nl.po revision 333b7970cc60c6277363c80564456a716c2d6634
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher# SOME DESCRIPTIVE TITLE
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher# Copyright (C) YEAR Red Hat
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher# This file is distributed under the same license as the sssd-docs package.
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Project-Id-Version: SSSD\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"POT-Creation-Date: 2011-04-27 11:41-0300\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"PO-Revision-Date: 2011-03-08 15:06+0000\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Language-Team: LANGUAGE <LL@li.org>\n"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Language: nl\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"MIME-Version: 1.0\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Content-Type: text/plain; charset=UTF-8\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Content-Transfer-Encoding: 8bit\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Plural-Forms: nplurals=2; plural=(n != 1)\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "SSSD Manual pages"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "SSSD handleiding"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_groupmod"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "sss_groupmod"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refmeta><manvolnum>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "modify a group"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "muteer een groep"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>opties</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROEP</replaceable></"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:41
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "DESCRIPTION"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "OMSCHRIJVING"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_groupmod</command> modifies the group to reflect the changes "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"that are specified on the command line."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_groupmod</command> muteert de groep en maakt de aanpassingen "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"die via de opdrachtregel ingegeven zijn."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#: sss_groupmod.8.xml:39 pam_sss.8.xml:48 sssd.8.xml:42 sss_obfuscate.8.xml:58
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "OPTIONS"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "OPTIES"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Append this group to groups specified by the <replaceable>GROUPS</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"a comma separated list of group names."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Voeg deze groep toe aan de groepen opgegeven met de <replaceable>GROEPEN</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> parameter. De <replaceable>GROEPEN</replaceable> parameter is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"een kommagescheiden lijst van groepnamen."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Remove this group from groups specified by the <replaceable>GROUPS</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> parameter."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Verwijder deze groep uit de groepen opgegeven in de <replaceable>GROEPEN</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> parameter."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1464
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sss_useradd.8.xml:167 sssd-krb5.5.xml:433 sss_groupadd.8.xml:58
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "SEE ALSO"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "ZIE OOK"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refmeta><manvolnum>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "File Formats and Conventions"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Bestandsformaten en conventies"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "the configuration file for SSSD"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "het configuratiebestand voor SSSD"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "FILE FORMAT"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "BESTANDSFORMAAT"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" <replaceable>[section]</replaceable>\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" <replaceable>[sectie]</replaceable>\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" <replaceable>sleutel</replaceable> = <replaceable>waarde</replaceable>\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" <replaceable>sleutel2</replaceable> = <replaceable>waarde2,waarde3</replaceable>\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The file has an ini-style syntax and consists of sections and parameters. A "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"section begins with the name of the section in square brackets and continues "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"until the next section begins. An example of section with single and multi-"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Het bestand heeft een ini-stijl syntaxis en bestaat uit secties en "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"parameters. Een sectie begint met de naam van de sectie in rechte haken en "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"gaat verder totdat de volgende sectie begint. Een voorbeeld van een sectie "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"met een enkele en een meervoudige parameter: <placeholder type="
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"\"programlisting\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The data types used are string (no quotes needed), integer and bool (with "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"values of <quote>TRUE/FALSE</quote>)."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"De datatypes gebruikt zijn tekst (geen quotes vereisd), numeriek en "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"booleaans (met de waardes <quote>TRUE/FALSE</quote>)."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"(<quote>;</quote>)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Een regel met kommentaar begint met een hekje (<quote>#</quote>) of een "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"puntkomma (<quote>;</quote>)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"All sections can have an optional <replaceable>description</replaceable> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"parameter. Its function is only as a label for the section."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Alle secties kunnen een optionele <replaceable>description</replaceable> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"parameter bevatten. Dit fungeert slechts als label voor de sectie."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<filename>sssd.conf</filename> must be a regular file, owned by root and "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"only root may read from or write to the file."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<filename>sssd.conf</filename> moet een standaardbestand zijn, de eigenaar "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"moet root zijn en alleen root mag hem lezen en schrijven."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "SPECIAL SECTIONS"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "SPECIALE SECTIES"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The [sssd] section"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "De [sssd] sectie"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Section parameters"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Sectie parameters"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "config_file_version (integer)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "config_file_version (numeriek)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Geeft aan welke syntaxis de configuratie gebruikt. SSSD 0.6.0 en hoger "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"gebruiken versie 2."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "services"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "diensten"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Comma separated list of services that are started when sssd itself starts."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Kommagescheiden lijst van diensten die gestart worden als sssd zelf start."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Supported services: nss, pam"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Ondersteunde diensten: nss, pam"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "reconnection_retries (integer)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "reconnection_retries (numeriek)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Number of times services should attempt to reconnect in the event of a Data "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Provider crash or restart before they give up"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Aantal keer dat de service moet proberen om opnieuw te verbinden indien een "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 3"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Standaard: 3"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "domains"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "domeinen"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"A domain is a database containing user information. SSSD can use more "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"domains at the same time, but at least one must be configured or SSSD won't "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"start. This parameter described the list of domains in the order you want "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"them to be queried."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Een domein is een databank met gebruikersinformatie. SSSD kan meerdere "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"domeinen tegelijkertijd gebruiken, maar er moet op zijn minst één domein "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"geconfigureerd zijn, anders start SSSD niet. Deze parameter omschrijft de "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"lijst van domeinen in de volgorde die SSSD ze moet aflopen."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "re_expression (string)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "re_expression (tekst)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Regular expression that describes how to parse the string containing user "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"name and domain into these components."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Reguliere expressie die omschrijft hoe de tekst die de gebruikers- en "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"domeinnaam verwerkt moeten worden."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"which translates to \"the name is everything up to the <quote>@</quote> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"sign, the domain everything after that\""
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Standaard: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"wat zich vertaalt tot \"de gebruikersnaam is alles tot <quote>@</quote> , "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"het domein alles daarna\""
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"PLEASE NOTE: the support for non-unique named subpatterns is not available "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"version 7 or higher can support non-unique named subpatterns."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"P<name>) to label subpatterns."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"MER OOK OP: oudere versies van libpcre ondersteunen alleen de Pyton syntaxis "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"(?P<name>) om subpatronen aan te geven."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "full_name_format (string)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "full_name_format (tekst)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>-compatible format that describes how to translate "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"a (name, domain) tuple into a fully qualified name."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Een <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>-compatibel formaat wat omschrijft hoe een tuple "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"(met name, domain) vertaald wordt in een full qualified name."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: <quote>%1$s@%2$s</quote>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Standaard: <quote>%1$s@%2$s</quote>."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "try_inotify (boolean)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "try_inotify (bool)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"SSSD monitors the state of resolv.conf to identify when it needs to update "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"its internal DNS resolver. By default, we will attempt to use inotify for "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"this, and will fall back to polling resolv.conf every five seconds if "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"inotify cannot be used."