From 74a7d5805499a95a868ab4f43f77d34ccf9854a3 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 28 Sep 2011 11:13:55 -0400 Subject: LDAP: Update manpages with multiple search base information --- src/man/sssd-ldap.5.xml | 57 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 56 insertions(+), 1 deletion(-) diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 1e1958e71..7cc20ce66 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -109,7 +109,39 @@ performing LDAP user operations. - Default: If not set the value of the + Starting with SSSD 1.7.0, SSSD supports multiple + search bases using the syntax: + + + search_base[?scope?[filter][?search_base?scope?[filter]]*] + + + The scope can be one of "base", "onelevel" or "subtree". + + + The filter must be a valid LDAP search filter as + specified by http://www.ietf.org/rfc/rfc2254.txt + + + Examples: + + + ldap_search_base = dc=example,dc=com + (which is equivalent to) + ldap_search_base = dc=example,dc=com?subtree? + + + ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree? + + + Note: It is unsupported to have multiple search + bases which reference identically-named objects + (for example, groups with the same name in two + different search bases). This will lead to + unpredictable behavior on client machines. + + + Default: If not set, the value of the defaultNamingContext or namingContexts attribute from the RootDSE of the LDAP server is used. If defaultNamingContext does not exists or @@ -1455,6 +1487,11 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com An optional base DN to restrict netgroup searches to a specific subtree. + + See ldap_search_base for + information about configuring multiple search + bases. + Default: the value of ldap_search_base @@ -1469,6 +1506,11 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com An optional base DN to restrict user searches to a specific subtree. + + See ldap_search_base for + information about configuring multiple search + bases. + Default: the value of ldap_search_base @@ -1483,6 +1525,11 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com An optional base DN to restrict group searches to a specific subtree. + + See ldap_search_base for + information about configuring multiple search + bases. + Default: the value of ldap_search_base @@ -1497,6 +1544,10 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com This option specifies an additional LDAP search filter criteria that restrict user searches. + + This option is deprecated in + favor of the syntax used by ldap_user_search_base. + Default: not set @@ -1520,6 +1571,10 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com This option specifies an additional LDAP search filter criteria that restrict group searches. + + This option is deprecated in + favor of the syntax used by ldap_group_search_base. + Default: not set -- cgit