nl.po revision e59e09b5010f262228bbdeb92a79b733bf5854b3
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher# SOME DESCRIPTIVE TITLE
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher# Copyright (C) YEAR Red Hat
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher# This file is distributed under the same license as the sssd-docs package.
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher# Wijnand Modderman-Lenstra <accounts-transifex@maze.io>, 2011.
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Project-Id-Version: SSSD\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"POT-Creation-Date: 2012-05-11 14:59-0300\n"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"PO-Revision-Date: 2012-04-20 17:34+0000\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Language-Team: Dutch (http://www.transifex.net/projects/p/fedora/language/"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Language: nl\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"MIME-Version: 1.0\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Content-Type: text/plain; charset=UTF-8\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Content-Transfer-Encoding: 8bit\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Plural-Forms: nplurals=2; plural=(n != 1)\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_debuglevel.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "SSSD Manual pages"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "SSSD handleiding"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_groupmod"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "sss_groupmod"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refmeta><manvolnum>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "modify a group"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "muteer een groep"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>opties</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROEP</replaceable></"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_ssh_authorizedkeys.1.xml:30
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "DESCRIPTION"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "OMSCHRIJVING"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_groupmod</command> modifies the group to reflect the changes "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"that are specified on the command line."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_groupmod</command> muteert de groep en maakt de aanpassingen "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"die via de opdrachtregel ingegeven zijn."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_ssh_authorizedkeys.1.xml:78
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "OPTIONS"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "OPTIES"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Append this group to groups specified by the <replaceable>GROUPS</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"a comma separated list of group names."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Voeg deze groep toe aan de groepen opgegeven met de <replaceable>GROEPEN</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> parameter. De <replaceable>GROEPEN</replaceable> parameter is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"een kommagescheiden lijst van groepnamen."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Remove this group from groups specified by the <replaceable>GROUPS</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> parameter."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Verwijder deze groep uit de groepen opgegeven in de <replaceable>GROEPEN</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> parameter."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "SEE ALSO"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "ZIE OOK"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refmeta><manvolnum>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "File Formats and Conventions"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Bestandsformaten en conventies"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "the configuration file for SSSD"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "het configuratiebestand voor SSSD"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "FILE FORMAT"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "BESTANDSFORMAAT"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" <replaceable>[section]</replaceable>\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" <replaceable>[sectie]</replaceable>\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" <replaceable>sleutel</replaceable> = <replaceable>waarde</replaceable>\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" <replaceable>sleutel2</replaceable> = <replaceable>waarde2,waarde3</replaceable>\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The file has an ini-style syntax and consists of sections and parameters. A "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"section begins with the name of the section in square brackets and continues "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"until the next section begins. An example of section with single and multi-"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Het bestand heeft een ini-stijl syntaxis en bestaat uit secties en "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"parameters. Een sectie begint met de naam van de sectie in rechte haken en "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"gaat verder totdat de volgende sectie begint. Een voorbeeld van een sectie "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"met een enkele en een meervoudige parameter: <placeholder type="
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"\"programlisting\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The data types used are string (no quotes needed), integer and bool (with "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"values of <quote>TRUE/FALSE</quote>)."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"De datatypes gebruikt zijn tekst (geen quotes vereisd), numeriek en "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"booleaans (met de waardes <quote>TRUE/FALSE</quote>)."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"(<quote>;</quote>)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Een regel met kommentaar begint met een hekje (<quote>#</quote>) of een "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"puntkomma (<quote>;</quote>)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"All sections can have an optional <replaceable>description</replaceable> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"parameter. Its function is only as a label for the section."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Alle secties kunnen een optionele <replaceable>description</replaceable> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"parameter bevatten. Dit fungeert slechts als label voor de sectie."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<filename>sssd.conf</filename> must be a regular file, owned by root and "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"only root may read from or write to the file."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<filename>sssd.conf</filename> moet een standaardbestand zijn, de eigenaar "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"moet root zijn en alleen root mag hem lezen en schrijven."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "SPECIAL SECTIONS"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "SPECIALE SECTIES"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The [sssd] section"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "De [sssd] sectie"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Section parameters"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Sectie parameters"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "config_file_version (integer)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "config_file_version (numeriek)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Geeft aan welke syntaxis de configuratie gebruikt. SSSD 0.6.0 en hoger "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"gebruiken versie 2."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "services"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "diensten"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Comma separated list of services that are started when sssd itself starts."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Kommagescheiden lijst van diensten die gestart worden als sssd zelf start."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"\"with_ssh\">, ssh</phrase>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "reconnection_retries (integer)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "reconnection_retries (numeriek)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Number of times services should attempt to reconnect in the event of a Data "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Provider crash or restart before they give up"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Aantal keer dat de service moet proberen om opnieuw te verbinden indien een "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 3"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Standaard: 3"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "domains"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "domeinen"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"A domain is a database containing user information. SSSD can use more "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"domains at the same time, but at least one must be configured or SSSD won't "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"start. This parameter described the list of domains in the order you want "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"them to be queried."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Een domein is een databank met gebruikersinformatie. SSSD kan meerdere "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"domeinen tegelijkertijd gebruiken, maar er moet op zijn minst één domein "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"geconfigureerd zijn, anders start SSSD niet. Deze parameter omschrijft de "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"lijst van domeinen in de volgorde die SSSD ze moet aflopen."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "re_expression (string)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "re_expression (tekst)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Regular expression that describes how to parse the string containing user "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"name and domain into these components."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Reguliere expressie die omschrijft hoe de tekst die de gebruikers- en "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"domeinnaam verwerkt moeten worden."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"which translates to \"the name is everything up to the <quote>@</quote> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"sign, the domain everything after that\""