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"SSSD houdt de stat van resolv.conf in de gaten om te zien wanneer de interne "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"DNS-resolver bijgewerkt moet worden. Standaard wordt er geprobeerd om "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"inotify te gebruiken en er wordt teruggevallen op iedere vijf seconden "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"There are some limited situations where it is preferred that we should skip "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"even trying to use inotify. In these rare cases, this option should be set "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Er zijn een aantal situaties waarin het de voorkeur heeft dat we het gebruik "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"van inotify uitschakelen. In deze zeldzame gevallen kan de optie op 'false' "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Default: true on platforms where inotify is supported. False on other "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Standaard: true op systemen waar inotify is ondersteund. False op andere "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Note: this option will have no effect on platforms where inotify is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"unavailable. On these platforms, polling will always be used."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Merk op: deze optie heeft geen effect op systemen waar inotify niet "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"beschikbaar is. Op deze systemen wordt altijd periodiek gekeken naar resolv."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Individual pieces of SSSD functionality are provided by special SSSD "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"services that are started and stopped together with SSSD. The services are "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"managed by a special service frequently called <quote>monitor</quote>. The "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>[sssd]</quote> section is used to configure the monitor as well as "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"some other important options like the identity domains. <placeholder type="
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"\"variablelist\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "SERVICES SECTIONS"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "SERVICES SECTIE"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Settings that can be used to configure different services are described in "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"section, for example, for NSS service, the section would be <quote>[nss]</"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "General service configuration options"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Algemene service configuratie-opties"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "These options can be used to configure any service."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Deze opties kunnen gebruikt worden om services te configureren."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "debug_level (integer)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "debug_level (numeriek)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Sets the debug level for the service. The value can be in range from 0 (only "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"critical messages) to 10 (very verbose)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 0"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Standaard: 0"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "debug_timestamps (bool)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "debug_timestamps (bool)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Add a timestamp to the debug messages"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Voeg een tijdstempel toe aan de debugberichten"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:1049
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: true"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Standaard: true"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "command (string)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "command (tekst)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"By default, the executable representing this service is called <command>sssd_"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"${service_name}</command>. This directive allows to change the executable "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"name for the service. In the vast majority of configurations, the default "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"values should suffice."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: <command>sssd_${service_name}</command>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Standaard: <command>sssd_${service_name}</command>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "NSS configuration options"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "NSS configuratie-opties"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"These options can be used to configure the Name Service Switch (NSS) service."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Deze opties kunnen worden gebruikt om de Name Serice Switch (NSS) service te "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "enum_cache_timeout (integer)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "enum_cache_timeout (numeriek)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"How many seconds should nss_sss cache enumerations (requests for info about "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"over alle gebruikers)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 120"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Standaard: 120"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "entry_cache_nowait_percentage (integer)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "entry_cache_nowait_percentage (numeriek)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The entry cache can be set to automatically update entries in the background "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"if they are requested beyond a percentage of the entry_cache_timeout value "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"for the domain."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"For example, if the domain's entry_cache_timeout is set to 30s and "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"after 15 seconds past the last cache update will be returned immediately, "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"but the SSSD will go and update the cache on its own, so that future "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"requests will not need to block waiting for a cache update."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Valid values for this option are 0-99 and represent a percentage of the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"entry_cache_timeout for each domain. For performance reasons, this "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"percentage will never reduce the nowait timeout to less than 10 seconds. (0 "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"disables this feature)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "entry_negative_timeout (integer)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "entry_negative_timeout (numeriek)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies for how many seconds nss_sss should cache negative cache hits "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"(that is, queries for invalid database entries, like nonexistent ones) "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"before asking the back end again."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 15"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "filter_users, filter_groups (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Exclude certain users from being fetched from the sss NSS database. This is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"particularly useful for system accounts. This option can also be set per-"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"domain or include fully-qualified names to filter only users from the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"particular domain."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: root"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "filter_users_in_groups (bool)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If you want filtered user still be group members set this option to false."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "PAM configuration options"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"These options can be used to configure the Pluggable Authentication Module "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"(PAM) service."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "offline_credentials_expiration (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If the authentication provider is offline, how long should we allow cached "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"logins (in days since the last successful online login)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 0 (No limit)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "offline_failed_login_attempts (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If the authentication provider is offline, how many failed login attempts "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "offline_failed_login_delay (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The time in minutes which has to pass after offline_failed_login_attempts "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"has been reached before a new login attempt is possible."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If set to 0 the user cannot authenticate offline if "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"offline_failed_login_attempts has been reached. Only a successful online "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"authentication can enable enable offline authentication again."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 5"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "pam_verbosity (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Controls what kind of messages are shown to the user during authentication. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The higher the number to more messages are displayed."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Currently sssd supports the following values:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>0</emphasis>: do not show any message"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>1</emphasis>: show only important messages"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>2</emphasis>: show informational messages"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>3</emphasis>: show all messages and debug information"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 1"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "pam_id_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"For any PAM request while SSSD is online, the SSSD will attempt to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"immediately update the cached identity information for the user in order to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"ensure that authentication takes place with the latest information."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"A complete PAM conversation may perform multiple PAM requests, such as "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"account management and session opening. This option controls (on a per-"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"client-application basis) how long (in seconds) we can cache the identity "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"information to avoid excessive round-trips to the identity provider."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "pam_pwd_expiration_warning (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Display a warning N days before the password expires."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that the backend server has to provide information about the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"expiration time of the password. If this information is missing, sssd "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"cannot display a warning."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 7"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "DOMAIN SECTIONS"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "min_id,max_id (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"UID and GID limits for the domain. If a domain contains an entry that is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"outside these limits, it is ignored."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"For users, this affects the primary GID limit. The user will not be returned "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"to NSS if either the UID or the primary GID is outside the range. For non-"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"primary group memberships, those that are in range will be reported as "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 1 for min_id, 0 (no limit) for max_id"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Timeout in seconds between heartbeats for this domain. This is used to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"ensure that the backend process is alive and capable of answering requests."