summaryrefslogtreecommitdiff
path: root/src/man/sssd.conf.5.xml
AgeCommit message (Collapse)AuthorFilesLines
2013-09-05MAN: Document that sss_cache should be run after changing the cache timeoutJakub Hrozek1-0/+13
2013-08-28Add a new option to control subdomain enumerationJakub Hrozek1-0/+27
2013-07-29Netgroups should ignore the 'use_fully_qualified_names' settingStephen Gallagher1-0/+7
Netgroups often have memberNisNetgroup entries included in them that will never process correctly if we require fully-qualified names on the nested lookup. This patch alters the behavior of netgroup lookups to check *all* domains for an unqualified netgroup name, instead of only the ones not requiring fully- qualified names. https://fedorahosted.org/sssd/ticket/2013
2013-07-24Set default DNS resolution timeout to 6 seconds.Michal Zidek1-1/+1
Partially solves ticket: https://fedorahosted.org/sssd/ticket/1966 To avoid the problem mentioned in the ticket above, option dns_discovery_domain must be set properly.
2013-07-17MAN: Clarify the min_id/max_id limits furtherJakub Hrozek1-0/+4
https://fedorahosted.org/sssd/ticket/2005 Some users were confused by our description of min_id/max_id and thought the limits only applied to returning entries from the NSS responder. However, the limits are actually enforced on the back end side, so the entries are not even saved to cache.
2013-06-12Fix minor typosYuri Chornoivan1-2/+2
2013-06-10back end: add refresh expired records periodic taskPavel Březina1-0/+18
https://fedorahosted.org/sssd/ticket/1713 Add new option refresh_expired_interval.
2013-06-06Enhance PAC responder for AD usersSumit Bose1-10/+10
This patch modifies the PAC responder so that it can be used with the AD provider as well. The main difference is that the POSIX UIDs and GIDs are now lookup up with the help of the SID instead of being calculated algorithmically. This was necessary because the AD provider allows either algorithmic mapping or reading the value from attributes stored in AD. Fixes https://fedorahosted.org/sssd/ticket/1558
2013-05-30Allow flat name in the FQname formatJakub Hrozek1-5/+63
https://fedorahosted.org/sssd/ticket/1648 Adds another expansion in the printf format that allows the user to use the domain flat name in the format.
2013-05-23Add a domain config attribute for realmdStef Walter1-0/+9
realmd needs to be able to tag various domains with basic info when it configures a domain.
2013-05-07AD: read flat name and SID of the AD domainSumit Bose1-0/+4
For various features either the flat/short/NetBIOS domain name or the domain SID is needed. Since the responders already try to do a subdomain lookup when and known domain name is encountered I added a subdomain lookup to the AD provider which currently only reads the SID from the base DN and the NetBIOS name from a reply of a LDAP ping. The results are written to the cache to have them available even if SSSD is started in offline mode. Looking up trusted domains can be added later. Since all the needed responder code is already available from the corresponding work for the IPA provider this patch fixes https://fedorahosted.org/sssd/ticket/1468
2013-04-26Document the naming convention for SSSD domainsJakub Hrozek1-0/+2
https://fedorahosted.org/sssd/ticket/1809
2013-04-10Allow using flatname for subdomain home dir templateJakub Hrozek1-1/+9
https://fedorahosted.org/sssd/ticket/1609
2013-04-10Put the override_homedir into an included xml fileJakub Hrozek1-54/+1
The description was duplicated on two places, leading to errors where one was amended but the other was not.
2013-02-10NSS: Add original homedir to home directory template optionsStephen Gallagher1-0/+7
https://fedorahosted.org/sssd/ticket/1805
2013-01-28MAN: Clarify that saving users after enumerating large domain might be CPU ↵Jakub Hrozek1-1/+9
intensive https://fedorahosted.org/sssd/ticket/1732
2012-12-05MAN: Move ssh_known_hosts_timeout documentation to the correct sectionJan Cholasta1-12/+12
2012-11-16MAN: quotation fixOndrej Kos1-1/+1
I noticed that the proxy in auth_provider section of sssd.conf manpage isn't quoted when all others are.
