summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--server/examples/sssd.conf4
-rw-r--r--server/man/sssd-ldap.5.xml31
-rw-r--r--server/man/sssd.conf.5.xml14
3 files changed, 31 insertions, 18 deletions
diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf
index 3c4ccbfd..4b04c3d5 100644
--- a/server/examples/sssd.conf
+++ b/server/examples/sssd.conf
@@ -51,7 +51,6 @@ description = Domains served by SSSD
; description = LOCAL migration domain
; enumerate = true
; minId = 500
-; legacy = TRUE
;
; provider = files
@@ -70,7 +69,6 @@ description = Domains served by SSSD
; enumerate = true
; minId = 500
; maxId = 999
-; legacy = FALSE
# Example LDAP domain that uses the proxy backend and the standard nss_ldap
# and pam_ldap modules (Useful until we have good working native ldap backends).
@@ -88,7 +86,6 @@ description = Domains served by SSSD
; description = Proxy request to our LDAP server
; enumerate = false
; minId = 1000
-; legacy = TRUE
;
; provider = proxy
; libName = ldap
@@ -106,6 +103,7 @@ description = Domains served by SSSD
; provider = ldap
; auth-module = ldap
; ldapUri = ldap://your.ad.server.com
+; ldapSchema = rfc2307bis
; userSearchBase = cn=users,dc=example,dc=com
; groupSearchBase = cn=users,dc=example,dc=com
; defaultBindDn = cn=Administrator,cn=Users,dc=example,dc=com
diff --git a/server/man/sssd-ldap.5.xml b/server/man/sssd-ldap.5.xml
index aa33c713..f21f0ea0 100644
--- a/server/man/sssd-ldap.5.xml
+++ b/server/man/sssd-ldap.5.xml
@@ -62,6 +62,35 @@
</varlistentry>
<varlistentry>
+ <term>ldapSchema (string)</term>
+ <listitem>
+ <para>
+ Specifies the Schema Type in use on the target LDAP
+ server.
+ Depending on the selected schema the default
+ attribute names retrieved from the servers may vary.
+ Also the way some attributes are handled may differ.
+
+ There are currently 2 schema types supported:
+ rfc2307
+ rfc2307bis
+
+ The main difference between these 2 schema types is
+ how group memberships are recorder in the server.
+ With rfc2307 group members are listed by name in an
+ attribute called <emphasis>memberUid</emphasis>.
+ With rfc2307bis grpoup members are listed by DN and
+ stored in an attribute called
+ <emphasis>member</emphasis>.
+
+ </para>
+ <para>
+ Default: rfc2307
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>defaultBindDn (string)</term>
<listitem>
<para>
@@ -306,7 +335,7 @@
the members of the group.
</para>
<para>
- Default: memberuid
+ Default: memberuid (rfc2307) / member (rfc2307bis)
</para>
</listitem>
</varlistentry>
diff --git a/server/man/sssd.conf.5.xml b/server/man/sssd.conf.5.xml
index 1bf72872..df3ee82a 100644
--- a/server/man/sssd.conf.5.xml
+++ b/server/man/sssd.conf.5.xml
@@ -495,20 +495,6 @@
</varlistentry>
<varlistentry>
- <term>legacy (bool)</term>
- <listitem>
- <para>
- A legacy domain is a strictly POSIX domain in
- terms of attributes it supports. Groups in legacy
- domains can't be nested.
- </para>
- <para>
- Default: FALSE
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
<term>store-legacy-passwords (bool)</term>
<listitem>
<para>