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 10"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "enumerate (bool)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Determines if a domain can be enumerated. This parameter can have one of the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"following values:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "TRUE = Users and groups are enumerated"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "FALSE = No enumerations for this domain"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: FALSE"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Note: Enabling enumeration has a moderate performance impact on SSSD while "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"enumeration is running. It may take up to several minutes after SSSD startup "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"to fully complete enumerations. During this time, individual requests for "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"information will go directly to LDAP, though it may be slow, due to the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"heavy enumeration processing."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"While the first enumeration is running, requests for the complete user or "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"group lists may return no results until it completes."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Further, enabling enumeration may increase the time necessary to detect "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"network disconnection, as longer timeouts are required to ensure that "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"enumeration lookups are completed successfully. For more information, refer "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"to the man pages for the specific id_provider in use."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "entry_cache_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"How many seconds should nss_sss consider entries valid before asking the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"backend again"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 5400"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "cache_credentials (bool)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Determines if user credentials are also cached in the local LDB cache"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "account_cache_expiration (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Number of days entries are left in cache after last successful login before "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"being removed during a cleanup of the cache. 0 means keep forever. The "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"value of this parameter must be greater than or equal to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"offline_credentials_expiration."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 0 (unlimited)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "id_provider (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The Data Provider identity backend to use for this domain."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Supported backends:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "proxy: Support a legacy NSS provider"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "local: SSSD internal local provider"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap: LDAP provider"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "use_fully_qualified_names (bool)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If set to TRUE, all requests to this domain must use fully qualified names. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"For example, if used in LOCAL domain that contains a \"test\" user, "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>getent passwd test</command> wouldn't find the user while "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>getent passwd test@LOCAL</command> would."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "auth_provider (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The authentication provider used for the domain. Supported auth providers "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> for more information on configuring LDAP."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> for more information on configuring Kerberos."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>proxy</quote> for relaying authentication to some other PAM target."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<quote>none</quote> disables authentication explicitly."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Default: <quote>id_provider</quote> is used if it is set and can handle "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"authentication requests."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "access_provider (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The access control provider used for the domain. There are two built-in "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"access providers (in addition to any included in installed backends) "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Internal special providers are:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<quote>permit</quote> always allow access."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<quote>deny</quote> always deny access."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>simple</quote> access control based on access or deny lists. See "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum></citerefentry> for more information on configuring the simple "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"access module."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: <quote>permit</quote>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "chpass_provider (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The provider which should handle change password operations for the domain. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Supported change password providers are:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>ipa</quote> to change a password stored in an IPA server. See "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> for more information on configuring IPA."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>ldap</quote> to change a password stored in a LDAP server. See "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> for more information on configuring LDAP."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> for more information on configuring Kerberos."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>proxy</quote> for relaying password changes to some other PAM target."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<quote>none</quote> disallows password changes explicitly."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Default: <quote>auth_provider</quote> is used if it is set and can handle "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"change password requests."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "lookup_family_order (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Provides the ability to select preferred address family to use when "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"performing DNS lookups."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Supported values:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: ipv4_first"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "dns_resolver_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Defines the amount of time (in seconds) to wait for a reply from the DNS "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"resolver before assuming that it is unreachable. If this timeout is reached, "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"the domain will continue to operate in offline mode."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "dns_discovery_domain (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If service discovery is used in the back end, specifies the domain part of "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the service discovery DNS query."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: Use the domain part of machine's hostname"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"These configuration options can be present in a domain configuration "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "proxy_pam_target (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The proxy target PAM proxies to."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Default: not set by default, you have to take an existing pam configuration "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"or create a new one and add the service name here."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "proxy_lib_name (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The name of the NSS library to use in proxy domains. The NSS functions "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"searched for in the library are in the form of _nss_$(libName)_$(function), "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"for example _nss_files_getpwent."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The local domain section"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This section contains settings for domain that stores users and groups in "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"SSSD native database, that is, a domain that uses "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<replaceable>id_provider=local</replaceable>."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "default_shell (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The default shell for users created with SSSD userspace tools."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: <filename>/bin/bash</filename>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "base_directory (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The tools append the login name to <replaceable>base_directory</replaceable> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"and use that as the home directory."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: <filename>/home</filename>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "create_homedir (bool)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Indicate if a home directory should be created by default for new users. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Can be overridden on command line."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: TRUE"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "remove_homedir (bool)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Indicate if a home directory should be removed by default for deleted "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"users. Can be overridden on command line."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "homedir_umask (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"on a newly created home directory."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 077"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "skel_dir (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The skeleton directory, which contains files and directories to be copied in "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"the user's home directory, when the home directory is created by "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: <filename>/etc/skel</filename>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "mail_dir (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The mail spool directory. This is needed to manipulate the mailbox when its "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"corresponding user account is modified or deleted. If not specified, a "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"default value is used."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: <filename>/var/mail</filename>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "userdel_cmd (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The command that is run after a user is removed. The command us passed the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"username of the user being removed as the first and only parameter. The "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"return code of the command is not taken into account."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: None, no command is run"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1432 sssd-simple.5.xml:126
