diff options
-rw-r--r-- | src/man/sssd-ldap.5.xml | 188 | ||||
-rw-r--r-- | src/man/sssd.conf.5.xml | 25 |
2 files changed, 212 insertions, 1 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index fca13f8d..5afa9ad7 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1554,6 +1554,175 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com </listitem> </varlistentry> + <varlistentry> + <term>ldap_sudorule_object_class (string)</term> + <listitem> + <para> + The object class of a sudo rule entry in LDAP. + </para> + <para> + Default: sudoRole + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudorule_name (string)</term> + <listitem> + <para> + The LDAP attribute that corresponds to + the sudo rule name. + </para> + <para> + Default: cn + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudorule_command (string)</term> + <listitem> + <para> + The LDAP attribute that corresponds to the + command name. + </para> + <para> + Default: sudoCommand + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudorule_host (string)</term> + <listitem> + <para> + The LDAP attribute that corresponds to the + host name. + </para> + <para> + Default: sudoHost + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudorule_user (string)</term> + <listitem> + <para> + The LDAP attribute that corresponds to the + user name. + </para> + <para> + Default: sudoUser + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudorule_option (string)</term> + <listitem> + <para> + The LDAP attribute that corresponds to the + sudo options. + </para> + <para> + Default: sudoOption + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudorule_runasuser (string)</term> + <listitem> + <para> + The LDAP attribute that corresponds to the + user name that commands may be run as. + </para> + <para> + Default: sudoRunAsUser + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudorule_runasgroup (string)</term> + <listitem> + <para> + The LDAP attribute that corresponds to the + group name that commands may be run as. + </para> + <para> + Default: sudoRunAsGroup + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudorule_notbefore (string)</term> + <listitem> + <para> + The LDAP attribute that corresponds to the + start date/time for when the sudo rule is valid. + </para> + <para> + Default: sudoNotBefore + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudorule_notafter (string)</term> + <listitem> + <para> + The LDAP attribute that corresponds to the + expiration date/time, after which the sudo rule + will no longer be valid. + </para> + <para> + Default: sudoNotAfter + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudorule_order (string)</term> + <listitem> + <para> + The LDAP attribute that corresponds to the + ordering index of the rule. + </para> + <para> + Default: sudoOrder + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudo_refresh_enabled (boolean)</term> + <listitem> + <para> + Enables periodical download of all sudo rules. + The cache is purged before each update. + </para> + <para> + Default: false + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ldap_sudo_refresh_timeout (integer)</term> + <listitem> + <para> + How many seconds SSSD has to wait before refreshing + its cache of sudo rules. + </para> + <para> + Default: 300 + </para> + </listitem> + </varlistentry> + </variablelist> </para> </refsect1> @@ -1666,6 +1835,25 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com </listitem> </varlistentry> + <varlistentry> + <term>ldap_sudo_search_base (string)</term> + <listitem> + <para> + An optional base DN to restrict sudo rules searches + to a specific subtree. + </para> + <para> + See <quote>ldap_search_base</quote> for + information about configuring multiple search + bases. + </para> + <para> + Default: the value of + <emphasis>ldap_search_base</emphasis> + </para> + </listitem> + </varlistentry> + </variablelist> </para> </refsect1> diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 72998b44..93f82303 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -85,7 +85,7 @@ started when sssd itself starts. </para> <para> - Supported services: nss, pam + Supported services: nss, pam, sudo </para> </listitem> </varlistentry> @@ -866,6 +866,29 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term>sudo_provider (string)</term> + <listitem> + <para> + The SUDO provider used for the domain. + Supported SUDO providers are: + </para> + <para> + <quote>ldap</quote> for rules stored in LDAP. See + <citerefentry> + <refentrytitle>sssd-ldap</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> for more information on configuring LDAP. + </para> + <para> + <quote>none</quote> disables SUDO explicitly. + </para> + <para> + Default: <quote>id_provider</quote> is used if it + is set. + </para> + </listitem> + </varlistentry> <varlistentry> <term>lookup_family_order (string)</term> |