From 173f557c915aeee80a0c3dc8ae4d3f44dd5bc7c9 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Mon, 16 Jan 2012 10:21:54 +0100 Subject: SUDO Integration - manual page https://fedorahosted.org/sssd/ticket/1109 --- src/man/sssd-ldap.5.xml | 188 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 188 insertions(+) (limited to 'src/man/sssd-ldap.5.xml') diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index fca13f8d..5afa9ad7 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1554,6 +1554,175 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com + + ldap_sudorule_object_class (string) + + + The object class of a sudo rule entry in LDAP. + + + Default: sudoRole + + + + + + ldap_sudorule_name (string) + + + The LDAP attribute that corresponds to + the sudo rule name. + + + Default: cn + + + + + + ldap_sudorule_command (string) + + + The LDAP attribute that corresponds to the + command name. + + + Default: sudoCommand + + + + + + ldap_sudorule_host (string) + + + The LDAP attribute that corresponds to the + host name. + + + Default: sudoHost + + + + + + ldap_sudorule_user (string) + + + The LDAP attribute that corresponds to the + user name. + + + Default: sudoUser + + + + + + ldap_sudorule_option (string) + + + The LDAP attribute that corresponds to the + sudo options. + + + Default: sudoOption + + + + + + ldap_sudorule_runasuser (string) + + + The LDAP attribute that corresponds to the + user name that commands may be run as. + + + Default: sudoRunAsUser + + + + + + ldap_sudorule_runasgroup (string) + + + The LDAP attribute that corresponds to the + group name that commands may be run as. + + + Default: sudoRunAsGroup + + + + + + ldap_sudorule_notbefore (string) + + + The LDAP attribute that corresponds to the + start date/time for when the sudo rule is valid. + + + Default: sudoNotBefore + + + + + + ldap_sudorule_notafter (string) + + + The LDAP attribute that corresponds to the + expiration date/time, after which the sudo rule + will no longer be valid. + + + Default: sudoNotAfter + + + + + + ldap_sudorule_order (string) + + + The LDAP attribute that corresponds to the + ordering index of the rule. + + + Default: sudoOrder + + + + + + ldap_sudo_refresh_enabled (boolean) + + + Enables periodical download of all sudo rules. + The cache is purged before each update. + + + Default: false + + + + + + ldap_sudo_refresh_timeout (integer) + + + How many seconds SSSD has to wait before refreshing + its cache of sudo rules. + + + Default: 300 + + + + @@ -1666,6 +1835,25 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com + + ldap_sudo_search_base (string) + + + An optional base DN to restrict sudo rules searches + to a specific subtree. + + + See ldap_search_base for + information about configuring multiple search + bases. + + + Default: the value of + ldap_search_base + + + + -- cgit