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "EXAMPLE"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"domains = LDAP\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"services = nss, pam\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"config_file_version = 2\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"filter_groups = root\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"filter_users = root\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"id_provider = ldap\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"ldap_uri = ldap://ldap.example.com\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"ldap_search_base = dc=example,dc=com\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"auth_provider = krb5\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"krb5_realm = EXAMPLE.COM\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"cache_credentials = true\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"min_id = 10000\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"max_id = 20000\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"enumerate = False\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The following example shows a typical SSSD config. It does not describe "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"configuration of the domains themselves - refer to documentation on "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"configuring domains for more details. <placeholder type=\"programlisting\" "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sssd-ldap"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This manual page describes the configuration of LDAP domains for "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> manual page for detailed syntax information."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "You can configure SSSD to use more than one LDAP domain."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"LDAP back end supports id, auth, access and chpass providers. If you want to "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"over an unencrypted channel. If the LDAP server is used only as an identity "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"provider, an encrypted channel is not needed. Please refer to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>ldap_access_filter</quote> config option for more information about "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"using LDAP as an access provider."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "CONFIGURATION OPTIONS"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_uri (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the list of URIs of the LDAP servers to which SSSD should connect "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"in the order of preference. Refer to the <quote>FAILOVER</quote> section for "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"more information on failover and server redundancy. If not specified, "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"service discovery is enabled. For more information, refer to the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>SERVICE DISCOVERY</quote> section."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_chpass_uri (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the list of URIs of the LDAP servers to which SSSD should connect "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"in the order of preference to change the password of a user. Refer to the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>FAILOVER</quote> section for more information on failover and server "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "To enable service discovery ldap_chpass_dns_service_name must be set."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: empty, i.e. ldap_uri is used."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_search_base (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The default base DN to use for performing LDAP user operations."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Default: If not set the value of the defaultNamingContext or namingContexts "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"attribute from the RootDSE of the LDAP server is used. If "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"defaultNamingContext does not exists or has an empty value namingContexts is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"used. The namingContexts attribute must have a single value with the DN of "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"the search base of the LDAP server to make this work. Multiple values are "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"are not supported."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_schema (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the Schema Type in use on the target LDAP server. Depending on "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the selected schema, the default attribute names retrieved from the servers "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"may vary. The way that some attributes are handled may also differ. Three "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"difference between these schema types is how group memberships are recorded "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"in the server. With rfc2307, group members are listed by name in the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"members are listed by DN and stored in the <emphasis>member</emphasis> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: rfc2307"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_default_bind_dn (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The default bind DN to use for performing LDAP operations."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_default_authtok_type (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The type of the authentication token of the default bind DN."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The two mechanisms currently supported are:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "password"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "obfuscated_password"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_default_authtok (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The authentication token of the default bind DN. Only clear text passwords "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"are currently supported."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_object_class (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The object class of a user entry in LDAP."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: posixAccount"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_name (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the user's login name."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: uid"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_uid_number (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the user's id."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: uidNumber"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_gid_number (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the user's primary group id."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: gidNumber"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_gecos (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the user's gecos field."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: gecos"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_home_directory (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallaghermsgid "The LDAP attribute that contains the name of the user's home directory."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: homeDirectory"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_shell (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that contains the path to the user's default shell."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: loginShell"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_uuid (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:278 sssd-ldap.5.xml:668 sssd-ldap.5.xml:761
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: nsUniqueId"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_modify_timestamp (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:287 sssd-ldap.5.xml:677 sssd-ldap.5.xml:770
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The LDAP attribute that contains timestamp of the last modification of the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"parent object."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:291 sssd-ldap.5.xml:681 sssd-ldap.5.xml:774
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: modifyTimestamp"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_shadow_last_change (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"the last password change)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: shadowLastChange"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_shadow_min (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"password age)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: shadowMin"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_shadow_max (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"password age)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: shadowMax"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_shadow_warning (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"(password warning period)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: shadowWarning"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_shadow_inactive (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"(password inactivity period)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: shadowInactive"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_shadow_expire (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"parameter contains the name of an LDAP attribute corresponding to its "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> counterpart (account expiration date)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: shadowExpire"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_krb_last_pwd_change (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"an LDAP attribute storing the date and time of last password change in "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: krbLastPwdChange"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_krb_password_expiration (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"an LDAP attribute storing the date and time when current password expires."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: krbPasswordExpiration"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_ad_account_expires (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_account_expire_policy=ad, this parameter contains the name "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"of an LDAP attribute storing the expiration time of the account."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: accountExpires"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_ad_user_account_control (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_account_expire_policy=ad, this parameter contains the name "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"of an LDAP attribute storing the user account control bit field."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: userAccountControl"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_ns_account_lock (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"determines if access is allowed or not."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: nsAccountLock"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_principal (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The LDAP attribute that contains the user's Kerberos User Principal Name "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: krbPrincipalName"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_force_upper_case_realm (boolean)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Some directory servers, for example Active Directory, might deliver the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"realm part of the UPN in lower case, which might cause the authentication to "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"fail. Set this option to a non-zero value if you want to use an upper-case "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:504 sssd-ldap.5.xml:995 sssd-ipa.5.xml:115 sssd.8.xml:64
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: false"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_enumeration_refresh_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The LDAP attribute that contains how many seconds SSSD has to wait before "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"refreshing its cache of enumerated records."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 300"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_purge_cache_timeout"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Determine how often to check the cache for inactive entries (such as groups "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"with no members and users who have never logged in) and remove them to save "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Setting this option to zero will disable the cache cleanup operation."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 10800 (12 hours)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_fullname (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the user's full name."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:550 sssd-ldap.5.xml:629 sssd-ldap.5.xml:722
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: cn"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_member_of (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that lists the user's group memberships."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: memberOf"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_authorized_service (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"use the presence of the authorizedService attribute in the user's LDAP entry "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"to determine access privilege."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"explicit allow (svc) and finally for allow_all (*)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: authorizedService"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "ldap_user_authorized_host (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"presence of the host attribute in the user's LDAP entry to determine access "
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"An explicit deny (!host) is resolved first. Second, SSSD searches for "
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"explicit allow (host) and finally for allow_all (*)."
