From b8e70735b8aaabb3de2a063daa60cfadf185b269 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Mon, 14 May 2012 16:45:22 +0200 Subject: sudo: manpage updated Removes old options and adds new ones. --- src/man/sssd-ldap.5.xml | 125 ++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 117 insertions(+), 8 deletions(-) (limited to 'src/man/sssd-ldap.5.xml') diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index d20d84bca..d7e29e221 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1923,27 +1923,136 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com - ldap_sudo_refresh_enabled (boolean) + ldap_sudo_full_refresh_interval (integer) - Enables periodical download of all sudo rules. - The cache is purged before each update. + How many seconds SSSD will wait between executing + a full refresh of sudo rules (which downloads all + rules that are stored on the server). - Default: false + The value must be greater than + ldap_sudo_smart_refresh_interval + + + + Default: 21600 (6 hours) - ldap_sudo_refresh_timeout (integer) + ldap_sudo_smart_refresh_interval (integer) - How many seconds SSSD has to wait before refreshing - its cache of sudo rules. + How many seconds SSSD has to wait before executing + a smart refresh of sudo rules (which downloads all + rules that have USN higher than the highest USN of + cached rules). - Default: 300 + If USN attributes are not supported by the server, + the modifyTimestamp attribute is used instead. + + + Default: 900 (15 minutes) + + + + + + ldap_sudo_use_host_filter (boolean) + + + If true, SSSD will download only rules that are + applicable to this machine (using the IPv4 or IPv6 + host/network addresses and hostnames). + + + Default: true + + + + + + ldap_sudo_hostnames (string) + + + Space separated list of hostnames or fully qualified + domain names that should be used to filter + the rules. + + + Note: autoconfiguration is not + yet supported, therefore if this option is left + empty then hostname matching will be disabled. + + + If ldap_sudo_use_host_filter + is false then this option + has no effect. + + + Default: not specified + + + + + + ldap_sudo_ip (string) + + + Space separated list of IPv4 or IPv6 + host/network addresses that should be used to filter + the rules. + + + If this option is empty, SSSD will try to + discover the addresses automatically. + + + If ldap_sudo_use_host_filter + is false then this option + has no effect. + + + Default: not specified + + + + + + ldap_sudo_include_netgroups (boolean) + + + If true then SSSD will download every rule that + contains a netgroup in sudoHost attribute. + + + If ldap_sudo_use_host_filter + is false then this option + has no effect. + + + Default: true + + + + + + ldap_sudo_include_regexp (boolean) + + + If true then SSSD will download every rule that + contains a regular expression in sudoHost attribute. + + + If ldap_sudo_use_host_filter + is false then this option + has no effect. + + + Default: true -- cgit