summaryrefslogtreecommitdiffstats
path: root/server/man/sssd-ipa.5.xml
blob: c5c96d11168006f1e9b687bb4c088c781117eb54 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<reference>
<title>SSSD Manual pages</title>
<refentry>
    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" />

    <refmeta>
        <refentrytitle>sssd-ipa</refentrytitle>
        <manvolnum>5</manvolnum>
        <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
    </refmeta>

    <refnamediv id='name'>
        <refname>sssd-ipa</refname>
        <refpurpose>the configuration file for SSSD</refpurpose>
    </refnamediv>

    <refsect1 id='description'>
        <title>DESCRIPTION</title>
        <para>
            This manual page describes the configuration of the IPA Provider
            for
            <citerefentry>
                <refentrytitle>sssd</refentrytitle>
                <manvolnum>8</manvolnum>
            </citerefentry>.
            For a detailed syntax reference, please refer to the <quote>FILE FORMAT</quote> section of the
            <citerefentry>
                <refentrytitle>sssd.conf</refentrytitle>
                <manvolnum>5</manvolnum>
            </citerefentry> manual page
        </para>
        <para>
            The IPA provider is a backend useful to connect to an IPA server.
            (see freeipa.org for information about IPa servers).
            It requires that the machine has been joined to the IPA domain,
            and configuration is almost entirely self discovered and obtained
            directly from the server.
        </para>

    </refsect1>

    <refsect1 id='file-format'>
        <title>CONFIGURATION OPTIONS</title>
        <para>
            <citerefentry>
                <refentrytitle>sssd.conf</refentrytitle>
                <manvolnum>5</manvolnum>
            </citerefentry> manual page, section <quote>DOMAIN SECTIONS</quote>
            for details on the configuration of a SSSD domain.
            <variablelist>
                <varlistentry>
                    <term>ipa_domain (string)</term>
                    <listitem>
                        <para>
                            Specifies the name of the IPA domain.
                            This is optional, if not provided the configuration
                            domain name is used.
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>ipa_server (string)</term>
                    <listitem>
                        <para>
                            The name of the IPA server.
                            If autodiscovery is enabled this is optional.
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>ipa_hostname (string)</term>
                    <listitem>
                        <para>
                            Optional. Maybe set on some machine where the
                            hostname(5) does not reflect the fully qualified
                            name used in the IPA domain to identify this host.
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>krb5_ccachedir (string)</term>
                    <listitem>
                        <para>
                            Directory to store credential caches.
                        </para>
                        <para>
                            Default: /tmp
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>ipa_search_timeout (integer)</term>
                    <listitem>
                        <para>
                            Specifies the timeout (in seconds) after which
                            a search against the ipa server is forcibly
                            terminated.
                        </para>
                        <para>
                            Default: 60
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>ipa_network_timeout (integer)</term>
                    <listitem>
                        <para>
                            Specifies the timeout (in seconds) after which
                            the
                            <citerefentry>
                                <refentrytitle>poll</refentrytitle>
                                <manvolnum>2</manvolnum>
                            </citerefentry>/<citerefentry>
                                <refentrytitle>select</refentrytitle>
                                <manvolnum>2</manvolnum>
                            </citerefentry>
                            following a non-search operation against the ipa
                            server is forcibly terminated.
                        </para>
                        <para>
                            Default: 6
                        </para>
                    </listitem>
                </varlistentry>

                <varlistentry>
                    <term>ipa_offline_timeout (integer)</term>
                    <listitem>
                        <para>
                            Specifies the "black-out" time before any new
                            network operation is attempted after the ipa
                            provider has turned into offline operation mode.
                        </para>
                        <para>
                            Default: 60
                        </para>
                    </listitem>
                </varlistentry>

            </variablelist>
        </para>
    </refsect1>

    <refsect1 id='example'>
        <title>EXAMPLE</title>
        <para>
            The following example assumes that SSSD is correctly
            configured and example.com is one of the domains in the
            <replaceable>[sssd]</replaceable> section. This examples shows only
            the ipa provider specific options.
        </para>
        <para>
<programlisting>
    [domain/example.com]
    id_provider = ipa
    ipa_server = ipaserver.example.com
    ipa_hostname = myhost.example.com
</programlisting>
        </para>
    </refsect1>

    <refsect1 id='see_also'>
        <title>SEE ALSO</title>
        <para>
            <citerefentry>
                <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum>
            </citerefentry>,
            <citerefentry>
                <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum>
            </citerefentry>
        </para>
    </refsect1>
</refentry>
</reference>