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#| msgid "Default: 3"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "Default: host"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgstr "Standaard: 3"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "ldap_group_object_class (string)"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The object class of a group entry in LDAP."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: posixGroup"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_group_name (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the group name."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_group_gid_number (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the group's id."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_group_member (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that contains the names of the group's members."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_group_uuid (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallaghermsgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_group_modify_timestamp (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_group_nesting_level (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If ldap_schema is set to a schema format that supports nested groups (e.g. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"RFC2307bis), then this option controls how many levels of nesting SSSD will "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"follow. This option has no effect on the RFC2307 schema."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 2"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_netgroup_object_class (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The object class of a netgroup entry in LDAP."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: nisNetgroup"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_netgroup_name (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the netgroup name."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_netgroup_member (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that contains the names of the netgroup's members."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: memberNisNetgroup"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_netgroup_triple (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The LDAP attribute that contains the (host, user, domain) netgroup triples."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: nisNetgroupTriple"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_netgroup_uuid (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_netgroup_modify_timestamp (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_search_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the timeout (in seconds) that ldap searches are allowed to run "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"before they are cancelled and cached results are returned (and offline mode "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Note: this option is subject to change in future versions of the SSSD. It "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"will likely be replaced at some point by a series of timeouts for specific "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"lookup types."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:795 sssd-ldap.5.xml:837 sssd-ldap.5.xml:852
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 6"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_enumeration_search_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the timeout (in seconds) that ldap searches for user and group "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"enumerations are allowed to run before they are cancelled and cached results "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"are returned (and offline mode is entered)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 60"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_network_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the timeout (in seconds) after which the <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> following a <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> returns in case of no activity."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_opt_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"will abort if no response is received. Also controls the timeout when "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"communicating with the KDC in case of SASL bind."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#| msgid "debug_level (integer)"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "ldap_page_size (integer)"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgstr "debug_level (numeriek)"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"Specify the number of records to retrieve from LDAP in a single request. "
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"Some LDAP servers enforce a maximum limit per-request."
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#| msgid "Default: 120"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "Default: 1000"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgstr "Standaard: 120"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_tls_reqcert (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Specifies what checks to perform on server certificates in a TLS session, if "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"any. It can be specified as one of the following values:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<emphasis>never</emphasis> = The client will not request or check any server "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>allow</emphasis> = The server certificate is requested. If no "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"certificate is provided, the session proceeds normally. If a bad certificate "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"is provided, it will be ignored and the session proceeds normally."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>try</emphasis> = The server certificate is requested. If no "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"certificate is provided, the session proceeds normally. If a bad certificate "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"is provided, the session is immediately terminated."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>demand</emphasis> = The server certificate is requested. If no "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"certificate is provided, or a bad certificate is provided, the session is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"immediately terminated."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: hard"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_tls_cacert (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the file that contains certificates for all of the Certificate "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Authorities that <command>sssd</command> will recognize."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:922 sssd-ldap.5.xml:940 sssd-ldap.5.xml:981
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"conf</filename>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_tls_cacertdir (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the path of a directory that contains Certificate Authority "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"certificates in separate individual files. Typically the file names need to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"be the hash of the certificate followed by '.0'. If available, "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>cacertdir_rehash</command> can be used to create the correct names."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_tls_cert (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Specifies the file that contains the certificate for the client's key."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:954 sssd-ldap.5.xml:966 sssd-ldap.5.xml:1395
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:356
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: not set"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_tls_key (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Specifies the file that contains the client's key."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_tls_cipher_suite (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies acceptable cipher suites. Typically this is a colon sperated "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<manvolnum>5</manvolnum></citerefentry> for format."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_id_use_start_tls (boolean)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Specifies that the id_provider connection must also use <systemitem class="
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"\"protocol\">tls</systemitem> to protect the channel."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_sasl_mech (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1136
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: none"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_sasl_authid (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specify the SASL authorization id to use. When GSSAPI is used, this "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"represents the Kerberos principal used for authentication to the directory."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: host/machine.fqdn@REALM"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_krb5_keytab (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Specify the keytab to use when using SASL/GSSAPI."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_krb5_init_creds (boolean)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Specifies that the id_provider should init Kerberos credentials (TGT). This "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"action is performed only if SASL is used and the mechanism selected is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_krb5_ticket_lifetime (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 86400 (24 hours)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_server (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the list of IP addresses or hostnames of the Kerberos servers to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"which SSSD should connect in the order of preference. For more information "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"An optional port number (preceded by a colon) may be appended to the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"addresses or hostnames. If empty, service discovery is enabled - for more "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"When using service discovery for KDC or kpasswd servers, SSSD first searches "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"none are found."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"While the legacy name is recognized for the time being, users are advised to "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"migrate their config files to use <quote>krb5_server</quote> instead."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:1097 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_realm (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_pwd_policy (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Select the policy to evaluate the password expiration on the client side. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The following values are allowed:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>none</emphasis> - No evaluation on the client side. This option "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"cannot disable server-side password policies."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"evaluate if the password has expired. Note that the current version of sssd "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"cannot update this attribute during a password change."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"to determine if the password has expired. Use chpass_provider=krb5 to update "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"these attributes when the password is changed."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_referrals (boolean)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Specifies whether automatic referral chasing should be enabled."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that sssd only supports referral chasing when it is compiled "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"with OpenLDAP version 2.4.13 or higher."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_dns_service_name (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Specifies the service name to use when service discovery is enabled."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: ldap"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_chpass_dns_service_name (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the service name to use to find an LDAP server which allows "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"password changes when service discovery is enabled."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: not set, i.e. service discovery is disabled"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_access_filter (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If using access_provider = ldap, this option is mandatory. It specifies an "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"LDAP search filter criteria that must be met for the user to be granted "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"access on this host. If access_provider = ldap and this option is not set, "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"it will result in all users being denied access. Use access_provider = allow "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"to change this default behavior."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:1200 sssd-ldap.5.xml:1398
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Example:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"access_provider = ldap\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This example means that access to this host is restricted to members of the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"\"allowedusers\" group in ldap."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Offline caching for this feature is limited to determining whether the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"user's last online login was granted access permission. If they were granted "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"access during their last login, they will continue to be granted access "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"while offline and vice-versa."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:1220 sssd-ldap.5.xml:1261
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: Empty"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_account_expire_policy (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"With this option a client side evaluation of access control attributes can "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Please note that it is always recommended to use server side access control, "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"i.e. the LDAP server should deny the bind request with a suitable error code "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"even if the password is correct."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The following values are allowed:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"determine if the account is expired."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>ad</emphasis>: use the value of the 32bit field "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"ldap_user_ad_user_account_control and allow access if the second bit is not "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"set. If the attribute is missing access is granted. Also the expiration time "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"of the account is checked."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"emphasis>: use the value of ldap_ns_account_lock to check if access is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"allowed or not."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_access_order (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Comma separated list of access control options. Allowed values are:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>filter</emphasis>: use ldap_access_filter"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"to determine access"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "<emphasis>host</emphasis>: use the host attribute to determine access"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: filter"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that it is a configuration error if a value is used more than "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_deref (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies how alias dereferencing is done when performing a search. The "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"following options are allowed:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the base object, but not in locating the base object of the search."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the base object of the search."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"in locating the base object of the search."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"client libraries)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"All of the common configuration options that apply to SSSD domains also "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> manual page for full details. <placeholder type="
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"\"variablelist\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ADVANCED OPTIONS"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_netgroup_search_base (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"An optional base DN to restrict netgroup searches to a specific subtree."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:1353 sssd-ldap.5.xml:1367 sssd-ldap.5.xml:1381
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_search_base (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "An optional base DN to restrict user searches to a specific subtree."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_group_search_base (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "An optional base DN to restrict group searches to a specific subtree."
