From 8592686dfcd2e682e847a136716f840b35f639de Mon Sep 17 00:00:00 2001 From: Jan Zeleny Date: Wed, 25 Aug 2010 09:27:31 +0200 Subject: Reviewed sssd-ldap man page Some config options updated, newly documented 12 new options. --- src/man/sssd-ldap.5.xml | 214 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 207 insertions(+), 7 deletions(-) (limited to 'src/man/sssd-ldap.5.xml') diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 333ab31e..346faf8d 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -87,17 +87,17 @@ attribute names retrieved from the servers may vary. The way that some attributes are handled may also differ. - Two schema types are currently supported: + Three schema types are currently supported: rfc2307 rfc2307bis + IPA - The main difference between these two schema types is + The main difference between these schema types is how group memberships are recorded in the server. With rfc2307, group members are listed by name in the memberUid attribute. - With rfc2307bis, group members are listed by DN and - stored in the member attribute. - + With rfc2307bis and IPA, group members are listed by DN + and stored in the member attribute. Default: rfc2307 @@ -252,6 +252,160 @@ + + ldap_user_modify_timestamp (string) + + + The LDAP attribute that contains timestamp of the + last modification of the parent object. + + + Default: modifyTimestamp + + + + + + ldap_user_shadow_last_change (string) + + + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + + shadow + 5 + counterpart (date of the last + password change). + + + Default: shadowLastChange + + + + + + ldap_user_shadow_min (string) + + + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + + shadow + 5 + counterpart (minimum password age). + + + Default: shadowMin + + + + + + ldap_user_shadow_max (string) + + + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + + shadow + 5 + counterpart (maximum password age). + + + Default: shadowMax + + + + + + ldap_user_shadow_warning (string) + + + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + + shadow + 5 + counterpart (password warning + period). + + + Default: shadowWarning + + + + + + ldap_user_shadow_inactive (string) + + + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + + shadow + 5 + counterpart (password inactivity + period). + + + Default: shadowInactive + + + + + + ldap_user_shadow_expire (string) + + + When using ldap_pwd_policy=shadow, this parameter + contains the name of an LDAP attribute corresponding + to its + + shadow + 5 + counterpart (account expiration date). + + + Default: shadowExpire + + + + + + ldap_user_krb_last_pwd_change (string) + + + When using ldap_pwd_policy=mit_kerberos, this + parameter contains the name of an LDAP attribute + storing the date and time of last password change + in kerberos. + + + Default: krbLastPwdChange + + + + + + ldap_user_krb_password_expiration (string) + + + When using ldap_pwd_policy=mit_kerberos, this + parameter contains the name of an LDAP attribute + storing the date and time when current password + expires. + + + Default: krbPasswordExpiration + + + + ldap_user_principal (string) @@ -281,6 +435,20 @@ + + ldap_enumeration_refresh_timeout (integer) + + + The LDAP attribute that contains how many seconds + SSSD has to wait before refreshing its cache of + enumerated records. + + + Default: 300 + + + + ldap_user_fullname (string) @@ -385,6 +553,38 @@ + + ldap_group_modify_timestamp (string) + + + The LDAP attribute that contains timestamp of the + last modification of the parent object. + + + Default: modifyTimestamp + + + + + + ldap_search_timeout (integer) + + + Specifies the timeout (in seconds) that ldap searches + are allowed to run before they are cancelled and + cached results are returned (and offline mode is + entered) + + Note: this option is subject to change in future versions + of the SSSD. It will likely be replaced at some point by + a series of timeouts for specific lookup types. + + + Default: 60 + + + + ldap_network_timeout (integer) @@ -406,7 +606,7 @@ returns in case of no activity. - Default: 5 + Default: 6 @@ -421,7 +621,7 @@ when communicating with the KDC in case of SASL bind. - Default: 5 + Default: 6 -- cgit