summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2009-08-20 15:35:55 +0200
committerStephen Gallagher <sgallagh@redhat.com>2009-08-21 12:55:44 -0400
commit75ec81bdd9d1760fad0de0c73d6bc649b3a061fd (patch)
tree332dcd156569881be283d00d21528e46645b287c
parentaa80e585f843b754b6c0b4945472ebd6cfab0cf3 (diff)
downloadsssd-75ec81bdd9d1760fad0de0c73d6bc649b3a061fd.tar.gz
sssd-75ec81bdd9d1760fad0de0c73d6bc649b3a061fd.tar.bz2
sssd-75ec81bdd9d1760fad0de0c73d6bc649b3a061fd.zip
extended the documentation of LDAP backend
Added man pages sections about user and group attribute mapping. Added an example configuration to access an AD server.
-rw-r--r--server/examples/sssd.conf26
-rw-r--r--server/man/sssd-ldap.5.xml189
2 files changed, 211 insertions, 4 deletions
diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf
index d57bed70..90e0c8d1 100644
--- a/server/examples/sssd.conf
+++ b/server/examples/sssd.conf
@@ -88,3 +88,29 @@ description = Domains served by SSSD
;
#if a backend is particularly slow you can raise this timeout here
; timeout = 60
+
+# Example LDAP domain where the LDAP server is an Active Directory server.
+
+; [domains/AD]
+; description = LDAP domain with AD server
+; enumerate = 0
+; minId = 1000
+;
+; provider = ldap
+; auth-module = ldap
+; ldapUri = ldap://your.ad.server.com
+; userSearchBase = cn=users,dc=example,dc=com
+; groupSearchBase = cn=users,dc=example,dc=com
+; defaultBindDn = cn=Administrator,cn=Users,dc=example,dc=com
+; defaultAuthtokType = password
+; defaultAuthtok = YOUR_PASSWORD
+; userObjectClass = person
+; userName = msSFU30Name
+; userUidNumber = msSFU30UidNumber
+; userGidNumber = msSFU30GidNumber
+; userHomeDirectory = msSFU30HomeDirectory
+; userShell = msSFU30LoginShell
+; userPrincipal = userPrincipalName
+; groupObjectClass = group
+; groupName = msSFU30Name
+; groupGidNumber = msSFU30GidNumber
diff --git a/server/man/sssd-ldap.5.xml b/server/man/sssd-ldap.5.xml
index f5578eab..948b3e29 100644
--- a/server/man/sssd-ldap.5.xml
+++ b/server/man/sssd-ldap.5.xml
@@ -103,7 +103,19 @@
</varlistentry>
<varlistentry>
- <term>userNameAttribute (string)</term>
+ <term>userObjectClass (string)</term>
+ <listitem>
+ <para>
+ The object class of a user entry in LDAP.
+ </para>
+ <para>
+ Default: posixAccount
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>userName (string)</term>
<listitem>
<para>
The LDAP attribute that corresponds to
@@ -116,13 +128,182 @@
</varlistentry>
<varlistentry>
- <term>userObjectClass (string)</term>
+ <term>userUidNumber (string)</term>
<listitem>
<para>
- The object class of a user entry in LDAP.
+ The LDAP attribute that corresponds to
+ user's id.
</para>
<para>
- Default: posixAccount
+ Default: uidNumber
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>userGidNumber (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that corresponds to
+ user's primary group id.
+ </para>
+ <para>
+ Default: gidNumber
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>userGecos (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that corresponds to
+ user's gecos field.
+ </para>
+ <para>
+ Default: gecos
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>userHomeDirectory (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains the name of the
+ home directory of a user.
+ </para>
+ <para>
+ Default: homeDirectory
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>userShell (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains the path of the
+ user's default shell.
+ </para>
+ <para>
+ Default: loginShell
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>userUUID (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains the UUID/GUID of
+ a LDAP user object.
+ </para>
+ <para>
+ Default: nsUniqueId
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>userPrincipal (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains the Kerberos
+ User Principle Name (UPN) of the user.
+ </para>
+ <para>
+ Default: krbPrincipalName
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>userFullname (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that corresponds to
+ full name of the user.
+ </para>
+ <para>
+ Default: cn
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>userMemberOf (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that list the user's
+ group memberships.
+ </para>
+ <para>
+ Default: memberOf
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>groupObjectClass (string)</term>
+ <listitem>
+ <para>
+ The object class of a group entry in LDAP.
+ </para>
+ <para>
+ Default: posixGroup
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>groupName (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that corresponds to
+ the group name.
+ </para>
+ <para>
+ Default: cn
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>groupGidNumber (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that corresponds to
+ group's id.
+ </para>
+ <para>
+ Default: gidNumber
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>groupMember (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains the names of
+ the members of the group.
+ </para>
+ <para>
+ Default: memberuid
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>groupUUID (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains the UUID/GUID of
+ a LDAP group object.
+ </para>
+ <para>
+ Default: nsUniqueId
</para>
</listitem>
</varlistentry>