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "ldap_user_search_filter (string)"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"This option specifies an additional LDAP search filter criteria that "
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"restrict user searches."
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"This filter would restrict user searches to users that have their shell set "
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "ldap_group_search_filter (string)"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"This option specifies an additional LDAP search filter criteria that "
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"restrict group searches."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"These options are supported by LDAP domains, but they should be used with "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"caution. Please include them in your configuration only if you know what you "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"are doing. <placeholder type=\"variablelist\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The following example assumes that SSSD is correctly configured and LDAP is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"set to one of the domains in the <replaceable>[domains]</replaceable> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" id_provider = ldap\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" auth_provider = ldap\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" ldap_uri = ldap://ldap.mydomain.org\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" ldap_search_base = dc=mydomain,dc=org\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" ldap_tls_reqcert = demand\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" cache_credentials = true\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" enumerate = true\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:1439 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<placeholder type=\"programlisting\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#: sssd-ldap.5.xml:1453 sssd_krb5_locator_plugin.8.xml:61
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The descriptions of some of the configuration options in this manual page "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"distribution."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refentryinfo>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "pam_sss"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "PAM module for SSSD"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>forward_pass</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>pam_sss.so</command> is the PAM interface to the System Security "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Services daemon (SSSD). Errors and results are logged through <command>syslog"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"(3)</command> with the LOG_AUTHPRIV facility."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>forward_pass</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If <option>forward_pass</option> is set the entered password is put on the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"stack for other PAM modules to use."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>use_first_pass</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The argument use_first_pass forces the module to use a previous stacked "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"modules password and will never prompt the user - if no password is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"available or the password is not appropriate, the user will be denied access."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>use_authtok</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"When password changing enforce the module to set the new password to the one "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"provided by a previously stacked password module."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>retry=N</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If specified the user is asked another N times for a password if "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"authentication fails. Default is 0."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that this option might not work as expected if the application "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"calling PAM handles the user dialog on its own. A typical example is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sshd</command> with <option>PasswordAuthentication</option>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "MODULE TYPES PROVIDED"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"All module types (<option>account</option>, <option>auth</option>, "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<option>password</option> and <option>session</option>) are provided."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If a password reset by root fails, because the corresponding SSSD provider "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"does not support password resets, an individual message can be displayed. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This message can e.g. contain instructions about how to reset a password."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"filename> where LOC stands for a locale string returned by <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>. If there is no matching file the content of "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"the owner of the files and only root may have read and write permissions "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"while all other users must have only read permisssions."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"These files are searched in the directory <filename>/etc/sssd/customize/"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sssd_krb5_locator_plugin"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"libraries what Realm and which KDC to use. Typically this is done in "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"To simplyfy the configuration the Realm and the KDC can be defined in "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> as described in <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"</citerefentry> puts the Realm and the name or IP address of the KDC into "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"libraries it reads and evaluates these variable and returns them to the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Not all Kerberos implementations support the use of plugins. If "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sssd_krb5_locator_plugin</command> is not available on your system "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"debug messages will be sent to stderr."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sssd-simple"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "the configuration file for SSSD's 'simple' access-control provider"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This manual page describes the configuration of the simple access-control "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> manual page."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The simple access provider grants or denies access based on an access or "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"deny list of user or group names. The following rules apply:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "If all lists are empty, access is granted"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If any list is provided, the order of evaluation is allow,deny. This means "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"that any matching deny rule will supersede any matched allow rule."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If either or both \"allow\" lists are provided, all users are denied unless "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"they appear in the list."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If only \"deny\" lists are provided, all users are granted access unless "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"they appear in the list."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "simple_allow_users (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Comma separated list of users who are allowed to log in."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "simple_deny_users (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Comma separated list of users who are explicitly denied access."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "simple_allow_groups (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Comma separated list of groups that are allowed to log in. This applies only "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"to groups within this SSSD domain. Local groups are not evaluated."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "simple_deny_groups (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Comma separated list of groups that are explicitly denied access. This "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"applies only to groups within this SSSD domain. Local groups are not "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> manual page for details on the configuration of an SSSD "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that it is an configuration error if both, simple_allow_users "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"and simple_deny_users, are defined."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The following example assumes that SSSD is correctly configured and example."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"This examples shows only the simple access provider-specific options."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" access_provider = simple\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" simple_allow_users = user1, user2\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sssd-ipa"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This manual page describes the configuration of the IPA provider for "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The IPA provider is a back end used to connect to an IPA server. (Refer to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the freeipa.org web site for information about IPA servers.) This provider "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"requires that the machine be joined to the IPA domain; configuration is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"almost entirely self-discovered and obtained directly from the server."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The IPA provider accepts the same options used by the <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"provider. However, it is neither necessary nor recommended to set these "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"options. IPA provider can also be used as an access and chpass provider. As "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"an access provider it uses HBAC (host-based access control) rules. Please "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refer to freeipa.org for more information about HBAC. No configuration of "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"access provider is required on the client side."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipa_domain (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the name of the IPA domain. This is optional. If not provided, "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the configuration domain name is used."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipa_server (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The list of IP addresses or hostnames of the IPA servers to which SSSD "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"should connect in the order of preference. For more information on failover "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"and server redundancy, see the <quote>FAILOVER</quote> section. This is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"optional if autodiscovery is enabled. For more information on service "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipa_hostname (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Optional. May be set on machines where the hostname(5) does not reflect the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"fully qualified name used in the IPA domain to identify this host."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipa_dyndns_update (boolean)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Optional. This option tells SSSD to automatically update the DNS server "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"built into FreeIPA v2 with the IP address of this client."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipa_dyndns_iface (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"interface whose IP address should be used for dynamic DNS updates."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: Use the IP address of the IPA LDAP connection"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipa_hbac_search_base (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallaghermsgid "Optional. Use the given string as search base for HBAC related objects."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: Use base DN"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_validate (boolean)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Verify with the help of krb5_keytab that the TGT obtained has not been "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Note that this default differs from the traditional Kerberos provider back "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The name of the Kerberos realm. This is optional and defaults to the value "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"of <quote>ipa_domain</quote>."