2012-11-15Add ignore_group_members option.Paul B. Henson1-0/+17
https://fedorahosted.org/sssd/ticket/1376
2012-11-14Run IPA subdomain provider if IPA ID provider is configuredSumit Bose1-5/+9
To make configuration easier the IPA subdomain provider should be always loaded if the IPA ID provider is configured and the subdomain provider is not explicitly disabled. But to avoid the overhead of regular subdomain requests in setups where no subdomains are used the IPA subdomain provider should behave differently if configured explicit or implicit. If the IPA subdomain provider is configured explicitly, i.e. 'subdomains_provider = ipa' can be found in the domain section of sssd.conf subdomain request are always send to the server if needed. If it is configured implicitly and a request to the server fails with an indication that the server currently does not support subdomains at all, e.g. is not configured to handle trust relationships, a new request will be only send to the server after a long timeout or after a going-online event. To be able to make this distinction this patch save the configuration status to the subdomain context. Fixes https://fedorahosted.org/sssd/ticket/1613
2012-11-08MAN: Specify the correct location for the force_timeout optionStephen Gallagher1-16/+32
2012-10-18Allow setting the default_shell option per-domain as wellJakub Hrozek1-1/+2
https://fedorahosted.org/sssd/ticket/1583
2012-10-12MAN: improve wording of default_domain parameterJakub Hrozek1-5/+5
2012-10-09Fix typosYuri Chornoivan1-1/+1
2012-10-05man: Note that automounter must be restarted to re-read the master mapJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/1563
2012-10-05SSH: Expire hosts in known_hostsJan Cholasta1-0/+12
2012-10-02Add man page section about provider specific re_expressionSumit Bose1-8/+33
Fixes: https://fedorahosted.org/sssd/ticket/1525
2012-10-01Add new option default_domain_suffixSumit Bose1-0/+24
2012-09-24autofs, sudo, ssh and PAC are not experimental anymoreJakub Hrozek1-21/+0
2012-08-10Document entry_cache_autofs_timeoutJakub Hrozek1-0/+14
2012-08-03Fix various typos in documentation.Yuri Chornoivan1-1/+1
2012-07-27Renamed session provider to selinux providerJan Zeleny1-7/+8
2012-07-20NSS: Add override_shell optionStephen Gallagher1-0/+14
If override_shell is specified in the [nss] section, all users managed by SSSD will have their shell set to this value. If it is specified in the [domain/DOMAINNAME] section, it will apply to only that domain (and override the [nss] value, if any). https://fedorahosted.org/sssd/ticket/1087
2012-07-20MAN: Improvements to the AD provider manpageStephen Gallagher1-0/+16
Add information about ID mapping (including how to disable it) as well as information on how to handle homedir and shell. https://fedorahosted.org/sssd/ticket/1433
2012-07-20MAN: List all available backends for provider optionsStephen Gallagher1-14/+84
https://fedorahosted.org/sssd/ticket/1432
2012-07-10Fix typo: exhasution->exhaustion.Yuri Chornoivan1-1/+1
2012-07-10pac responder: limit access by checking UIDsSumit Bose1-4/+27
A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
2012-07-06MAN: Unify "SEE ALSO" sectionsStephen Gallagher1-32/+2
2012-06-29sudo: manpage updatedPavel Březina1-26/+14
Removes old options and adds new ones.
2012-06-25Set default for subdomain_homedirSumit Bose1-0/+3
2012-06-25Add man page section for the PAC responderSumit Bose1-0/+36
2012-06-18Make the client idle timeout configurableStephen Gallagher1-0/+15
2012-06-12Clarify how comments work in sssd.confAriel Barria1-1/+2
2012-06-12Make re_expression and full_name_format per domain optionsStef Walter1-18/+49
* Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
2012-06-10Allow fast memcache timeout to be configurableJan Zeleny1-0/+12
https://fedorahosted.org/sssd/ticket/1318
2012-05-14Fix typos in message and man pages.Yuri Chornoivan1-2/+2
2012-05-11Bad check for id_provider=local and access_provider=permitAriel Barria1-1/+1
documentation-access_provider Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2012-05-09NSS: Add default_shell optionStephen Gallagher1-0/+15
This option will allow administrators to set a default shell to be used if a user does not have one set in the identity provider. https://fedorahosted.org/sssd/ticket/1289
2012-05-09NSS: Add fallback_homedir optionStephen Gallagher1-0/+18
This option is similar to override_homedir, except that it will take effect only for users that do not have an explicit home directory specified in LDAP. https://fedorahosted.org/sssd/ticket/1250
2012-05-09Clearer documentation for use_fully_qualified_namesStef Walter1-0/+5
* Previously only the side effect was described.