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Standaard: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"wat zich vertaalt tot \"de gebruikersnaam is alles tot <quote>@</quote> , "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"het domein alles daarna\""
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"PLEASE NOTE: the support for non-unique named subpatterns is not available "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"version 7 or higher can support non-unique named subpatterns."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"P<name>) to label subpatterns."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"MER OOK OP: oudere versies van libpcre ondersteunen alleen de Pyton syntaxis "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"(?P<name>) om subpatronen aan te geven."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "full_name_format (string)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "full_name_format (tekst)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>-compatible format that describes how to translate "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"a (name, domain) tuple into a fully qualified name."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Een <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>-compatibel formaat wat omschrijft hoe een tuple "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"(met name, domain) vertaald wordt in een full qualified name."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: <quote>%1$s@%2$s</quote>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Standaard: <quote>%1$s@%2$s</quote>."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "try_inotify (boolean)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "try_inotify (bool)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"SSSD monitors the state of resolv.conf to identify when it needs to update "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"its internal DNS resolver. By default, we will attempt to use inotify for "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"this, and will fall back to polling resolv.conf every five seconds if "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"inotify cannot be used."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"SSSD houdt de stat van resolv.conf in de gaten om te zien wanneer de interne "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"DNS-resolver bijgewerkt moet worden. Standaard wordt er geprobeerd om "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"inotify te gebruiken en er wordt teruggevallen op iedere vijf seconden "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"There are some limited situations where it is preferred that we should skip "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"even trying to use inotify. In these rare cases, this option should be set "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Er zijn een aantal situaties waarin het de voorkeur heeft dat we het gebruik "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"van inotify uitschakelen. In deze zeldzame gevallen kan de optie op 'false' "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Default: true on platforms where inotify is supported. False on other "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Standaard: true op systemen waar inotify is ondersteund. False op andere "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Note: this option will have no effect on platforms where inotify is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"unavailable. On these platforms, polling will always be used."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Merk op: deze optie heeft geen effect op systemen waar inotify niet "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"beschikbaar is. Op deze systemen wordt altijd periodiek gekeken naar resolv."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_rcache_dir (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Directory on the filesystem where SSSD should store Kerberos replay cache "
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"Map in het bestandssysteem waarin SSSD Kerberos replay cache bestanden moet "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"SSSD to let libkrb5 decide the appropriate location for the replay cache."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: Distribution-specific and specified at build-time. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"(__LIBKRB5_DEFAULTS__ if not configured)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| msgid "enum_cache_timeout (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "force_timeout (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "enum_cache_timeout (numeriek)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"If a service is not responding to ping checks (see the <quote>timeout</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"quote> option), it is first sent the SIGTERM signal that instructs it to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"quit gracefully. If the service does not terminate after "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"by sending a SIGKILL signal."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: 60"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Individual pieces of SSSD functionality are provided by special SSSD "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"services that are started and stopped together with SSSD. The services are "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"managed by a special service frequently called <quote>monitor</quote>. The "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>[sssd]</quote> section is used to configure the monitor as well as "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"some other important options like the identity domains. <placeholder type="
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"\"variablelist\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "SERVICES SECTIONS"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "SERVICES SECTIE"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Settings that can be used to configure different services are described in "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"section, for example, for NSS service, the section would be <quote>[nss]</"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "General service configuration options"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Algemene service configuratie-opties"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "These options can be used to configure any service."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Deze opties kunnen gebruikt worden om services te configureren."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "debug_level (integer)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "debug_level (numeriek)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "debug_timestamps (bool)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "debug_timestamps (bool)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Add a timestamp to the debug messages"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Voeg een tijdstempel toe aan de debugberichten"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: true"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Standaard: true"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "debug_microseconds (bool)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Add microseconds to the timestamp in debug messages"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: false"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Timeout in seconds between heartbeats for this service. This is used to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ensure that the process is alive and capable of answering requests."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: 10"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "fd_limit"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"This option specifies the maximum number of file descriptors that may be "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"opened at one time by this SSSD process. On systems where SSSD is granted "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"systems without this capability, the resulting value will be the lower value "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"of this or the limits.conf \"hard\" limit."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: 8192 (or limits.conf \"hard\" limit)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "NSS configuration options"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "NSS configuratie-opties"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"These options can be used to configure the Name Service Switch (NSS) service."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Deze opties kunnen worden gebruikt om de Name Serice Switch (NSS) service te "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "enum_cache_timeout (integer)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "enum_cache_timeout (numeriek)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"How many seconds should nss_sss cache enumerations (requests for info about "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"over alle gebruikers)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 120"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "Standaard: 120"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "entry_cache_nowait_percentage (integer)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "entry_cache_nowait_percentage (numeriek)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The entry cache can be set to automatically update entries in the background "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"if they are requested beyond a percentage of the entry_cache_timeout value "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"for the domain."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"For example, if the domain's entry_cache_timeout is set to 30s and "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"after 15 seconds past the last cache update will be returned immediately, "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"but the SSSD will go and update the cache on its own, so that future "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"requests will not need to block waiting for a cache update."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Valid values for this option are 0-99 and represent a percentage of the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"entry_cache_timeout for each domain. For performance reasons, this "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"percentage will never reduce the nowait timeout to less than 10 seconds. (0 "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"disables this feature)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 50"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "entry_negative_timeout (integer)"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgstr "entry_negative_timeout (numeriek)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies for how many seconds nss_sss should cache negative cache hits "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"(that is, queries for invalid database entries, like nonexistent ones) "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"before asking the back end again."