From 03532fb1cbb7e8c1d5cf2e93aa3719f926631cab Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Thu, 5 Jul 2012 19:45:14 -0400 Subject: AD: Add manpages and SSSDConfig entries --- src/man/sssd-ad.5.xml | 155 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 155 insertions(+) create mode 100644 src/man/sssd-ad.5.xml (limited to 'src/man/sssd-ad.5.xml') diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml new file mode 100644 index 000000000..46660b306 --- /dev/null +++ b/src/man/sssd-ad.5.xml @@ -0,0 +1,155 @@ + + + +SSSD Manual pages + + + + + sssd-ad + 5 + File Formats and Conventions + + + + sssd-ad + the configuration file for SSSD + + + + DESCRIPTION + + This manual page describes the configuration of the AD provider + for + + sssd + 8 + . + For a detailed syntax reference, refer to the FILE FORMAT section of the + + sssd.conf + 5 + manual page. + + + The AD provider is a back end used to connect to an Active + Directory server. This provider requires that the machine be + joined to the AD domain and a keytab is available. + + + The AD provider supports connecting to Active Directory 2008 R2 + or later. Earlier versions may work, but are unsupported. + + + The AD provider accepts the same options used by the + + sssd-ldap + 5 + identity provider and the + + sssd-krb5 + 5 + authentication provider with some exceptions described + below. + + + However, it is neither necessary nor recommended to set these + options. The AD provider can also be used as an access and chpass + provider. No configuration of the access provider is required on + the client side. + + + + + CONFIGURATION OPTIONS + Refer to the section DOMAIN SECTIONS of the + + sssd.conf + 5 + manual page for details on the configuration of an SSSD domain. + + + ad_domain (string) + + + Specifies the name of the Active Directory domain. + This is optional. If not provided, the + configuration domain name is used. + + + For proper operation, this option should be + specified as the lower-case version of the long + version of the Active Directory domain. + + + + + + ad_server (string) + + + The comma-separated list of IP addresses or + hostnames of the AD servers to which SSSD should + connect in order of preference. For more + information on failover and server redundancy, see + the FAILOVER section. + This is optional if autodiscovery is enabled. + For more information on service discovery, refer + to the the SERVICE DISCOVERY section. + + + + + + ad_hostname (string) + + + Optional. May be set on machines where the + hostname(5) does not reflect the fully qualified + name used in the Active Directory domain to + identify this host. + + + This field is used to determine the host principal + in use in the keytab. It must match the hostname + for which the keytab was issued. + + + + + + + + + + + + + + EXAMPLE + + The following example assumes that SSSD is correctly + configured and example.com is one of the domains in the + [sssd] section. This example shows only + the AD provider-specific options. + + + +[domain/EXAMPLE] +id_provider = ad +auth_provider = ad +access_provider = ad +chpass_provider = ad + +ad_server = dc1.example.com +ad_hostname = client.example.com +ad_domain = example.com + + + + + + + + -- cgit