From fee6c6a4cb7f851bb757088dae9e0720ae073d3c Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Thu, 24 Sep 2009 23:34:17 +0200 Subject: Manpages update --- server/man/sssd-krb5.5.xml | 26 ++-- server/man/sssd-ldap.5.xml | 66 ++++----- server/man/sssd.conf.5.xml | 325 ++++++++++++++++++++------------------------- 3 files changed, 193 insertions(+), 224 deletions(-) diff --git a/server/man/sssd-krb5.5.xml b/server/man/sssd-krb5.5.xml index 234b194a3..4de899192 100644 --- a/server/man/sssd-krb5.5.xml +++ b/server/man/sssd-krb5.5.xml @@ -46,7 +46,7 @@ for details on the configuration of a SSSD domain. - krb5KDCIP (string) + krb5_kdcip (string) Specifies the IP address of the Kerberos server. @@ -55,7 +55,7 @@ - krb5REALM (string) + krb5_realm (string) The name of the Kerberos realm. @@ -64,7 +64,7 @@ - krb5try_simple_upn (boolean) + krb5_try_simple_upn (boolean) Set this option to 'true' @@ -78,7 +78,7 @@ - krb5changepw_principle (string) + krb5_changepw_principle (string) The priciple of the change password service. @@ -93,7 +93,7 @@ - krb5ccache_dir (string) + krb5_ccachedir (string) Directory to store credential caches. @@ -105,7 +105,7 @@ - krb5ccname_template (string) + krb5_ccname_template (string) Location of the user's credential cache. Currently @@ -163,7 +163,7 @@ - krb5auth_timeout (integer) + krb5_auth_timeout (integer) Timeout in seconds after an online authentication or @@ -185,14 +185,16 @@ The following example assumes that SSSD is correctly configured and FOO is one of the domains in the - [domains] section. + [sssd] section. This example shows + only configuration of Kerberos authentication, it does not include + any identity provider. - [domains/FOO] - auth-module = krb5 - krb5KDCIP = 192.168.1.1 - krb5REALM = EXAMPLE.COM + [domain/FOO] + auth_provider = krb5 + krb5_kdcip = 192.168.1.1 + krb5_realm = EXAMPLE.COM diff --git a/server/man/sssd-ldap.5.xml b/server/man/sssd-ldap.5.xml index 176849a7f..4c7e07b6e 100644 --- a/server/man/sssd-ldap.5.xml +++ b/server/man/sssd-ldap.5.xml @@ -49,7 +49,7 @@ - ldapUri (string) + ldap_uri (string) Specifies the URI of the LDAP server to which @@ -62,7 +62,7 @@ - ldapSchema (string) + ldap_schema (string) Specifies the Schema Type in use on the target LDAP @@ -91,7 +91,7 @@ - defaultBindDn (string) + ldap_default_bind_dn (string) The default bind DN to use for @@ -101,7 +101,7 @@ - defaultAuthtokType (string) + ldap_default_authtok_type (string) The type of the authentication token of the @@ -112,7 +112,7 @@ - defaultAuthtok (string) + ldap_default_authtok (string) The authentication token of the default bind DN. @@ -122,7 +122,7 @@ - userSearchBase (string) + ldap_user_search_base (string) The default base DN to use for @@ -132,7 +132,7 @@ - userObjectClass (string) + ldap_user_object_class (string) The object class of a user entry in LDAP. @@ -144,7 +144,7 @@ - userName (string) + ldap_user_name (string) The LDAP attribute that corresponds to @@ -157,7 +157,7 @@ - userUidNumber (string) + ldap_user_uid_number (string) The LDAP attribute that corresponds to @@ -170,7 +170,7 @@ - userGidNumber (string) + ldap_user_gid_number (string) The LDAP attribute that corresponds to @@ -183,7 +183,7 @@ - userGecos (string) + ldap_user_gecos (string) The LDAP attribute that corresponds to @@ -196,7 +196,7 @@ - userHomeDirectory (string) + ldap_user_home_directory (string) The LDAP attribute that contains the name of the @@ -209,7 +209,7 @@ - userShell (string) + ldap_user_shell (string) The LDAP attribute that contains the path of the @@ -222,7 +222,7 @@ - userUUID (string) + ldap_user_uuid (string) The LDAP attribute that contains the UUID/GUID of @@ -235,7 +235,7 @@ - userPrincipal (string) + ldap_user_principal (string) The LDAP attribute that contains the Kerberos @@ -248,7 +248,7 @@ - force_upper_case_realm (boolean) + ldap_force_upper_case_realm (boolean) Some directory servers, for example Active Directory, @@ -264,7 +264,7 @@ - userFullname (string) + ldap_user_fullname (string) The LDAP attribute that corresponds to @@ -277,7 +277,7 @@ - userMemberOf (string) + ldap_user_member_of (string) The LDAP attribute that list the user's @@ -290,7 +290,7 @@ - groupSearchBase (string) + ldap_group_search_base (string) The default base DN to use for @@ -300,7 +300,7 @@ - groupObjectClass (string) + ldap_group_object_class (string) The object class of a group entry in LDAP. @@ -312,7 +312,7 @@ - groupName (string) + ldap_group_name (string) The LDAP attribute that corresponds to @@ -325,7 +325,7 @@ - groupGidNumber (string) + ldap_group_gid_number (string) The LDAP attribute that corresponds to @@ -338,7 +338,7 @@ - groupMember (string) + ldap_group_member (string) The LDAP attribute that