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 15"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "filter_users, filter_groups (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Exclude certain users from being fetched from the sss NSS database. This is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"particularly useful for system accounts. This option can also be set per-"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"domain or include fully-qualified names to filter only users from the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"particular domain."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: root"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "filter_users_in_groups (bool)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If you want filtered user still be group members set this option to false."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "override_homedir (string)"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "login name"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "UID number"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "domain name"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "fully qualified user name (user@domain)"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "a literal '%'"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"Override the user's home directory. You can either provide an absolute value "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"or a template. In the template, the following sequences are substituted: "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"<placeholder type=\"variablelist\" id=\"0\"/>"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "This option can also be set per-domain."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| msgid "full_name_format (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "fallback_homedir (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "full_name_format (tekst)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Set a default template for a user's home directory if one is not specified "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"explicitly by the domain's data provider."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The available values for this option are the same as for override_homedir."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: not set (no substitution for unset home directories)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "allowed_shells (string)"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"Restrict user shell to one of the listed values. The order of evaluation is:"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"quote>, use the value of the shell_fallback parameter."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"shells</quote>, a nologin shell is used."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "An empty string for shell is passed as-is to libc."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"that a restart of the SSSD is required in case a new shell is installed."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "Default: Not set. The user shell is automatically used."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "vetoed_shells (string)"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "Replace any instance of these shells with the shell_fallback"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "shell_fallback (string)"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"The default shell to use if an allowed shell is not installed on the machine."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "Default: /bin/sh"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "default_shell"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The default shell to use if the provider does not return one during lookup. "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"This option supercedes any other shell options if it takes effect."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Default: not set (Return NULL if no shell is specified and rely on libc to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"substitute something sensible when necessary, usually /bin/sh)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| msgid "entry_negative_timeout (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "get_domains_timeout (int)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "entry_negative_timeout (numeriek)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specifies time in seconds for which the list of subdomains will be "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"considered valid."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "PAM configuration options"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"These options can be used to configure the Pluggable Authentication Module "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"(PAM) service."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "offline_credentials_expiration (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If the authentication provider is offline, how long should we allow cached "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"logins (in days since the last successful online login)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 0 (No limit)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "offline_failed_login_attempts (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If the authentication provider is offline, how many failed login attempts "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "offline_failed_login_delay (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The time in minutes which has to pass after offline_failed_login_attempts "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"has been reached before a new login attempt is possible."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If set to 0 the user cannot authenticate offline if "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"offline_failed_login_attempts has been reached. Only a successful online "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"authentication can enable offline authentication again."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 5"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "pam_verbosity (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Controls what kind of messages are shown to the user during authentication. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The higher the number to more messages are displayed."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Currently sssd supports the following values:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>0</emphasis>: do not show any message"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>1</emphasis>: show only important messages"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>2</emphasis>: show informational messages"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>3</emphasis>: show all messages and debug information"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 1"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "pam_id_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"For any PAM request while SSSD is online, the SSSD will attempt to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"immediately update the cached identity information for the user in order to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"ensure that authentication takes place with the latest information."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"A complete PAM conversation may perform multiple PAM requests, such as "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"account management and session opening. This option controls (on a per-"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"client-application basis) how long (in seconds) we can cache the identity "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"information to avoid excessive round-trips to the identity provider."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "pam_pwd_expiration_warning (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Display a warning N days before the password expires."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that the backend server has to provide information about the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"expiration time of the password. If this information is missing, sssd "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"cannot display a warning."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"If zero is set, then this filter is not applied, i.e. if the expiration "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"warning was received from backend server, it will automatically be displayed."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"emphasis> for a particular domain."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: 0"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "Standaard: 0"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "SUDO configuration options"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "These options can be used to configure the sudo service."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "sudo_cache_timeout (integer)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"For any sudo request that comes while SSSD is online, the SSSD will attempt "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"to update the cached rules in order to ensure that sudo has the latest "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The user may, however, run a couple of sudo commands successively, which "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"would trigger multiple LDAP requests. In order to speed up this use-case, "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the sudo service maintains an in-memory cache that would be used for "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"performing fast replies."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"This option controls how long (in seconds) can the sudo service cache rules "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: 180"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "sudo_timed (bool)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"that implement time-dependent sudoers entries."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "AUTOFS configuration options"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "These options can be used to configure the autofs service."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "autofs_negative_timeout (integer)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Specifies for how many seconds should the autofs responder negative cache "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"hits (that is, queries for invalid map entries, like nonexistent ones) "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"before asking the back end again."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| msgid "NSS configuration options"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "SSH configuration options"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "NSS configuratie-opties"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| msgid "These options can be used to configure any service."