summaryrefslogtreecommitdiff
path: root/src/man/sssd-ipa.5.xml
AgeCommit message (Collapse)AuthorFilesLines
2013-07-25Fix two minor typosYuri Chornoivan1-1/+1
2013-06-28IPA: Add a server mode optionJakub Hrozek1-0/+19
https://fedorahosted.org/sssd/ticket/1993 SSSD needs to know that it is running on an IPA server and should not look up trusted users and groups with the help of the extdom plugin but do the lookups on its own. For this a new boolean configuration option, is introduced which defaults to false but is set to true during ipa-server-install or during updates of the FreeIPA server if it is not already set.
2013-05-30MAN: state default dyndns interfaceOndrej Kos1-1/+4
https://fedorahosted.org/sssd/ticket/1924
2013-05-14man: Note that IPA updates are secured with GSS-TSIGJakub Hrozek1-1/+2
2013-05-06Fix minor typosYuri Chornoivan1-1/+1
2013-05-03dyndns: new option dyndns_force_tcpJakub Hrozek1-0/+13
https://fedorahosted.org/sssd/ticket/1831 Adds a new option that can be used to force nsupdate to only use TCP to communicate with the DNS server.
2013-05-03dyndns: New option dyndns_update_ptrJakub Hrozek1-0/+20
https://fedorahosted.org/sssd/ticket/1832 While some servers, such as FreeIPA allow the PTR record to be synchronized when the forward record is updated, other servers, including Active Directory, require that the PTR record is synchronized manually. This patch adds a new option, dyndns_update_ptr that automatically generates appropriate DNS update message for updating the reverse zone. This option is off by default in the IPA provider. Also renames be_nsupdate_create_msg to be_nsupdate_create_fwd_msg
2013-05-03dyndns: new option dyndns_refresh_intervalJakub Hrozek1-0/+16
This new options adds the possibility of updating the DNS entries periodically regardless if they have changed or not. This feature will be useful mainly in AD environments where the Windows clients periodically update their DNS records.
2013-05-03Convert IPA-specific options to be back-end agnosticJakub Hrozek1-5/+23
This patch introduces new options for dynamic DNS updates that are not specific to any back end. The current ipa dyndns options are still usable, just with a deprecation warning.
2013-04-10DNS sites support - add IPA SRV pluginPavel Březina1-0/+26
https://fedorahosted.org/sssd/ticket/1032
2013-04-03Fix typos in man pagesYuri Chornoivan1-1/+1
2013-03-19Make the SELinux refresh time configurable.Michal Zidek1-0/+17
Option ipa_selinux_refresh is added to basic ipa options.
2012-11-14Run IPA subdomain provider if IPA ID provider is configuredSumit Bose1-0/+23
To make configuration easier the IPA subdomain provider should be always loaded if the IPA ID provider is configured and the subdomain provider is not explicitly disabled. But to avoid the overhead of regular subdomain requests in setups where no subdomains are used the IPA subdomain provider should behave differently if configured explicit or implicit. If the IPA subdomain provider is configured explicitly, i.e. 'subdomains_provider = ipa' can be found in the domain section of sssd.conf subdomain request are always send to the server if needed. If it is configured implicitly and a request to the server fails with an indication that the server currently does not support subdomains at all, e.g. is not configured to handle trust relationships, a new request will be only send to the server after a long timeout or after a going-online event. To be able to make this distinction this patch save the configuration status to the subdomain context. Fixes https://fedorahosted.org/sssd/ticket/1613
2012-11-14Always start PAC responder if IPA ID provider is configuredSumit Bose1-0/+6
Since the PAC responder is used during the authentication of users from trusted realms it is started automatically if the IPA ID provider is configured for a domain to simplify the configuration. Fixes https://fedorahosted.org/sssd/ticket/1613
2012-10-16Make TTL configurable for dynamic dns updatesJames Hogarth1-0/+14
2012-10-05man: Note that automounter must be restarted to re-read the master mapJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/1563
2012-08-03Fix various typos in documentation.Yuri Chornoivan1-1/+1
2012-08-01Primary server support: new option in IPA providerJan Zeleny1-1/+1
This patch adds support for new config option ipa_backup_server. The description of this option's functionality is included in man page in one of previous patches.
2012-07-06MAN: Unify "SEE ALSO" sectionsStephen Gallagher1-17/+2
2012-06-10IPA subdomains - ask for information about master domainJan Zeleny1-0/+19
The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain.
2012-04-24IPA: Add get-domains targetSumit Bose1-0/+19
2012-02-07AUTOFS: IPA providerJakub Hrozek1-0/+12
2012-02-07IPA: Add host info handlerJan Cholasta1-0/+12
2012-02-06Man pages for the session target and SELinux user maps fetchingJan Zeleny1-0/+140
2012-01-17IPA: Detect nsupdate support for the realm directiveStephen Gallagher1-0/+5
For older platforms, do not add the 'realm' line in the update message
2012-01-14Add info about ipa_host_search_base to man pageJan Zeleny1-0/+29
Also add comment that setting ipa_hbac_support_srchost to False disables search filters given in ipa_host_search_base
2011-11-29Add ipa_hbac_support_srchost option to IPA providerJan Zeleny1-0/+12
don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078
2011-11-23Added and modified options for IPA netgroupsJan Zeleny1-1/+88
2011-11-10Fix typos in manual pagesYuri Chornoivan1-1/+1
2011-11-02Add support to request canonicalization on krb AS requestsJan Zeleny1-0/+17
https://fedorahosted.org/sssd/ticket/957
2011-10-13man page fix (lists are comma-separated)Jan Zeleny1-1/+1
https://fedorahosted.org/sssd/ticket/1024
2011-07-08Add ipa_hbac_treat_deny_as optionStephen Gallagher1-0/+27
By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
2011-07-08Add ipa_hbac_refresh optionStephen Gallagher1-0/+15
This option describes the time between refreshes of the HBAC rules on the IPA server.
2011-02-28Use realm for basedn instead of IPA domainJakub Hrozek1-0/+15
https://fedorahosted.org/sssd/ticket/807
2011-01-19Add ipa_hbac_search_base config optionSumit Bose1-0/+13
2010-10-13Man pages should mention supported providersJan Zeleny1-0/+4
Each back end can support id, auth or access provider, but each back end supports different subset of these. Man pages should describe which providers are supported by each back end. Ticket: #615
2010-05-16Add dynamic DNS updates to FreeIPAStephen Gallagher1-0/+28
This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
2010-05-07Revert "Add dynamic DNS updates to FreeIPA"Stephen Gallagher1-28/+0
This reverts commit 973b7c27c0b294b8b2f120296f64c6a3a36e44b7. While this patch applied cleanly, it was uncompilable. Reverting until it can be properly merged.
2010-05-07Add dynamic DNS updates to FreeIPAStephen Gallagher1-0/+28
This adds two new options: ipa_dyndns_update: Boolean value to select whether this client should automatically update its IP address in FreeIPA DNS. ipa_dyndns_iface: Choose an interface manually to use for updating dynamic DNS. Default is to use the interface associated with the LDAP connection to FreeIPA. This patch supports A and AAAA records. It relies on the presence of the nsupdate tool from the bind-utils package to perform the actual update step. The location of this utility is set at build time, but its availability is determined at runtime (so clients that do not require dynamic update capability do not need to meet this dependency).
2010-05-07Use service discovery in backendsJakub Hrozek1-0/+4
Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+159
Also update BUILD.txt