contains the names of @@ -351,7 +351,7 @@ - groupUUID (string) + ldap_group_uuid (string) The LDAP attribute that contains the UUID/GUID of @@ -364,7 +364,7 @@ - network_timeout (integer) + ldap_network_timeout (integer) Specifies the timeout (in seconds) after which @@ -390,7 +390,7 @@ - opt_timeout (integer) + ldap_opt_timeout (integer) Specifies a timeout (in seconds) after which @@ -404,7 +404,7 @@ - tls_reqcert (string) + ldap_tls_reqcert (string) Specifies what checks to perform on server @@ -455,10 +455,14 @@ - [domains/LDAP] - auth-module = ldap - ldapUri = ldap://ldap.mydomain.org - userSearchBase = dc=mydomain,dc=org + [domain/LDAP] + id_provider = ldap + auth_provider = ldap + ldap_uri = ldap://ldap.mydomain.org + ldap_user_search_base = dc=mydomain,dc=org + ldap_tls_reqcert = demand + cache_credentials = true + enumerate = true diff --git a/server/man/sssd.conf.5.xml b/server/man/sssd.conf.5.xml index 83129eeb9..62d0c2b42 100644 --- a/server/man/sssd.conf.5.xml +++ b/server/man/sssd.conf.5.xml @@ -53,16 +53,18 @@ SPECIAL SECTIONS - The [services] section + The [sssd] section Individual pieces of SSSD functionality are provided by special SSSD services that are started and stopped together with SSSD. - The services are managed by a special service called - monitor. + The services are managed by a special service frequently called + monitor. The [sssd] section is used + to configure the monitor as well as some other important options + like the identity domains. Section parameters - activeServices + services Comma separated list of services that are @@ -91,121 +93,65 @@ + + domains + + + A domain is a database containing user + information. SSSD can use more domains + at the same time, but at least one + must be configured or SSSD won't start. + This parameter described the list of domains + in the order you want them to be queried. + + + + + re_expression (string) + + + Regular expression that describes how to parse the string + containing user name and domain into these components. + + + Default: (?P<name>[^@]+)@?(?P<domain>[^@]*$) + which translates to "the name is everything up to the + @ sign, the domain everything after that" + + + PLEASE NOTE: the support for non-unique named + subpatterns is not available on all plattforms + (e.g. RHEL5 and SLES10). Only plattforms with + libpcre version 7 or higher can support non-unique + named subpatterns. + + + PLEASE NOTE ALSO: older version of libpcre only + support the Python syntax (?P<name>) to label + subpatterns. + + + + + full_name_format (string) + + + A + printf + 3 + -compatible format that describes how to + translate a (name, domain) tuple into a fully qualified + name. + + + Default: %1$s@%2$s. + + + - - The [domains] section - - A domain is a database containing user information. SSSD can - use more domains at the same time, but at least one must - be configured or SSSD won't start. - - - Section parameters - - domains - - - The list of domains in the order you want them - to be queried - - - - - - - - The [names] section - - This section allows to configure how a name, or a fully qualified - name looks like. These settings are used by both the PAM and NSS - responders. - - - Section parameters - - re-expression (string) - - - Regular expression that describes how to parse the string - containing user name and domain into these components. - - - Default: (?P<name>[^@]+)@?(?P<domain>[^@]*$) - which translates to "the name is everything up to the - @ sign, the domain everything after that" - - - PLEASE NOTE: the support for non-unique named - subpatterns is not available on all plattforms - (e.g. RHEL5 and SLES10). Only plattforms with - libpcre version 7 or higher can support non-unique - named subpatterns. - - - PLEASE NOTE ALSO: older version of libpcre only - support the Python syntax (?P<name>) to label - subpatterns. - - - - - full-name-format (string) - - - A - printf - 3 - -compatible format that describes how to - translate a (name, domain) tuple into a fully qualified - name. - - - Default: %1$s@%2$s. - - - - - - - - The [user_defaults] section - - This section contains settings that alter default values used - when adding a user with SSSD userspace tools (sss_useradd). - - - Section parameters - - defaultShell (string) - - - The default shell for users created - with SSSD userspace tools. - - - Default: /bin/bash - - - - - baseDirectory (string) - - - The tools append the login name to - baseDirectory and - use that as the home directory. - - - Default: /home - - - - - - @@ -213,8 +159,8 @@ Settings that can be used to configure different services are described in this section. They should reside in the - [services/NAME] section, for example, - for