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "These options can be used to configure the SSH service."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "Deze opties kunnen gebruikt worden om services te configureren."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ssh_hash_known_hosts (bool)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Whether or not to hash host names and adresses in the managed known_hosts "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "DOMAIN SECTIONS"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "min_id,max_id (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"UID and GID limits for the domain. If a domain contains an entry that is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"outside these limits, it is ignored."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"For users, this affects the primary GID limit. The user will not be returned "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"to NSS if either the UID or the primary GID is outside the range. For non-"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"primary group memberships, those that are in range will be reported as "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 1 for min_id, 0 (no limit) for max_id"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "enumerate (bool)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Determines if a domain can be enumerated. This parameter can have one of the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"following values:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "TRUE = Users and groups are enumerated"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "FALSE = No enumerations for this domain"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: FALSE"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Note: Enabling enumeration has a moderate performance impact on SSSD while "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"enumeration is running. It may take up to several minutes after SSSD startup "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"to fully complete enumerations. During this time, individual requests for "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"information will go directly to LDAP, though it may be slow, due to the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"heavy enumeration processing."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"While the first enumeration is running, requests for the complete user or "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"group lists may return no results until it completes."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Further, enabling enumeration may increase the time necessary to detect "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"network disconnection, as longer timeouts are required to ensure that "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"enumeration lookups are completed successfully. For more information, refer "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"to the man pages for the specific id_provider in use."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "entry_cache_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"How many seconds should nss_sss consider entries valid before asking the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"backend again"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 5400"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "entry_cache_user_timeout (integer)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"How many seconds should nss_sss consider user entries valid before asking "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the backend again"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: entry_cache_timeout"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "entry_cache_group_timeout (integer)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"How many seconds should nss_sss consider group entries valid before asking "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the backend again"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "entry_cache_netgroup_timeout (integer)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"How many seconds should nss_sss consider netgroup entries valid before "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"asking the backend again"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "entry_cache_service_timeout (integer)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"How many seconds should nss_sss consider service entries valid before asking "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the backend again"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "cache_credentials (bool)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Determines if user credentials are also cached in the local LDB cache"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "User credentials are stored in a SHA512 hash, not in plaintext"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "account_cache_expiration (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Number of days entries are left in cache after last successful login before "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"being removed during a cleanup of the cache. 0 means keep forever. The "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"value of this parameter must be greater than or equal to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"offline_credentials_expiration."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 0 (unlimited)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "pwd_expiration_warning (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Please note that the backend server has to provide information about the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"expiration time of the password. If this information is missing, sssd "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"cannot display a warning. Also an auth provider has to be configured for the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: 7 (Kerberos), 0 (LDAP)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "id_provider (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The Data Provider identity backend to use for this domain."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Supported backends:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "proxy: Support a legacy NSS provider"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "local: SSSD internal local provider"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap: LDAP provider"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "use_fully_qualified_names (bool)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Use the full name and domain (as formatted by the domain's full_name_format) "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"as the user's login name reported to NSS."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If set to TRUE, all requests to this domain must use fully qualified names. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"For example, if used in LOCAL domain that contains a \"test\" user, "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>getent passwd test</command> wouldn't find the user while "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>getent passwd test@LOCAL</command> would."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "auth_provider (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The authentication provider used for the domain. Supported auth providers "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> for more information on configuring LDAP."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> for more information on configuring Kerberos."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>proxy</quote> for relaying authentication to some other PAM target."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<quote>none</quote> disables authentication explicitly."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Default: <quote>id_provider</quote> is used if it is set and can handle "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"authentication requests."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "access_provider (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The access control provider used for the domain. There are two built-in "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"access providers (in addition to any included in installed backends) "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Internal special providers are:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>permit</quote> always allow access. It's the only permitted access "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"provider for a local domain."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<quote>deny</quote> always deny access."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>simple</quote> access control based on access or deny lists. See "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum></citerefentry> for more information on configuring the simple "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"access module."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: <quote>permit</quote>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "chpass_provider (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The provider which should handle change password operations for the domain. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Supported change password providers are:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>ipa</quote> to change a password stored in an IPA server. See "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> for more information on configuring IPA."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>ldap</quote> to change a password stored in a LDAP server. See "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> for more information on configuring LDAP."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> for more information on configuring Kerberos."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>proxy</quote> for relaying password changes to some other PAM target."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<quote>none</quote> disallows password changes explicitly."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Default: <quote>auth_provider</quote> is used if it is set and can handle "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"change password requests."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "sudo_provider (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The SUDO provider used for the domain. Supported SUDO providers are:"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"citerefentry> for more information on configuring LDAP."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "<quote>none</quote> disables SUDO explicitly."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: The value of <quote>id_provider</quote> is used if it is set."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "session_provider (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The provider which should handle loading of session settings. Supported "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"session providers are:"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<quote>ipa</quote> to load session settings from an IPA server. See "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"manvolnum> </citerefentry> for more information on configuring IPA."