diff options
| author | Simo Sorce <ssorce@redhat.com> | 2009-10-28 17:02:45 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-10-29 15:26:14 -0400 |
| commit | 81009a08d43a6b5e60afb681c4ed07b413967179 (patch) | |
| tree | fb6fd24578bf764569f1dfd72422b2c26583d0b7 /server/man | |
| parent | 91200b67bcb2f2e8ff2006407a264f64f86c9223 (diff) | |
| download | sssd-81009a08d43a6b5e60afb681c4ed07b413967179.tar.gz sssd-81009a08d43a6b5e60afb681c4ed07b413967179.tar.bz2 sssd-81009a08d43a6b5e60afb681c4ed07b413967179.zip | |
Tidy up ipa options
Do not replicate every and each option we may want to set in ipa.
Just read out ldap and krb provider options (added reference in the manual too,
and removed mention of ipa specific timeout values, use ldap options for that)
Avoid calling auth module initialization twice, just pass the auth context to
the chpass module too.
Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be
used for both users and groups. the user and group search bases can still be set
separately if necessary but they are now optional and set to be identical to
SDAP_SEARCH_BASE if not explicitly specified in the configuration.
Diffstat (limited to 'server/man')
| -rw-r--r-- | server/man/sssd-ipa.5.xml | 81 | ||||
| -rw-r--r-- | server/man/sssd-ldap.5.xml | 26 |
2 files changed, 40 insertions, 67 deletions
diff --git a/server/man/sssd-ipa.5.xml b/server/man/sssd-ipa.5.xml index c5c96d11..31ce824a 100644 --- a/server/man/sssd-ipa.5.xml +++ b/server/man/sssd-ipa.5.xml @@ -39,7 +39,18 @@ and configuration is almost entirely self discovered and obtained directly from the server. </para> - + <para> + The IPA provider also accepts the same options used by the + <citerefentry> + <refentrytitle>sssd-ldap</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> identity provider and the + <citerefentry> + <refentrytitle>sssd-krb5</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> authentication provider. + But it is not recommended to set these options and it is not necessary. + </para> </refsect1> <refsect1 id='file-format'> @@ -83,68 +94,6 @@ </listitem> </varlistentry> - <varlistentry> - <term>krb5_ccachedir (string)</term> - <listitem> - <para> - Directory to store credential caches. - </para> - <para> - Default: /tmp - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ipa_search_timeout (integer)</term> - <listitem> - <para> - Specifies the timeout (in seconds) after which - a search against the ipa server is forcibly - terminated. - </para> - <para> - Default: 60 - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ipa_network_timeout (integer)</term> - <listitem> - <para> - Specifies the timeout (in seconds) after which - the - <citerefentry> - <refentrytitle>poll</refentrytitle> - <manvolnum>2</manvolnum> - </citerefentry>/<citerefentry> - <refentrytitle>select</refentrytitle> - <manvolnum>2</manvolnum> - </citerefentry> - following a non-search operation against the ipa - server is forcibly terminated. - </para> - <para> - Default: 6 - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ipa_offline_timeout (integer)</term> - <listitem> - <para> - Specifies the "black-out" time before any new - network operation is attempted after the ipa - provider has turned into offline operation mode. - </para> - <para> - Default: 60 - </para> - </listitem> - </varlistentry> - </variablelist> </para> </refsect1> @@ -174,6 +123,12 @@ <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> + <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry> </para> diff --git a/server/man/sssd-ldap.5.xml b/server/man/sssd-ldap.5.xml index 7a86c7a3..a2aa7306 100644 --- a/server/man/sssd-ldap.5.xml +++ b/server/man/sssd-ldap.5.xml @@ -69,6 +69,16 @@ </varlistentry> <varlistentry> + <term>ldap_search_base (string)</term> + <listitem> + <para> + The default base DN to use for + performing LDAP user operations. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ldap_schema (string)</term> <listitem> <para> @@ -132,8 +142,12 @@ <term>ldap_user_search_base (string)</term> <listitem> <para> - The default base DN to use for - performing LDAP user operations. + An optional base DN to restrict user searches + to a specific subtree. + </para> + <para> + Default: the value of + <emphasis>ldap_search_base</emphasis> </para> </listitem> </varlistentry> @@ -300,8 +314,12 @@ <term>ldap_group_search_base (string)</term> <listitem> <para> - The default base DN to use for - performing LDAP group operations. + An optional base DN to restrict group searches + to a specific subtree. + </para> + <para> + Default: the value of + <emphasis>ldap_search_base</emphasis> </para> </listitem> </varlistentry> |