summaryrefslogtreecommitdiff
path: root/src/man
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-06-12 12:17:08 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-28 20:20:59 +0200
commiteceefd520802efe356d413a13247c5f68d8e27c8 (patch)
tree14f520294b333301469dec188fe047a19e047608 /src/man
parentd064fef06dcbcb5f6c1be03e286b1a3433d6dfd7 (diff)
downloadsssd-eceefd520802efe356d413a13247c5f68d8e27c8.tar.gz
sssd-eceefd520802efe356d413a13247c5f68d8e27c8.tar.bz2
sssd-eceefd520802efe356d413a13247c5f68d8e27c8.zip
Add now options ldap_min_id and ldap_max_id
Currently the range for Posix IDs stored in an LDAP server is unbound. This might lead to conflicts in a setup with AD and trusts when the configured domain uses IDs from LDAP. With the two noe options this conflict can be avoided.
Diffstat (limited to 'src/man')
-rw-r--r--src/man/sssd-ldap.5.xml21
1 files changed, 21 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index fd29650e..12e91524 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -1434,6 +1434,27 @@
</varlistentry>
<varlistentry>
+ <term>ldap_min_id, ldap_max_id (interger)</term>
+ <listitem>
+ <para>
+ In contrast to the SID based ID mapping which is
+ used if ldap_id_mapping is set to true the allowed
+ ID range for ldap_user_uid_number and
+ ldap_group_gid_number is unbound. In a setup with
+ sub/trusted-domains this might lead to ID
+ collisions. To avoid collisions ldap_min_id and
+ ldap_max_id can be set to restrict the allowed
+ range for the IDs which are read directly from the
+ server. Sub-domains can then pick other ranges to
+ map IDs.
+ </para>
+ <para>
+ Default: not set (both options are set to 0)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>ldap_sasl_mech (string)</term>
<listitem>
<para>