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "<quote>none</quote> disallows fetching session settings explicitly."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Default: <quote>id_provider</quote> is used if it is set and can handle "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"session loading requests."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "subdomains_provider (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The provider which should handle fetching of subdomains. This value should "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"be always the same as id_provider. Supported subdomain providers are:"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"manvolnum> </citerefentry> for more information on configuring IPA."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "<quote>none</quote> disallows fetching subdomains explicitly."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: none"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "autofs_provider (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The autofs provider used for the domain. Supported autofs providers are:"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"citerefentry> for more information on configuring LDAP."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"citerefentry> for more information on configuring IPA."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "<quote>none</quote> disables autofs explicitly."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "hostid_provider (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The provider used for retrieving host identity information. Supported "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"hostid providers are:"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>ipa</quote> to load host identity stored in an IPA server. See "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"manvolnum> </citerefentry> for more information on configuring IPA."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "<quote>none</quote> disables hostid explicitly."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "lookup_family_order (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Provides the ability to select preferred address family to use when "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"performing DNS lookups."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Supported values:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: ipv4_first"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "dns_resolver_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Defines the amount of time (in seconds) to wait for a reply from the DNS "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"resolver before assuming that it is unreachable. If this timeout is reached, "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"the domain will continue to operate in offline mode."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "dns_discovery_domain (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If service discovery is used in the back end, specifies the domain part of "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the service discovery DNS query."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: Use the domain part of machine's hostname"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "override_gid (integer)"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "Override the primary GID value with the one specified."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "case_sensitive (boolean)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"Treat user and group names as case sensitive. At the moment, this option is "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"not supported in the local provider."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: True"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "proxy_fast_alias (boolean)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"When a user or group is looked up by name in the proxy provider, a second "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"lookup by ID is performed to \"canonicalize\" the name in case the requested "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"name was an alias. Setting this option to true would cause the SSSD to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"perform the ID lookup from cache for performance reasons."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "subdomain_homedir (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Use this homedir as default value for all subdomains within this domain. See "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<emphasis>override_homedir</emphasis> for info about possible values."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The value can be overridden by <emphasis>override_homedir</emphasis> option."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"These configuration options can be present in a domain configuration "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "proxy_pam_target (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The proxy target PAM proxies to."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Default: not set by default, you have to take an existing pam configuration "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"or create a new one and add the service name here."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "proxy_lib_name (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The name of the NSS library to use in proxy domains. The NSS functions "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"searched for in the library are in the form of _nss_$(libName)_$(function), "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"for example _nss_files_getpwent."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The local domain section"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This section contains settings for domain that stores users and groups in "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"SSSD native database, that is, a domain that uses "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<replaceable>id_provider=local</replaceable>."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "default_shell (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The default shell for users created with SSSD userspace tools."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: <filename>/bin/bash</filename>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "base_directory (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The tools append the login name to <replaceable>base_directory</replaceable> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"and use that as the home directory."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: <filename>/home</filename>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "create_homedir (bool)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Indicate if a home directory should be created by default for new users. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Can be overridden on command line."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: TRUE"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "remove_homedir (bool)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Indicate if a home directory should be removed by default for deleted "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"users. Can be overridden on command line."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "homedir_umask (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"on a newly created home directory."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 077"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "skel_dir (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The skeleton directory, which contains files and directories to be copied in "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"the user's home directory, when the home directory is created by "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: <filename>/etc/skel</filename>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "mail_dir (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The mail spool directory. This is needed to manipulate the mailbox when its "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"corresponding user account is modified or deleted. If not specified, a "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"default value is used."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: <filename>/var/mail</filename>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "userdel_cmd (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The command that is run after a user is removed. The command us passed the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"username of the user being removed as the first and only parameter. The "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"return code of the command is not taken into account."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: None, no command is run"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "EXAMPLE"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"domains = LDAP\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"services = nss, pam\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"config_file_version = 2\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"filter_groups = root\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"filter_users = root\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"id_provider = ldap\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"ldap_uri = ldap://ldap.example.com\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"ldap_search_base = dc=example,dc=com\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"auth_provider = krb5\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"krb5_realm = EXAMPLE.COM\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"cache_credentials = true\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"min_id = 10000\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"max_id = 20000\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"enumerate = False\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The following example shows a typical SSSD config. It does not describe "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"configuration of the domains themselves - refer to documentation on "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"configuring domains for more details. <placeholder type=\"programlisting\" "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sssd-ldap"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This manual page describes the configuration of LDAP domains for "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> manual page for detailed syntax information."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "You can configure SSSD to use more than one LDAP domain."