xml | 134 +++++++++++++++++++--------------------- 2 files changed, 68 insertions(+), 71 deletions(-) diff --git a/server/man/include/failover.xml b/server/man/include/failover.xml index 7c37bb403..efe3ee424 100644 --- a/server/man/include/failover.xml +++ b/server/man/include/failover.xml @@ -34,8 +34,9 @@ currently hard coded to 30 seconds. - If there are no more servers to try, the back end as a whole - switches to offline mode for a certain period of time. + If there are no more machines to try, the back end as a whole + switches to offline mode, and then attempts to reconnect + every 30 seconds. diff --git a/server/man/sssd-ldap.5.xml b/server/man/sssd-ldap.5.xml index dc146ea25..affa2d1bc 100644 --- a/server/man/sssd-ldap.5.xml +++ b/server/man/sssd-ldap.5.xml @@ -26,17 +26,16 @@ sssd 8 . - For detailed syntax reference, please refer to + Refer to the FILE FORMAT section of the sssd.conf 5 - manual page, section FILE FORMAT - + manual page for detailed syntax information. - There can be more than one LDAP domain configured with SSSD. + You can configure SSSD to use more than one LDAP domain. - If you want to authenticate against an LDAP server TLS/SSL is + If you want to authenticate against an LDAP server then TLS/SSL is required. sssd does not support authentication over an unencrypted channel. If the LDAP server is used only as an identify provider, an encrypted channel @@ -47,12 +46,12 @@ CONFIGURATION OPTIONS - All the common configuration options for SSSD domains apply - for LDAP domains, too. See the + All of the common configuration options that apply to SSSD domains also apply + to LDAP domains. Refer to the DOMAIN SECTIONS section of the sssd.conf 5 - manual page, section DOMAIN SECTIONS + manual page for full details. @@ -60,9 +59,8 @@ Specifies the list of URIs of the LDAP servers to which - SSSD should connect in the order of preference. For more - information on failover and server redundancy, see the - FAILOVER section. + SSSD should connect in the order of preference. Refer to the + FAILOVER section for more information on failover and server redundancy. Default: ldap://localhost @@ -86,21 +84,20 @@ Specifies the Schema Type in use on the target LDAP server. - Depending on the selected schema the default + Depending on the selected schema, the default attribute names retrieved from the servers may vary. - Also the way some attributes are handled may differ. + The way that some attributes are handled may also differ. - There are currently 2 schema types supported: + Two schema types are currently supported: rfc2307 rfc2307bis - The main difference between these 2 schema types is - how group memberships are recorder in the server. - With rfc2307 group members are listed by name in an - attribute called memberUid. - With rfc2307bis grpoup members are listed by DN and - stored in an attribute called - member. + The main difference between these two schema types is + how group memberships are recorded in the server. + With rfc2307, group members are listed by name in the + memberUid attribute. + With rfc2307bis, group members are listed by DN and + stored in the member attribute. @@ -124,8 +121,7 @@ The type of the authentication token of the - default bind DN. So far "password" is the only - supported value. + default bind DN. The only currently supported value is "password". @@ -135,7 +131,7 @@ The authentication token of the default bind DN. - So far only a clear text password is supported. + Only clear text passwords are currently supported. @@ -170,7 +166,7 @@ ldap_user_name (string) - The LDAP attribute that corresponds to + The LDAP attribute that corresponds to the user's login name. @@ -183,7 +179,7 @@ ldap_user_uid_number (string) - The LDAP attribute that corresponds to + The LDAP attribute that corresponds to the user's id. @@ -196,7 +192,7 @@ ldap_user_gid_number (string) - The LDAP attribute that corresponds to + The LDAP attribute that corresponds to the user's primary group id. @@ -209,7 +205,7 @@ ldap_user_gecos (string) - The LDAP attribute that corresponds to + The LDAP attribute that corresponds to the user's gecos field. @@ -222,8 +218,8 @@ ldap_user_home_directory (string) - The LDAP attribute that contains the name of the - home directory of a user. + The LDAP attribute that contains the name of the user's + home directory. Default: homeDirectory @@ -235,7 +231,7 @@ ldap_user_shell (string) - The LDAP attribute that contains the path of the + The LDAP attribute that contains the path to the user's default shell. @@ -249,7 +245,7 @@ The LDAP attribute that contains the UUID/GUID of - a LDAP user object. + an LDAP user object. Default: nsUniqueId @@ -261,8 +257,8 @@ ldap_user_principal (string) - The LDAP attribute that contains the Kerberos - User Principle Name (UPN) of the user. + The LDAP attribute that contains the user's