diff options
Diffstat (limited to 'src/man/sssd-ldap.5.xml')
| -rw-r--r-- | src/man/sssd-ldap.5.xml | 125 |
1 files changed, 117 insertions, 8 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index d20d84bc..d7e29e22 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1923,27 +1923,136 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com </varlistentry> <varlistentry> - <term>ldap_sudo_refresh_enabled (boolean)</term> + <term>ldap_sudo_full_refresh_interval (integer)</term> <listitem> <para> - Enables periodical download of all sudo rules. - The cache is purged before each update. + How many seconds SSSD will wait between executing + a full refresh of sudo rules (which downloads all + rules that are stored on the server). </para> <para> - Default: false + The value must be greater than + <emphasis>ldap_sudo_smart_refresh_interval + </emphasis> + </para> + <para> + Default: 21600 (6 hours) </para> </listitem> </varlistentry> <varlistentry> - <term>ldap_sudo_refresh_timeout (integer)</term> + <term>ldap_sudo_smart_refresh_interval (integer)</term> <listitem> <para> - How many seconds SSSD has to wait before refreshing - its cache of sudo rules. + How many seconds SSSD has to wait before executing + a smart refresh of sudo rules (which downloads all + rules that have USN higher than the highest USN of + cached rules). </para> <para> - Default: 300 + If USN attributes are not supported by the server, + the modifyTimestamp attribute is used instead. + </para> + <para> + Default: 900 (15 minutes) + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudo_use_host_filter (boolean)</term> + <listitem> + <para> + If true, SSSD will download only rules that are + applicable to this machine (using the IPv4 or IPv6 + host/network addresses and hostnames). + </para> + <para> + Default: true + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudo_hostnames (string)</term> + <listitem> + <para> + Space separated list of hostnames or fully qualified + domain names that should be used to filter + the rules. + </para> + <para> + <emphasis>Note:</emphasis> autoconfiguration is not + yet supported, therefore if this option is left + empty then hostname matching will be disabled. + </para> + <para> + If <emphasis>ldap_sudo_use_host_filter</emphasis> + is <emphasis>false</emphasis> then this option + has no effect. + </para> + <para> + Default: not specified + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudo_ip (string)</term> + <listitem> + <para> + Space separated list of IPv4 or IPv6 + host/network addresses that should be used to filter + the rules. + </para> + <para> + If this option is empty, SSSD will try to + discover the addresses automatically. + </para> + <para> + If <emphasis>ldap_sudo_use_host_filter</emphasis> + is <emphasis>false</emphasis> then this option + has no effect. + </para> + <para> + Default: not specified + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudo_include_netgroups (boolean)</term> + <listitem> + <para> + If true then SSSD will download every rule that + contains a netgroup in sudoHost attribute. + </para> + <para> + If <emphasis>ldap_sudo_use_host_filter</emphasis> + is <emphasis>false</emphasis> then this option + has no effect. + </para> + <para> + Default: true + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudo_include_regexp (boolean)</term> + <listitem> + <para> + If true then SSSD will download every rule that + contains a regular expression in sudoHost attribute. + </para> + <para> + If <emphasis>ldap_sudo_use_host_filter</emphasis> + is <emphasis>false</emphasis> then this option + has no effect. + </para> + <para> + Default: true </para> </listitem> </varlistentry> |