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"LDAP back end supports id, auth, access and chpass providers. If you want to "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"over an unencrypted channel. If the LDAP server is used only as an identity "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"provider, an encrypted channel is not needed. Please refer to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<quote>ldap_access_filter</quote> config option for more information about "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"using LDAP as an access provider."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "CONFIGURATION OPTIONS"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_uri (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"should connect in the order of preference. Refer to the <quote>FAILOVER</"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"quote> section for more information on failover and server redundancy. If "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"not specified, service discovery is enabled. For more information, refer to "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"the <quote>SERVICE DISCOVERY</quote> section."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "The format of the URI must match the format defined in RFC 2732:"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "ldap[s]://<host>[:port]"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"For explicit IPv6 addresses, <host> must be enclosed in brackets []"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "example: ldap://[fc00::126:25]:389"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "ldap_chpass_uri (string)"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"should connect in the order of preference to change the password of a user. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Refer to the <quote>FAILOVER</quote> section for more information on "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"failover and server redundancy."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "To enable service discovery ldap_chpass_dns_service_name must be set."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: empty, i.e. ldap_uri is used."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_search_base (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The default base DN to use for performing LDAP user operations."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallaghermsgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallaghermsgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"The filter must be a valid LDAP search filter as specified by http://www."
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallaghermsgid "Examples:"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"ldap_search_base = dc=example,dc=com (which is equivalent to) "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"ldap_search_base = dc=example,dc=com?subtree?"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"(host=thishost)?dc=example.com?subtree?"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"Note: It is unsupported to have multiple search bases which reference "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"identically-named objects (for example, groups with the same name in two "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"different search bases). This will lead to unpredictable behavior on client "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"Default: If not set, the value of the defaultNamingContext or namingContexts "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"attribute from the RootDSE of the LDAP server is used. If "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"defaultNamingContext does not exists or has an empty value namingContexts is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"used. The namingContexts attribute must have a single value with the DN of "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"the search base of the LDAP server to make this work. Multiple values are "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"are not supported."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_schema (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the Schema Type in use on the target LDAP server. Depending on "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the selected schema, the default attribute names retrieved from the servers "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"may vary. The way that some attributes are handled may also differ. Four "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"difference between these schema types is how group memberships are recorded "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"in the server. With rfc2307, group members are listed by name in the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"members are listed by DN and stored in the <emphasis>member</emphasis> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"attribute. The AD schema type sets the attributes to correspond with Active "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Directory 2008r2 values."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: rfc2307"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_default_bind_dn (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The default bind DN to use for performing LDAP operations."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_default_authtok_type (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The type of the authentication token of the default bind DN."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The two mechanisms currently supported are:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "password"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "obfuscated_password"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "Default: password"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_default_authtok (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The authentication token of the default bind DN. Only clear text passwords "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"are currently supported."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_object_class (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The object class of a user entry in LDAP."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: posixAccount"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_name (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the user's login name."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: uid"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_uid_number (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the user's id."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: uidNumber"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_gid_number (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the user's primary group id."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: gidNumber"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_gecos (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the user's gecos field."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: gecos"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_home_directory (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallaghermsgid "The LDAP attribute that contains the name of the user's home directory."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: homeDirectory"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_shell (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that contains the path to the user's default shell."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: loginShell"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_uuid (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: nsUniqueId"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| msgid "re_expression (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_user_objectsid (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "re_expression (tekst)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The LDAP attribute that contains the objectSID of an LDAP user object. This "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"is usually only necessary for ActiveDirectory servers."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: objectSid for ActiveDirectory, not set for other servers."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_modify_timestamp (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The LDAP attribute that contains timestamp of the last modification of the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"parent object."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: modifyTimestamp"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_shadow_last_change (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"the last password change)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: shadowLastChange"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_shadow_min (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"password age)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: shadowMin"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_shadow_max (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"password age)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: shadowMax"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_shadow_warning (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"(password warning period)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: shadowWarning"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_shadow_inactive (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"(password inactivity period)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: shadowInactive"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_shadow_expire (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"parameter contains the name of an LDAP attribute corresponding to its "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> counterpart (account expiration date)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: shadowExpire"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_krb_last_pwd_change (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"an LDAP attribute storing the date and time of last password change in "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: krbLastPwdChange"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_krb_password_expiration (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"an LDAP attribute storing the date and time when current password expires."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: krbPasswordExpiration"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_ad_account_expires (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_account_expire_policy=ad, this parameter contains the name "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"of an LDAP attribute storing the expiration time of the account."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: accountExpires"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_ad_user_account_control (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_account_expire_policy=ad, this parameter contains the name "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"of an LDAP attribute storing the user account control bit field."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: userAccountControl"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_ns_account_lock (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"determines if access is allowed or not."