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The name of the Kerberos realm has a special meaning in IPA - it is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"converted into the base DN to use for performing LDAP operations."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The following example assumes that SSSD is correctly configured and example."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"This examples shows only the ipa provider-specific options."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" id_provider = ipa\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" ipa_hostname = myhost.example.com\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sssd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "System Security Services Daemon"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>SSSD</command> provides a set of daemons to manage access to remote "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"directories and authentication mechanisms. It provides an NSS and PAM "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"interface toward the system and a pluggable backend system to connect to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"multiple different account sources as well as D-Bus interface. It is also "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the basis to provide client auditing and policy services for projects like "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"FreeIPA. It provides a more robust database to store local users as well as "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"extended user data."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Debug level to run the daemon with. 0 is the default as well as the lowest "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"allowed value, 10 is the most verbose mode. This setting overrides the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"settings from config file. This parameter implies <option>-i</option>."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-f</option>,<option>--debug-to-files</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Send the debug output to files instead of stderr. By default, the log files "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"are stored in <filename>/var/log/sssd</filename> and there are separate log "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"files for every SSSD service and domain."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-D</option>,<option>--daemon</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Become a daemon after starting up."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-i</option>,<option>--interactive</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Run in the foreground, don't become a daemon."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-c</option>,<option>--config</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"conf</filename>. For reference on the config file syntax and options, "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<manvolnum>5</manvolnum> </citerefentry> manual page."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Signals"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Informs the SSSD to gracefully terminate all of its child processes and then "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"shut down the monitor."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Tells the SSSD to stop writing to its current debug file descriptors and to "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"close and reopen them. This is meant to facilitate log rolling with programs "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"like logrotate."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "SIGUSR1"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Tells the SSSD to simulate offline operation for one minute. This is mostly "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"useful for testing purposes."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "SIGUSR2"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Tells the SSSD to go online immediately. This is mostly useful for testing "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_obfuscate"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "obfuscate a clear text password"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable></arg>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_obfuscate</command> converts a given password into human-"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"unreadable format and places it into appropriate domain section of the SSSD "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The cleartext password is read from standard input or entered "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"interactively. The obfuscated password is put into "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<quote>ldap_default_authtok_type</quote> parameter is set to "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> for more details on these parameters."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that obfuscating the password provides <emphasis>no real "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"security benefit</emphasis> as it is still possible for an attacker to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"reverse-engineer the password back. Using better authentication mechanisms "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-s</option>,<option>--stdin</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The password to obfuscate will be read from standard input."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The SSSD domain to use the password in. The default name is <quote>default</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Read the config file specified by the positional parameter."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_useradd"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "create a new user"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_useradd</command> creates a new user account using the values "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"specified on the command line plus the default values from the system."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"not given, it is chosen automatically."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Any text string describing the user. Often used as the field for the user's "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The home directory of the user account. The default is to append the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"that as the home directory. The base that is prepended before "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"baseDirectory</quote> setting in sssd.conf."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The user's login shell. The default is currently <filename>/bin/bash</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"filename>. The default can be changed with <quote>user_defaults/"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"defaultShell</quote> setting in sssd.conf."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "A list of existing groups this user is also a member of."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-m</option>,<option>--create-home</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Create the user's home directory if it does not exist. The files and "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"directories contained in the skeleton directory (which can be defined with "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the -k option or in the config file) will be copied to the home directory."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-M</option>,<option>--no-create-home</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Do not create the user's home directory. Overrides configuration settings."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The skeleton directory, which contains files and directories to be copied in "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"the user's home directory, when the home directory is created by "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_useradd</command>."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This option is only valid if the <option>-m</option> (or <option>--create-"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"home</option>) option is specified, or creation of home directories is set "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"to TRUE in the configuration."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<option>-Z</option>,<option>--selinux-user</option> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<replaceable>SELINUX_USER</replaceable>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The SELinux user for the user's login. If not specified, the system default "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"will be used."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sssd-krb5"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This manual page describes the configuration of the Kerberos 5 "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"authentication backend for <citerefentry> <refentrytitle>sssd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> manual page"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The Kerberos 5 authentication backend contains auth and chpass providers. It "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"must be paired with identity provider in order to function properly (for "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"example, id_provider = ldap). Some information required by the Kerberos 5 "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"authentication backend must be provided by the identity provider, such as "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the user's Kerberos Principal Name (UPN). The configuration of the identity "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"provider should have an entry to specify the UPN. Please refer to the man "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"page for the applicable identity provider for details on how to configure "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This backend also provides access control based on the .k5login file in the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Please note that an empty .k5login file will deny all access to this user. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"To activate this feature use 'access_provider = krb5' in your sssd "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"configuration."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"In the case where the UPN is not available in the identity backend "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sssd</command> will construct a UPN using the format "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The name of the Kerberos realm. This option is required and must be "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_kpasswd (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"If the change password service is not running on the KDC alternative servers "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"can be defined here. An optional port number (preceded by a colon) may be "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"appended to the addresses or hostnames."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"For more information on failover and server redundancy, see the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<quote>FAILOVER</quote> section. Please note that even if there are no more "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"kpasswd servers to try the back end is not switch to offline if "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"authentication against the KDC is still possible."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: Use the KDC"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_ccachedir (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Directory to store credential caches. All the substitution sequences of "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"krb5_ccname_template can be used here, too, except %d and %P. If the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"directory does not exist it will be created. If %u, %U, %p or %h are used a "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"private directory belonging to the user is created. Otherwise a public "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> for details) is created."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: /tmp"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_ccname_template (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "login name"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "login UID"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "principal name"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "realm name"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "home directory"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "value of krb5ccache_dir"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "the process ID of the sssd client"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "a literal '%'"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Location of the user's credential cache. Currently only file based "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"credential caches are supported. In the template the following sequences are "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_auth_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Timeout in seconds after an online authentication or change password request "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"is aborted. If possible the authentication request is continued offline."