diff options
author | Sumit Bose <sbose@redhat.com> | 2009-08-20 15:35:55 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-08-21 12:55:44 -0400 |
commit | 75ec81bdd9d1760fad0de0c73d6bc649b3a061fd (patch) | |
tree | 332dcd156569881be283d00d21528e46645b287c | |
parent | aa80e585f843b754b6c0b4945472ebd6cfab0cf3 (diff) | |
download | sssd-75ec81bdd9d1760fad0de0c73d6bc649b3a061fd.tar.gz sssd-75ec81bdd9d1760fad0de0c73d6bc649b3a061fd.tar.bz2 sssd-75ec81bdd9d1760fad0de0c73d6bc649b3a061fd.zip |
extended the documentation of LDAP backend
Added man pages sections about user and group attribute mapping.
Added an example configuration to access an AD server.
-rw-r--r-- | server/examples/sssd.conf | 26 | ||||
-rw-r--r-- | server/man/sssd-ldap.5.xml | 189 |
2 files changed, 211 insertions, 4 deletions
diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf index d57bed70..90e0c8d1 100644 --- a/server/examples/sssd.conf +++ b/server/examples/sssd.conf @@ -88,3 +88,29 @@ description = Domains served by SSSD ; #if a backend is particularly slow you can raise this timeout here ; timeout = 60 + +# Example LDAP domain where the LDAP server is an Active Directory server. + +; [domains/AD] +; description = LDAP domain with AD server +; enumerate = 0 +; minId = 1000 +; +; provider = ldap +; auth-module = ldap +; ldapUri = ldap://your.ad.server.com +; userSearchBase = cn=users,dc=example,dc=com +; groupSearchBase = cn=users,dc=example,dc=com +; defaultBindDn = cn=Administrator,cn=Users,dc=example,dc=com +; defaultAuthtokType = password +; defaultAuthtok = YOUR_PASSWORD +; userObjectClass = person +; userName = msSFU30Name +; userUidNumber = msSFU30UidNumber +; userGidNumber = msSFU30GidNumber +; userHomeDirectory = msSFU30HomeDirectory +; userShell = msSFU30LoginShell +; userPrincipal = userPrincipalName +; groupObjectClass = group +; groupName = msSFU30Name +; groupGidNumber = msSFU30GidNumber diff --git a/server/man/sssd-ldap.5.xml b/server/man/sssd-ldap.5.xml index f5578eab..948b3e29 100644 --- a/server/man/sssd-ldap.5.xml +++ b/server/man/sssd-ldap.5.xml @@ -103,7 +103,19 @@ </varlistentry> <varlistentry> - <term>userNameAttribute (string)</term> + <term>userObjectClass (string)</term> + <listitem> + <para> + The object class of a user entry in LDAP. + </para> + <para> + Default: posixAccount + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>userName (string)</term> <listitem> <para> The LDAP attribute that corresponds to @@ -116,13 +128,182 @@ </varlistentry> <varlistentry> - <term>userObjectClass (string)</term> + <term>userUidNumber (string)</term> <listitem> <para> - The object class of a user entry in LDAP. + The LDAP attribute that corresponds to + user's id. </para> <para> - Default: posixAccount + Default: uidNumber + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>userGidNumber (string)</term> + <listitem> + <para> + The LDAP attribute that corresponds to + user's primary group id. + </para> + <para> + Default: gidNumber + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>userGecos (string)</term> + <listitem> + <para> + The LDAP attribute that corresponds to + user's gecos field. + </para> + <para> + Default: gecos + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>userHomeDirectory (string)</term> + <listitem> + <para> + The LDAP attribute that contains the name of the + home directory of a user. + </para> + <para> + Default: homeDirectory + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>userShell (string)</term> + <listitem> + <para> + The LDAP attribute that contains the path of the + user's default shell. + </para> + <para> + Default: loginShell + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>userUUID (string)</term> + <listitem> + <para> + The LDAP attribute that contains the UUID/GUID of + a LDAP user object. + </para> + <para> + Default: nsUniqueId + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>userPrincipal (string)</term> + <listitem> + <para> + The LDAP attribute that contains the Kerberos + User Principle Name (UPN) of the user. + </para> + <para> + Default: krbPrincipalName + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>userFullname (string)</term> + <listitem> + <para> + The LDAP attribute that corresponds to + full name of the user. + </para> + <para> + Default: cn + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>userMemberOf (string)</term> + <listitem> + <para> + The LDAP attribute that list the user's + group memberships. + </para> + <para> + Default: memberOf + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>groupObjectClass (string)</term> + <listitem> + <para> + The object class of a group entry in LDAP. + </para> + <para> + Default: posixGroup + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>groupName (string)</term> + <listitem> + <para> + The LDAP attribute that corresponds to + the group name. + </para> + <para> + Default: cn + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>groupGidNumber (string)</term> + <listitem> + <para> + The LDAP attribute that corresponds to + group's id. + </para> + <para> + Default: gidNumber + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>groupMember (string)</term> + <listitem> + <para> + The LDAP attribute that contains the names of + the members of the group. + </para> + <para> + Default: memberuid + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>groupUUID (string)</term> + <listitem> + <para> + The LDAP attribute that contains the UUID/GUID of + a LDAP group object. + </para> + <para> + Default: nsUniqueId </para> </listitem> </varlistentry> |