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: nsAccountLock"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "ldap_user_nds_login_disabled (string)"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"When using ldap_account_expire_policy=nds, this attribute determines if "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"access is allowed or not."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "Default: loginDisabled"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "ldap_user_nds_login_expiration_time (string)"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"When using ldap_account_expire_policy=nds, this attribute determines until "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"which date access is granted."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "ldap_user_nds_login_allowed_time_map (string)"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"When using ldap_account_expire_policy=nds, this attribute determines the "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"hours of a day in a week when access is granted."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "Default: loginAllowedTimeMap"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_principal (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The LDAP attribute that contains the user's Kerberos User Principal Name "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: krbPrincipalName"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_user_ssh_public_key (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains the user's SSH public keys."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_force_upper_case_realm (boolean)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Some directory servers, for example Active Directory, might deliver the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"realm part of the UPN in lower case, which might cause the authentication to "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"fail. Set this option to a non-zero value if you want to use an upper-case "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_enumeration_refresh_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallagher"Specifies how many seconds SSSD has to wait before refreshing its cache of "
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallagher"enumerated records."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 300"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallaghermsgid "ldap_purge_cache_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Determine how often to check the cache for inactive entries (such as groups "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"with no members and users who have never logged in) and remove them to save "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Setting this option to zero will disable the cache cleanup operation."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 10800 (12 hours)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_fullname (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the user's full name."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: cn"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_member_of (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that lists the user's group memberships."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: memberOf"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_authorized_service (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"use the presence of the authorizedService attribute in the user's LDAP entry "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"to determine access privilege."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"explicit allow (svc) and finally for allow_all (*)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: authorizedService"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "ldap_user_authorized_host (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"presence of the host attribute in the user's LDAP entry to determine access "
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"An explicit deny (!host) is resolved first. Second, SSSD searches for "
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"explicit allow (host) and finally for allow_all (*)."
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "Default: host"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "ldap_group_object_class (string)"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The object class of a group entry in LDAP."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: posixGroup"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_group_name (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the group name."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_group_gid_number (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the group's id."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_group_member (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that contains the names of the group's members."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_group_uuid (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallaghermsgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_group_objectsid (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The LDAP attribute that contains the objectSID of an LDAP group object. This "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"is usually only necessary for ActiveDirectory servers."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_group_modify_timestamp (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_group_nesting_level (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If ldap_schema is set to a schema format that supports nested groups (e.g. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"RFC2307bis), then this option controls how many levels of nesting SSSD will "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"follow. This option has no effect on the RFC2307 schema."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 2"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_netgroup_object_class (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The object class of a netgroup entry in LDAP."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "In IPA provider, ipa_netgroup_object_class should be used instead."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: nisNetgroup"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_netgroup_name (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that corresponds to the netgroup name."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "In IPA provider, ipa_netgroup_name should be used instead."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_netgroup_member (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The LDAP attribute that contains the names of the netgroup's members."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "In IPA provider, ipa_netgroup_member should be used instead."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: memberNisNetgroup"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_netgroup_triple (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The LDAP attribute that contains the (host, user, domain) netgroup triples."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "This option is not available in IPA provider."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: nisNetgroupTriple"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_netgroup_uuid (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "In IPA provider, ipa_netgroup_uuid should be used instead."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_netgroup_modify_timestamp (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_service_object_class (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The object class of a service entry in LDAP."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipService"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_service_name (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that contains the name of service attributes and their "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_service_port (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains the port managed by this service."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipServicePort"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_service_proto (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that contains the protocols understood by this service."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipServiceProtocol"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_service_search_base (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "An optional base DN to restrict service searches to a specific subtree."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"See <quote>ldap_search_base</quote> for information about configuring "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"multiple search bases."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_search_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the timeout (in seconds) that ldap searches are allowed to run "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"before they are cancelled and cached results are returned (and offline mode "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Note: this option is subject to change in future versions of the SSSD. It "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"will likely be replaced at some point by a series of timeouts for specific "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"lookup types."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 6"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_enumeration_search_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the timeout (in seconds) that ldap searches for user and group "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"enumerations are allowed to run before they are cancelled and cached results "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"are returned (and offline mode is entered)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_network_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the timeout (in seconds) after which the <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> following a <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> returns in case of no activity."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_opt_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"will abort if no response is received. Also controls the timeout when "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"communicating with the KDC in case of SASL bind."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ldap_connection_expire_timeout (integer)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"maintained. After this time, the connection will be re-established. If used "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"the TGT lifetime) will be used."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: 900 (15 minutes)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "ldap_page_size (integer)"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"Specify the number of records to retrieve from LDAP in a single request. "
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"Some LDAP servers enforce a maximum limit per-request."