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_keytab (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The location of the keytab to use when validating credentials obtained from "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_store_password_if_offline (boolean)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Store the password of the user if the provider is offline and use it to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"request a TGT when the provider gets online again."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that this feature currently only available on a Linux platform."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_renewable_lifetime (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Request a renewable ticket with a total lifetime given by an integer "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"immediately followed by one of the following delimiters:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>s</emphasis> seconds"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>m</emphasis> minutes"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>h</emphasis> hours"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>d</emphasis> days."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that it is not possible to mix units. If you want to set the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"renewable lifetime to one and a half hours please use '90m' instead of "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: not set, i.e. the TGT is not renewable"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_lifetime (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Request ticket with a with a lifetime given by an integer immediately "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"followed by one of the following delimiters:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that it is not possible to mix units. If you want to set the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"lifetime to one and a half hours please use '90m' instead of '1h30m'."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Default: not set, i.e. the default ticket lifetime configured on the KDC."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_renew_interval (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The time in seconds between two checks if the TGT should be renewed. TGTs "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"are renewed if about half of their lifetime is exceeded."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "If this option is not set or 0 the automatic renewal is disabled."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_use_fast (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"authentication. The following options are supported:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"option at all."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"continue without."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: not set, i.e. FAST is not used."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Please note that a keytab is required to use fast."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"and above. If sssd used used with an older version using this option is a "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"configuration error."
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#| msgid "re_expression (string)"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "krb5_fast_principal (string)"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgstr "re_expression (tekst)"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "Specifies the server principal to use for FAST."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"If the auth-module krb5 is used in a SSSD domain, the following options must "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"SECTIONS</quote> for details on the configuration of a SSSD domain. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<placeholder type=\"variablelist\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The following example assumes that SSSD is correctly configured and FOO is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"example shows only configuration of Kerberos authentication, it does not "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"include any identity provider."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" auth_provider = krb5\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" krb5_server = 192.168.1.1\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" krb5_realm = EXAMPLE.COM\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_groupadd"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "create a new group"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_groupadd</command> creates a new group. These groups are "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"compatible with POSIX groups, with the additional feature that they can "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"contain other groups as members."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Set the GID of the group to the value of <replaceable>GID</replaceable>. If "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"not given, it is chosen automatically."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_userdel"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "delete a user account"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_userdel</command> deletes a user identified by login name "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<replaceable>LOGIN</replaceable> from the system."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-r</option>,<option>--remove</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Files in the user's home directory will be removed along with the home "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"directory itself and the user's mail spool. Overrides the configuration."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-R</option>,<option>--no-remove</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Files in the user's home directory will NOT be removed along with the home "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"directory itself and the user's mail spool. Overrides the configuration."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-f</option>,<option>--force</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This option forces <command>sss_userdel</command> to remove the user's home "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"directory and mail spool, even if they are not owned by the specified user."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-k</option>,<option>--kick</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Before actually deleting the user, terminate all his processes."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_groupdel"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "delete a group"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_groupdel</command> deletes a group identified by its name "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<replaceable>GROUP</replaceable> from the system."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_groupshow"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "print properties of a group"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_groupshow</command> displays information about a group "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"identified by its name <replaceable>GROUP</replaceable>. The information "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"includes the group ID number, members of the group and the parent group."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-R</option>,<option>--recursive</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Also print indirect group members in a tree-like hierarchy. Note that this "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"also affects printing parent groups - without <option>R</option>, only the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"direct parent will be printed."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_usermod"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "modify a user account"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_usermod</command> modifies the account specified by "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"on the command line."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The home directory of the user account."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The user's login shell."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Append this user to groups specified by the <replaceable>GROUPS</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"a comma separated list of group names."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Remove this user from groups specified by the <replaceable>GROUPS</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> parameter."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-l</option>,<option>--lock</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Lock the user account. The user won't be able to log in."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-u</option>,<option>--unlock</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Unlock the user account."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The SELinux user for the user's login."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "SERVICE DISCOVERY"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The service discovery feature allows back ends to automatically find the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"appropriate servers to connect to using a special DNS query."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Configuration"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If no servers are specified, the back end automatically uses service "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"discovery to try to find a server. Optionally, the user may choose to use "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"both fixed server addresses and service discovery by inserting a special "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"preference is maintained. This feature is useful if, for example, the user "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"prefers to use service discovery whenever possible, and fall back to a "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"specific server when no servers can be discovered using DNS."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The domain name"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> manual page for more details."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The protocol"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The queries usually specify _tcp as the protocol. Exceptions are documented "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"in respective option description."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "See Also"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"For more information on the service discovery mechanism, refer to RFC 2782."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: outside any tag (error?)
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "FAILOVER"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The failover feature allows back ends to automatically switch to a different "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"server if the primary server fails."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Failover Syntax"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The list of servers is given as a comma-separated list; any number of spaces "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"is allowed around the comma. The servers are listed in order of preference. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The list can contain any number of servers."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The Failover Mechanism"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The failover mechanism distinguishes between a machine and a service. The "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"back end first tries to resolve the hostname of a given machine; if this "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"resolution attempt fails, the machine is considered offline. No further "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"attempts are made to connect to this machine for any other service. If the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"resolution attempt succeeds, the back end tries to connect to a service on "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"this machine. If the service connection attempt fails, then only this "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"particular service is considered offline and the back end automatically "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"switches over to the next service. The machine is still considered online "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"and might still be tried for another service."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Further connection attempts are made to machines or services marked as "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"offline after a specified period of time; this is currently hard coded to 30 "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If there are no more machines to try, the back end as a whole switches to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"offline mode, and then attempts to reconnect every 30 seconds."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-h</option>,<option>--help</option>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Display help message and exit."