Kerberos + User Principle Name (UPN). Default: krbPrincipalName @@ -275,10 +271,10 @@ Some directory servers, for example Active Directory, - might deliver the realm part of the UPN lower case - which may cause the authentication to fail. Set this - option to a non-zero value, if you want to use an - upper case realm. + might deliver the realm part of the UPN in lower case, + which might cause the authentication to fail. Set this + option to a non-zero value if you want to use an + upper-case realm. Default: false @@ -290,8 +286,8 @@ ldap_user_fullname (string) - The LDAP attribute that corresponds to - full name of the user. + The LDAP attribute that corresponds to the + user's full name. Default: cn @@ -303,7 +299,7 @@ ldap_user_member_of (string) - The LDAP attribute that list the user's + The LDAP attribute that lists the user's group memberships. @@ -355,7 +351,7 @@ ldap_group_gid_number (string) - The LDAP attribute that corresponds to + The LDAP attribute that corresponds to the group's id. @@ -369,7 +365,7 @@ The LDAP attribute that contains the names of - the members of the group. + the group's members. Default: memberuid (rfc2307) / member (rfc2307bis) @@ -382,7 +378,7 @@ The LDAP attribute that contains the UUID/GUID of - a LDAP group object. + an LDAP group object. Default: nsUniqueId @@ -423,7 +419,7 @@ Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs will abort if no response is received. Also controls the timeout - when communicating to KDC in case of SASL bind. + when communicating with the KDC in case of SASL bind. Default: 5 @@ -478,12 +474,12 @@ Specifies the file that contains certificates for - all of the Certificate Authorities + all of the Certificate Authorities that sssd will recognize. Default: use OpenLDAP defaults, typically in - /etc/openldap/ldap.conf + /etc/openldap/ldap.conf @@ -496,12 +492,12 @@ Certificate Authority certificates in separate individual files. Typically the file names need to be the hash of the certificate followed by '.0'. - If available cacertdir_rehash + If available, cacertdir_rehash can be used to create the correct names. Default: use OpenLDAP defaults, typically in - /etc/openldap/ldap.conf + /etc/openldap/ldap.conf @@ -511,7 +507,7 @@ Specifies that the id_provider connection must also - use tls to protect the channel. + use tls to protect the channel. Default: false @@ -523,7 +519,7 @@ ldap_sasl_mech (string) - Specify the sasl mechanism to use. + Specify the SASL mechanism to use. Currently only GSSAPI is tested and supported. @@ -536,8 +532,8 @@ ldap_sasl_authid (string) - Specify the sasl authorization id to use. - When GSSAPI is used, this represents the kerberos + Specify the SASL authorization id to use. + When GSSAPI is used, this represents the Kerberos principal used for authentication to the directory. @@ -550,10 +546,10 @@ ldap_krb5_keytab (string) - Specify keytab to use when using SASL/GSSAPI. + Specify the keytab to use when using SASL/GSSAPI. - Default: System keytab, normally /etc/krb5.keytab + Default: System keytab, normally /etc/krb5.keytab @@ -563,8 +559,8 @@ Specifies that the id_provider should init - kerberos credentials (TGT). - This action is perfromed only if SASL is used and + Kerberos credentials (TGT). + This action is performed only if SASL is used and the mechanism selected is GSSAPI. @@ -577,10 +573,10 @@ krb5_realm (string) - Specify the kerberos REALM (for SASL/GSSAPI auth). + Specify the Kerberos REALM (for SASL/GSSAPI auth). - Default: System defaults, see /etc/krb5.conf + Default: System defaults, see /etc/krb5.conf @@ -594,21 +590,21 @@ are allowed: - none No evaluation on the - client side. This option cannot disable server side + none - No evaluation on the + client side. This option cannot disable server-side password policies. - shadow use + shadow - Use shadow 5 style - attributes to evaluate if the password is expired. - Please note that the current version of sssd cannot + attributes to evaluate if the password has expired. + Note that the current version of sssd cannot update this attribute during a password change. - mit_kerberos use the attributes - used by MIT Kerberos to evaluate if the password is + mit_kerberos - Use the attributes + used by MIT Kerberos to determine if the password has expired. Use chpass_provider=krb5 to update these attributes when the password is changed. @@ -628,7 +624,7 @@ EXAMPLE The following example assumes that SSSD is correctly - configured and LDAP is set set one of the domains in the + configured and LDAP is set to one of the domains in the [domains] section. @@ -648,8 +644,8 @@ NOTES - Description of some of the configuration options in this manual - page is based on + The descriptions of some of the configuration options in this manual + page are based on the ldap.conf 5 manual page from the OpenLDAP 2.4 distribution. -- cgit