diff options
| author | Sumit Bose <sbose@redhat.com> | 2013-06-12 12:17:08 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-28 20:20:59 +0200 |
| commit | eceefd520802efe356d413a13247c5f68d8e27c8 (patch) | |
| tree | 14f520294b333301469dec188fe047a19e047608 /src/man | |
| parent | d064fef06dcbcb5f6c1be03e286b1a3433d6dfd7 (diff) | |
| download | sssd-eceefd520802efe356d413a13247c5f68d8e27c8.tar.gz sssd-eceefd520802efe356d413a13247c5f68d8e27c8.tar.bz2 sssd-eceefd520802efe356d413a13247c5f68d8e27c8.zip | |
Add now options ldap_min_id and ldap_max_id
Currently the range for Posix IDs stored in an LDAP server is unbound.
This might lead to conflicts in a setup with AD and trusts when the
configured domain uses IDs from LDAP. With the two noe options this
conflict can be avoided.
Diffstat (limited to 'src/man')
| -rw-r--r-- | src/man/sssd-ldap.5.xml | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index fd29650e..12e91524 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1434,6 +1434,27 @@ </varlistentry> <varlistentry> + <term>ldap_min_id, ldap_max_id (interger)</term> + <listitem> + <para> + In contrast to the SID based ID mapping which is + used if ldap_id_mapping is set to true the allowed + ID range for ldap_user_uid_number and + ldap_group_gid_number is unbound. In a setup with + sub/trusted-domains this might lead to ID + collisions. To avoid collisions ldap_min_id and + ldap_max_id can be set to restrict the allowed + range for the IDs which are read directly from the + server. Sub-domains can then pick other ranges to + map IDs. + </para> + <para> + Default: not set (both options are set to 0) + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ldap_sasl_mech (string)</term> <listitem> <para> |