NSS service, the section would be [services/nss] + [$NAME] section, for example, + for NSS service, the section would be [nss] @@ -224,7 +170,7 @@ - debug-level (integer) + debug_level (integer) Sets the debug level for the service. The @@ -277,19 +223,7 @@ - sbusAddress (string) - - - The services in sssd communicate over an internal - wrapper on top of D-Bus called S-Bus. This - directive can be used to specify the address - to connect to. The vast majority of configurations - will not need to change this setting. - - - - - sbusTimeout (string) + sbus_timeout (string) Specifies the timeout for messages sent over the SBUS. @@ -311,7 +245,7 @@ - EnumCacheTimeout (integer) + enum_cache_timeout (integer) How long should nss_sss cache enumerations @@ -323,7 +257,7 @@ - EntryCacheTimeout (integer) + entry_cache_timeout (integer) How long should nss_sss cache positive cache hits @@ -336,7 +270,7 @@ - EntryCacheNoWaitRefreshTimeout (integer) + entry_cache_nowait_timeout (integer) How long should nss_sss return cached entries before @@ -349,7 +283,7 @@ - EntryNegativeTimeout (integer) + entry_negative_timeout (integer) How long should nss_sss cache negative cache hits @@ -362,17 +296,20 @@ - filterUsers, filterGroups (string) + filter_users, filter_groups (string) Exclude certain users from being fetched from the sss NSS database. This is particulary useful for system - accounts like root. + accounts. + + + Default: root - filterUsersInGroups (bool) + filter_users_in_groups (bool) If you want filtered user still be group members @@ -392,17 +329,17 @@ These configuration options can be present in a domain configuration section, that is, in a section called - [domains/NAME] + [domain/NAME] - minId,maxId (integer) + min_id,max_id (integer) UID limits for the domain. If a domain contains entry that is outside these limits, it is ignored - Default: 0 (no limit) + Default: 1000 for min_id, 0 (no limit) for max_id @@ -422,7 +359,7 @@ - magicPrivateGroups (bool) + magic_private_groups (bool) By using the Magic Private Groups option, you @@ -482,7 +419,7 @@ - cache-credentials (bool) + cache_credentials (bool) Determines if user credentials are also cached @@ -495,7 +432,7 @@ - store-legacy-passwords (bool) + store_legacy_passwords (bool) Whether to also store passwords in a legacy domain @@ -507,10 +444,11 @@ - provider (string) + id_provider (string) - The Data Provider backend to use for this domain. + The Data Provider identity backend to use for this + domain. Supported backends: @@ -528,7 +466,7 @@ - useFullyQualifiedNames (bool) + use_fully_qualified_names (bool) If set to TRUE, all requests to this domain @@ -544,11 +482,11 @@ - auth-module (string) + auth_provider (string) - The authentication module used for the domain. - Supported auth modules are: + The authentication provider used for the domain. + Supported auth providers are: ldap for native LDAP authentication. See @@ -577,7 +515,7 @@ - pam-target (string) + proxy_pam_target (string) The proxy target PAM proxies to. @@ -589,7 +527,7 @@ - libName (string) + proxy_lib_name (string) The name of the NSS library to use in proxy @@ -602,6 +540,44 @@ + + + The local domain section + + This section contains settings for domain that stores users and + groups in SSSD native database, that is, a domain that uses + id_provider=local. + + + Section parameters + + default_shell (string) + + + The default shell for users created + with SSSD userspace tools. + + + Default: /bin/bash + + + + + base_directory (string) + + + The tools append the login name to + base_directory and + use that as the home directory. + + + Default: /home + + + + + + @@ -611,39 +587,26 @@ not describe configuration of the domains themselves - refer to documentation on configuring domains for more details. -[services] -description = Local Service Configuration -activeServices = nss, pam -reconnection_retries = 3 - -[services/nss] -description = NSS Responder Configuration -filterGroups = root -filterUsers = root -debug-level = 4 - -[services/dp] -description = Data Provider Configuration -debug-level = 4 +[sssd] +domains = LOCAL +services = nss, dp, pam +config_file_version = 2 +sbus_timeout = 30 -[services/pam] -description = PAM Responder Configuration +[nss] +filter_groups = root +filter_users = root -[services/monitor] -description = Service Monitor Configuration +[pam] -[domains] -description = Domains served by SSSD -domains = LOCAL +[dp] -[domains/LOCAL] -description = LOCAL Users domain -enumerate = TRUE -minId = 5000 -maxId = 30000 -legacy = FALSE -magicPrivateGroups = TRUE -provider = local +[domain/LOCAL] +id_provider = local +min_id = 1000 +max_id = 5000 +default_shell = /bin/ksh +enumerate = true -- cgit