summaryrefslogtreecommitdiff
path: root/src/man/sssd-ldap.5.xml
AgeCommit message (Collapse)AuthorFilesLines
2011-03-24Add host access control supportPierre Ossman1-0/+24
https://fedorahosted.org/sssd/ticket/746
2011-01-20Add ldap_tls_{cert,key,cipher_suite} config optionsTyson Whitehead1-0/+41
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2011-01-19Add LDAP expire policy base RHDS/IPA attributeSumit Bose1-0/+20
The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
2011-01-19Add LDAP expire policy based on AD attributesSumit Bose1-0/+35
The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
2011-01-17Add ldap_search_enumeration_timeout config optionSumit Bose1-5/+23
2010-12-21Add authorizedService supportStephen Gallagher1-0/+26
https://fedorahosted.org/sssd/ticket/670
2010-12-07Replace krb5_kdcip by krb5_server in LDAP providerSumit Bose1-1/+7
2010-12-06Add ldap_chpass_uri config optionSumit Bose1-0/+34
2010-12-06Add new account expired rule to LDAP access providerSumit Bose1-1/+54
Two new options are added to the LDAP access provider to allow a broader range of access control rules to be evaluated. 'ldap_access_order' makes it possible to run more than one rule. To keep compatibility with older versions the default is 'filter'. This patch adds a new rule 'expire'. 'ldap_account_expire_policy' specifies which LDAP attribute should be used to determine if an account is expired or not. Currently only 'shadow' is supported which evaluates the ldap_user_shadow_expire attribute.
2010-12-01Allow protocol fallback for SRV queriesJakub Hrozek1-0/+5
https://fedorahosted.org/sssd/ticket/691
2010-11-19Fix man pageSumit Bose1-2/+2
Currently sssd does not support authentication via GSSAPI. I think it is not necessary to support it, because if GSSAPI is possible Kerberos should be use for authentication.
2010-11-15Properly document ldap_purge_cache_timeoutStephen Gallagher1-0/+19
Also allow it to be disabled entirely
2010-11-05Review comments for namingContexts patchesSumit Bose1-9/+3
2010-11-04Make ldap_search_base a non-mandatory optionSumit Bose1-3/+20
2010-10-22Add ldap_deref optionSumit Bose1-0/+35
2010-10-18Move all references to ldap_<entity>_search_base to "advanced" sectionJan Zeleny1-42/+52
The <entity> can be one of user, group or netgroup. The references were removed from example configuration and they were moved from section Configuration options to section Advanced options. Ticket: #607
2010-10-18Add option to limit nested groupsSimo Sorce1-0/+16
2010-10-13Add infrastructure to LDAP provider for netgroup supportSumit Bose1-0/+91
2010-10-13Add KDC to the list of LDAP optionsJakub Hrozek1-0/+18
2010-10-13Man pages should mention supported providersJan Zeleny1-5/+7
Each back end can support id, auth or access provider, but each back end supports different subset of these. Man pages should describe which providers are supported by each back end. Ticket: #615
2010-09-08Deobfuscate password in back endsJakub Hrozek1-1/+10
When obfuscated password is used in config file, the LDAP backend converts it back to clear text and uses it to authenticate to the server.
2010-09-07Reviewed sssd-ldap man pageJan Zeleny1-7/+207
Some config options updated, newly documented 12 new options.
2010-06-16Standardize on correct spelling of "principal" for krb5Stephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/542
2010-05-27Add ldap_access_filter optionStephen Gallagher1-0/+39
This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
2010-05-16Add ldap_krb5_ticket_lifetime optionSumit Bose1-0/+13
2010-05-07Use service discovery in backendsJakub Hrozek1-3/+17
Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+688
Also update BUILD.txt