blob: c5c96d11168006f1e9b687bb4c088c781117eb54 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<reference>
<title>SSSD Manual pages</title>
<refentry>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" />
<refmeta>
<refentrytitle>sssd-ipa</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>sssd-ipa</refname>
<refpurpose>the configuration file for SSSD</refpurpose>
</refnamediv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
This manual page describes the configuration of the IPA Provider
for
<citerefentry>
<refentrytitle>sssd</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>.
For a detailed syntax reference, please refer to the <quote>FILE FORMAT</quote> section of the
<citerefentry>
<refentrytitle>sssd.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry> manual page
</para>
<para>
The IPA provider is a backend useful to connect to an IPA server.
(see freeipa.org for information about IPa servers).
It requires that the machine has been joined to the IPA domain,
and configuration is almost entirely self discovered and obtained
directly from the server.
</para>
</refsect1>
<refsect1 id='file-format'>
<title>CONFIGURATION OPTIONS</title>
<para>
<citerefentry>
<refentrytitle>sssd.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry> manual page, section <quote>DOMAIN SECTIONS</quote>
for details on the configuration of a SSSD domain.
<variablelist>
<varlistentry>
<term>ipa_domain (string)</term>
<listitem>
<para>
Specifies the name of the IPA domain.
This is optional, if not provided the configuration
domain name is used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>ipa_server (string)</term>
<listitem>
<para>
The name of the IPA server.
If autodiscovery is enabled this is optional.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>ipa_hostname (string)</term>
<listitem>
<para>
Optional. Maybe set on some machine where the
hostname(5) does not reflect the fully qualified
name used in the IPA domain to identify this host.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>krb5_ccachedir (string)</term>
<listitem>
<para>
Directory to store credential caches.
</para>
<para>
Default: /tmp
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>ipa_search_timeout (integer)</term>
<listitem>
<para>
Specifies the timeout (in seconds) after which
a search against the ipa server is forcibly
terminated.
</para>
<para>
Default: 60
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>ipa_network_timeout (integer)</term>
<listitem>
<para>
Specifies the timeout (in seconds) after which
the
<citerefentry>
<refentrytitle>poll</refentrytitle>
<manvolnum>2</manvolnum>
</citerefentry>/<citerefentry>
<refentrytitle>select</refentrytitle>
<manvolnum>2</manvolnum>
</citerefentry>
following a non-search operation against the ipa
server is forcibly terminated.
</para>
<para>
Default: 6
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>ipa_offline_timeout (integer)</term>
<listitem>
<para>
Specifies the "black-out" time before any new
network operation is attempted after the ipa
provider has turned into offline operation mode.
</para>
<para>
Default: 60
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 id='example'>
<title>EXAMPLE</title>
<para>
The following example assumes that SSSD is correctly
configured and example.com is one of the domains in the
<replaceable>[sssd]</replaceable> section. This examples shows only
the ipa provider specific options.
</para>
<para>
<programlisting>
[domain/example.com]
id_provider = ipa
ipa_server = ipaserver.example.com
ipa_hostname = myhost.example.com
</programlisting>
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>
</reference>
|