From 173f557c915aeee80a0c3dc8ae4d3f44dd5bc7c9 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Mon, 16 Jan 2012 10:21:54 +0100 Subject: SUDO Integration - manual page https://fedorahosted.org/sssd/ticket/1109 --- src/man/sssd-ldap.5.xml | 188 ++++++++++++++++++++++++++++++++++++++++++++++++ src/man/sssd.conf.5.xml | 25 ++++++- 2 files changed, 212 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index fca13f8d..5afa9ad7 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1554,6 +1554,175 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com + + ldap_sudorule_object_class (string) + + + The object class of a sudo rule entry in LDAP. + + + Default: sudoRole + + + + + + ldap_sudorule_name (string) + + + The LDAP attribute that corresponds to + the sudo rule name. + + + Default: cn + + + + + + ldap_sudorule_command (string) + + + The LDAP attribute that corresponds to the + command name. + + + Default: sudoCommand + + + + + + ldap_sudorule_host (string) + + + The LDAP attribute that corresponds to the + host name. + + + Default: sudoHost + + + + + + ldap_sudorule_user (string) + + + The LDAP attribute that corresponds to the + user name. + + + Default: sudoUser + + + + + + ldap_sudorule_option (string) + + + The LDAP attribute that corresponds to the + sudo options. + + + Default: sudoOption + + + + + + ldap_sudorule_runasuser (string) + + + The LDAP attribute that corresponds to the + user name that commands may be run as. + + + Default: sudoRunAsUser + + + + + + ldap_sudorule_runasgroup (string) + + + The LDAP attribute that corresponds to the + group name that commands may be run as. + + + Default: sudoRunAsGroup + + + + + + ldap_sudorule_notbefore (string) + + + The LDAP attribute that corresponds to the + start date/time for when the sudo rule is valid. + + + Default: sudoNotBefore + + + + + + ldap_sudorule_notafter (string) + + + The LDAP attribute that corresponds to the + expiration date/time, after which the sudo rule + will no longer be valid. + + + Default: sudoNotAfter + + + + + + ldap_sudorule_order (string) + + + The LDAP attribute that corresponds to the + ordering index of the rule. + + + Default: sudoOrder + + + + + + ldap_sudo_refresh_enabled (boolean) + + + Enables periodical download of all sudo rules. + The cache is purged before each update. + + + Default: false + + + + + + ldap_sudo_refresh_timeout (integer) + + + How many seconds SSSD has to wait before refreshing + its cache of sudo rules. + + + Default: 300 + + + + @@ -1666,6 +1835,25 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com + + ldap_sudo_search_base (string) + + + An optional base DN to restrict sudo rules searches + to a specific subtree. + + + See ldap_search_base for + information about configuring multiple search + bases. + + + Default: the value of + ldap_search_base + + + + diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 72998b44..93f82303 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -85,7 +85,7 @@ started when sssd itself starts. - Supported services: nss, pam + Supported services: nss, pam, sudo @@ -866,6 +866,29 @@ + + sudo_provider (string) + + + The SUDO provider used for the domain. + Supported SUDO providers are: + + + ldap for rules stored in LDAP. See + + sssd-ldap + 5 + for more information on configuring LDAP. + + + none disables SUDO explicitly. + + + Default: id_provider is used if it + is set. + + + lookup_family_order (string) -- cgit