summaryrefslogtreecommitdiff
path: root/src/man/sssd-ldap.5.xml
AgeCommit message (Collapse)AuthorFilesLines
2012-07-30sudo ldap provider: support autoconfiguration of hostnamesPavel Březina1-3/+3
https://fedorahosted.org/sssd/ticket/1420 sudoHost attribute may contain hostname or fqdn of the machine. Sudo itself supports only one hostname and its fqdn - the one that is returned by gethostbyname(). This patch implements autoconfiguration of hostname and fqdn if it has not been set manually by ldap_sudo_hostnames option.
2012-07-06MAN: Unify "SEE ALSO" sectionsStephen Gallagher1-14/+2
2012-06-29sudo: manpage updatedPavel Březina1-8/+117
Removes old options and adds new ones.
2012-06-13LDAP: Auto-detect support for the ldap match ruleStephen Gallagher1-1/+13
This patch extends the RootDSE lookup so that we will perform a second request to test whether the match rule syntax can be used. If both groups and initgroups are disabled in the configuration, this lookup request can be skipped.
2012-06-13LDAP: Add ldap_*_use_matching_rule_in_chain optionsStephen Gallagher1-0/+47
2012-05-03MAN: Add manpage for ID mappingStephen Gallagher1-0/+21
2012-05-03LDAP: Add objectSID config optionStephen Gallagher1-0/+30
2012-04-20Two manual pages fixesMarco Pizzoli1-1/+1
2012-04-18Fix erronous reference to the 'allow' access_providerStef Walter1-1/+1
* Should be 'permit' instead https://fedorahosted.org/sssd/ticket/1295 Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2012-04-18MAN: Add ldap_sasl_minssf to the manpageStephen Gallagher1-0/+16
2012-04-18MAN: Improve ldap_disable_paging documentationStephen Gallagher1-1/+4
2012-04-18man: document that referral chasing might bring performance penaltyJakub Hrozek1-0/+8
https://fedorahosted.org/sssd/ticket/1265
2012-03-14LDAP: Add AD 2008r2 schemaStephen Gallagher1-1/+4
https://fedorahosted.org/sssd/ticket/1031
2012-02-07fix typos in manualYuri Chornoivan1-1/+1
2012-02-07Two sssd-ldap manual pages fixesJakub Hrozek1-4/+4
Reported by Marco Pizzoli
2012-02-07LDAP: Add support for SSH user public keysJan Cholasta1-0/+10
2012-02-06Update shadowLastChanged attribute during LDAP password changeJan Zeleny1-2/+0
https://fedorahosted.org/sssd/ticket/1019
2012-02-05AUTOFS: LDAP providerJakub Hrozek1-0/+101
2012-01-31LDAP: Add new options for service mapsStephen Gallagher1-0/+70
Adds the new service map options to the SSSDConfig API and the manpages.
2012-01-30Include sudo manual pages only conditionallyJakub Hrozek1-6/+25
2012-01-30SUDO Integration - manual pagePavel Březina1-0/+188
https://fedorahosted.org/sssd/ticket/1109
2012-01-18LDAP: Add option to disable paging controlStephen Gallagher1-0/+24
Fixes https://fedorahosted.org/sssd/ticket/967
2011-12-14Support search bases in RFC2307bis enumerationPavel Březina1-0/+7
https://fedorahosted.org/sssd/ticket/960
2011-12-12Add sdap_connection_expire_timeout optionStephen Gallagher1-0/+17
https://fedorahosted.org/sssd/ticket/1036
2011-11-23Added and modified options for IPA netgroupsJan Zeleny1-0/+22
2011-11-10Fix typos in manual pagesYuri Chornoivan1-1/+1
2011-11-02Support to request canonicalization in LDAP/IPA providerJan Zeleny1-0/+15
https://fedorahosted.org/sssd/ticket/957
2011-11-02LDAP: Update manpages with multiple search base informationStephen Gallagher1-1/+56
2011-10-13man page fix (lists are comma-separated)Jan Zeleny1-2/+2
https://fedorahosted.org/sssd/ticket/1024
2011-09-06Allow turning dereference off by setting the threshold to 0Jakub Hrozek1-0/+4
2011-08-26Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek1-0/+14
https://fedorahosted.org/sssd/ticket/978
2011-07-08Add LDAP access control based on NDS attributesSumit Bose1-0/+50
2011-05-31Changing default to Default for consistencyKaushik Banerjee1-1/+1
2011-05-27Add more detail to ldap_uri manpage entryStephen Gallagher1-1/+13
2011-05-24Make "password" the default for ldap_default_authtok_typeStephen Gallagher1-0/+3
2011-05-20Use dereference when processing RFC2307bis nested groupsJakub Hrozek1-0/+23
Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
2011-04-27Add ldap_page_size configuration optionStephen Gallagher1-0/+14
2011-04-19Add user and group search LDAP filter optionsJakub Hrozek1-0/+37
https://fedorahosted.org/sssd/ticket/647
2011-03-24Add host access control supportPierre Ossman1-0/+24
https://fedorahosted.org/sssd/ticket/746
2011-01-20Add ldap_tls_{cert,key,cipher_suite} config optionsTyson Whitehead1-0/+41
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2011-01-19Add LDAP expire policy base RHDS/IPA attributeSumit Bose1-0/+20
The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
2011-01-19Add LDAP expire policy based on AD attributesSumit Bose1-0/+35
The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
2011-01-17Add ldap_search_enumeration_timeout config optionSumit Bose1-5/+23
2010-12-21Add authorizedService supportStephen Gallagher1-0/+26
https://fedorahosted.org/sssd/ticket/670
2010-12-07Replace krb5_kdcip by krb5_server in LDAP providerSumit Bose1-1/+7
2010-12-06Add ldap_chpass_uri config optionSumit Bose1-0/+34
2010-12-06Add new account expired rule to LDAP access providerSumit Bose1-1/+54
Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
2010-12-01Allow protocol fallback for SRV queriesJakub Hrozek1-0/+5
https://fedorahosted.org/sssd/ticket/691
2010-11-19Fix man pageSumit Bose1-2/+2
Currently sssd does not support authentication via GSSAPI. I think it is not necessary to support it, because if GSSAPI is possible Kerberos should be use for authentication.
2010-11-15Properly document ldap_purge_cache_timeoutStephen Gallagher1-0/+19
Also allow it to be disabled entirely