summaryrefslogtreecommitdiffstats
path: root/src/config/etc/sssd.api.d/sssd-ldap.conf
Commit message (Collapse)AuthorAgeFilesLines
* Enable paging support for LDAPStephen Gallagher2011-05-241-0/+1
|
* Add ldap_tls_{cert,key,cipher_suite} config optionsTyson Whitehead2011-01-201-0/+3
| | | | Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Add LDAP expire policy base RHDS/IPA attributeSumit Bose2011-01-191-0/+1
| | | | | The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
* Add LDAP expire policy based on AD attributesSumit Bose2011-01-191-0/+2
| | | | | | The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
* Add ldap_search_enumeration_timeout config optionSumit Bose2011-01-171-0/+1
|
* Add authorizedService supportStephen Gallagher2010-12-211-0/+1
| | | | https://fedorahosted.org/sssd/ticket/670
* Update config API filesSumit Bose2010-12-211-1/+1
| | | | | | Over the time a couple of new config options didn't made it into the config API files. This patch updates the files and removes some duplications.
* ldap: Use USN entries if available.Simo Sorce2010-12-071-0/+2
| | | | Otherwise fallback to the default modifyTimestamp indicator
* Add ldap_chpass_uri config optionSumit Bose2010-12-061-1/+2
|
* Add new account expired rule to LDAP access providerSumit Bose2010-12-061-0/+2
| | | | | | | | | | | | | | Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
* Make ldap_search_base a non-mandatory optionSumit Bose2010-11-041-1/+1
|
* Add ldap_deref optionSumit Bose2010-10-221-0/+1
|
* Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip.Jan Zeleny2010-10-191-0/+1
| | | | | | | | For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543
* Add option to limit nested groupsSimo Sorce2010-10-181-0/+1
|
* Add infrastructure to LDAP provider for netgroup supportSumit Bose2010-10-131-0/+8
|
* Add ldap_access_filter optionStephen Gallagher2010-05-271-0/+3
| | | | | | | | | | This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
* SSSDConfigAPI fixesJakub Hrozek2010-05-161-1/+3
| | | | | | | | * add forgotten ldap_dns_service option * sync IPA and LDAP options (ldap_pwd_policy and ldap_tls_cacertdir) * ldap_uri is no longer mandatory for LDAP provider - the default is to use service discovery with no address set now. Ditto for krb5_kdcip and ipa_server
* Add missing ldap_tls_cacertdir option to SSSDConfig APIStephen Gallagher2010-03-181-0/+1
|
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+68
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-06-24 22:09:56 +0000