summaryrefslogtreecommitdiffstats
path: root/src/man/sssd-ifp.5.xml
blob: da247f89dd2d9d08e0b1591d4c89f52197b278df (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<reference>
<title>SSSD Manual pages</title>
<refentry>
    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" />

    <refmeta>
        <refentrytitle>sssd-ifp</refentrytitle>
        <manvolnum>5</manvolnum>
        <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
    </refmeta>

    <refnamediv id='name'>
        <refname>sssd-ifp</refname>
        <refpurpose>SSSD InfoPipe responder</refpurpose>
    </refnamediv>

    <refsect1 id='description'>
        <title>DESCRIPTION</title>
        <para>
            This manual page describes the configuration of the InfoPipe responder
            for
            <citerefentry>
                <refentrytitle>sssd</refentrytitle>
                <manvolnum>8</manvolnum>
            </citerefentry>.
            For a detailed syntax reference, refer to the <quote>FILE FORMAT</quote> section of the
            <citerefentry>
                <refentrytitle>sssd.conf</refentrytitle>
                <manvolnum>5</manvolnum>
            </citerefentry> manual page.
        </para>
        <para>
            The InfoPipe responder provides a public D-Bus interface
            accessible over the system bus. The interface allows the user
            to query information about remote users and groups over the
            system bus.
        </para>
    </refsect1>

    <refsect1 id='configuration-options'>
        <title>CONFIGURATION OPTIONS</title>
            <para>
                These options can be used to configure the InfoPipe responder.
            </para>
            <variablelist>
                <varlistentry>
                    <term>allowed_uids (string)</term>
                    <listitem>
                        <para>
                            Specifies the comma-separated list of UID values or
                            user names that are allowed to access the InfoPipe
                            responder. User names are resolved to UIDs at
                            startup.
                        </para>
                        <para>
                            Default: 0 (only the root user is allowed to access
                            the InfoPipe responder)
                        </para>
                        <para>
                            Please note that although the UID 0 is used as the
                            default it will be overwritten with this option. If
                            you still want to allow the root user to access the
                            InfoPipe responder, which would be the typical
                            case, you have to add 0 to the list of allowed UIDs
                            as well.
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>user_attributes (string)</term>
                    <listitem>
                        <para>
                            Specifies the comma-separated list of white
                            or blacklisted attributes.
                        </para>
                        <para>
                            By default, the InfoPipe responder only
                            allows the default set of POSIX attributes to
                            be requested. This set is the same as returned by
                            <citerefentry>
                                <refentrytitle>getpwnam</refentrytitle>
                                <manvolnum>3</manvolnum>
                            </citerefentry>
                            and includes:
                            <variablelist>
                                <varlistentry>
                                    <term>name</term>
                                    <listitem><para>user's login name</para></listitem>
                                </varlistentry>
                                <varlistentry>
                                    <term>uidNumber</term>
                                    <listitem><para>user ID</para></listitem>
                                </varlistentry>
                                <varlistentry>
                                    <term>gidNumber</term>
                                    <listitem><para>primary group ID</para></listitem>
                                </varlistentry>
                                <varlistentry>
                                    <term>gecos</term>
                                    <listitem><para>user information, typically full name</para></listitem>
                                </varlistentry>
                                <varlistentry>
                                    <term>homeDirectory</term>
                                    <listitem><para>home directory</para></listitem>
                                </varlistentry>
                                <varlistentry>
                                    <term>loginShell</term>
                                    <listitem><para>user shell</para></listitem>
                                </varlistentry>
                            </variablelist>
                        </para>
                        <para>
                            It is possible to add another attribute to
                            this set by using <quote>+attr_name</quote>
                            or explicitly remove an attribute using
                            <quote>-attr_name</quote>. For example, to
                            allow <quote>telephoneNumber</quote> but deny
                            <quote>loginShell</quote>, you would use the
                            following configuration:
                        <programlisting>
user_attributes = +telephoneNumber, -loginShell
                        </programlisting>
                        </para>
                        <para>
                            Default: not set. Only the default set of
                            POSIX attributes is allowed.
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>wildcart_limit (integer)</term>
                    <listitem>
                        <para>
                            Specifies an upper limit on the number of entries
                            that are downloaded during a wildcard lookup that
                            overrides caller-supplied limit.
                        </para>
                        <para>
                            Default: 0 (let the caller set an upper limit)
                        </para>
                    </listitem>
                </varlistentry>

            </variablelist>
    </refsect1>

    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/seealso.xml" />

</refentry>
</reference>