From e267b6ac27f6755482de0a3503f987d4b8592c43 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 2 Jun 2009 23:25:46 +0200 Subject: man page for LDAP domains --- server/man/sssd-ldap.5.xml | 232 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 232 insertions(+) create mode 100644 server/man/sssd-ldap.5.xml (limited to 'server/man') diff --git a/server/man/sssd-ldap.5.xml b/server/man/sssd-ldap.5.xml new file mode 100644 index 00000000..85122092 --- /dev/null +++ b/server/man/sssd-ldap.5.xml @@ -0,0 +1,232 @@ + + + +SSSD Manual pages + + + + + sssd-ldap + 5 + File Formats and Conventions + + + + sssd-ldap + the configuration file for SSSD + + + + DESCRIPTION + + This manual page describes the configuration of LDAP + domains for + + sssd + 8 + . + For detailed syntax reference, please refer to + + sssd.conf + 5 + manual page, section FILE FORMAT + + + There can be more than one LDAP domain configured with SSSD. + + + + + CONFIGURATION OPTIONS + + All the common configuration options for SSSD domains apply + for LDAP domains, too. See the + + sssd.conf + 5 + manual page, section DOMAIN SECTIONS + + + + ldapUri (string) + + + Specifies the URI of the LDAP server to which + SSSD should connect. + + + Default: ldap://localhost + + + + + + defaultBindDn (string) + + + The default bind DN to use for + performing LDAP operations. + + + + + + userSearchBase (string) + + + The default base DN to use for + performing LDAP operations. + + + + + + userNameAttribute (string) + + + The LDAP attribute that corresponds to + user's login name. + + + Default: uid + + + + + + userObjectClass (string) + + + The object class of a user entry in LDAP. + + + Default: posixAccount + + + + + + network_timeout (integer) + + + Specifies the timeout (in seconds) after which + the + + poll + 2 + / + select + 2 + + following a + + connect + 2 + + returns in case of no activity. + + + Default: 5 + + + + + + opt_timeout (integer) + + + Specifies a timeout (in seconds) after which + calls to synchronous LDAP APIs will abort if no + response is received. + + + Default: 5 + + + + + + tls_reqcert (string) + + + Specifies what checks to perform on server + certificates in a TLS session, if any. It + can be specified as one of the following + values: + + + never = The client will + not request or check any server certificate. + + + allow = The server + certificate is requested. If no certificate is + provided, the session proceeds normally. If a + bad certificate is provided, it will be ignored + and the session proceeds normally. + + + try = The server certificate + is requested. If no certificate is provided, the + session proceeds normally. If a bad certificate + is provided, the session is immediately terminated. + + + demand = The server + certificate is requested. If no certificate + is provided, or a bad certificate is provided, + the session is immediately terminated. + + + hard = Same as + demand + + + + + + + + + + EXAMPLE + + The following example assumes that SSSD is correctly + configured and LDAP is set set one of the domains in the + [domains] section. + + + + [domains/LDAP] + auth-module = ldap + ldapUri = ldap://ldap.mydomain.org + userSearchBase = dc=mydomain,dc=org + + + + + + NOTES + + Description of some of the configuration options in this manual + page is based on + ldap.conf + 5 + manual page from the OpenLDAP 2.4 distribution. + + + + + SEE ALSO + + + sssd.conf5 + , + + sssd8 + + + + + -- cgit