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "Default: 1000"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_disable_paging (boolean)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Disable the LDAP paging control. This option should be used if the LDAP "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"server reports that it supports the LDAP paging control in its RootDSE but "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"it is not enabled or does not behave properly."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Example: OpenLDAP servers with the paging control module installed on the "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"server but not enabled will report it in the RootDSE but be unable to use it."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Example: 389 DS has a bug where it can only support a one paging control at "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"a time on a single connection. On busy clients, this can result in some "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"requests being denied."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: False"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_sasl_minssf (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"When communicating with an LDAP server using SASL, specify the minimum "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"security level necessary to establish the connection. The values of this "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"option are defined by OpenLDAP."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: Use the system default (usually specified by ldap.conf)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "ldap_deref_threshold (integer)"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"Specify the number of group members that must be missing from the internal "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"cache in order to trigger a dereference lookup. If less members are missing, "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"they are looked up individually."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"You can turn off dereference lookups completely by setting the value to 0."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"A dereference lookup is a means of fetching all group members in a single "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"LDAP call. Different LDAP servers may implement different dereference "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"filter, then the dereference lookup performance enhancement will be disabled "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"regardless of this setting."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_tls_reqcert (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Specifies what checks to perform on server certificates in a TLS session, if "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"any. It can be specified as one of the following values:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<emphasis>never</emphasis> = The client will not request or check any server "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>allow</emphasis> = The server certificate is requested. If no "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"certificate is provided, the session proceeds normally. If a bad certificate "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"is provided, it will be ignored and the session proceeds normally."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>try</emphasis> = The server certificate is requested. If no "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"certificate is provided, the session proceeds normally. If a bad certificate "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"is provided, the session is immediately terminated."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>demand</emphasis> = The server certificate is requested. If no "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"certificate is provided, or a bad certificate is provided, the session is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"immediately terminated."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: hard"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_tls_cacert (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the file that contains certificates for all of the Certificate "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Authorities that <command>sssd</command> will recognize."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"conf</filename>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_tls_cacertdir (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the path of a directory that contains Certificate Authority "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"certificates in separate individual files. Typically the file names need to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"be the hash of the certificate followed by '.0'. If available, "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>cacertdir_rehash</command> can be used to create the correct names."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_tls_cert (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Specifies the file that contains the certificate for the client's key."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: not set"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_tls_key (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Specifies the file that contains the client's key."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_tls_cipher_suite (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies acceptable cipher suites. Typically this is a colon sperated "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<manvolnum>5</manvolnum></citerefentry> for format."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_id_use_start_tls (boolean)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Specifies that the id_provider connection must also use <systemitem class="
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"\"protocol\">tls</systemitem> to protect the channel."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_id_mapping (boolean)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specifies that SSSD should attempt to map user and group IDs from the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"on ldap_user_uid_number and ldap_group_gid_number."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Currently this feature supports only ActiveDirectory objectSID mapping."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_sasl_mech (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_sasl_authid (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specify the SASL authorization id to use. When GSSAPI is used, this "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"represents the Kerberos principal used for authentication to the directory."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: host/machine.fqdn@REALM"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_sasl_canonicalize (boolean)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If set to true, the LDAP library would perform a reverse lookup to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"canonicalize the host name during a SASL bind."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: false;"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_krb5_keytab (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Specify the keytab to use when using SASL/GSSAPI."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_krb5_init_creds (boolean)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Specifies that the id_provider should init Kerberos credentials (TGT). This "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"action is performed only if SASL is used and the mechanism selected is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_krb5_ticket_lifetime (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: 86400 (24 hours)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_server (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the comma-separated list of IP addresses or hostnames of the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Kerberos servers to which SSSD should connect in the order of preference. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For more information on failover and server redundancy, see the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"colon) may be appended to the addresses or hostnames. If empty, service "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"discovery is enabled - for more information, refer to the <quote>SERVICE "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"DISCOVERY</quote> section."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"When using service discovery for KDC or kpasswd servers, SSSD first searches "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"none are found."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"While the legacy name is recognized for the time being, users are advised to "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"migrate their config files to use <quote>krb5_server</quote> instead."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_realm (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallaghermsgid "krb5_canonicalize (boolean)"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"Specifies if the host principal should be canonicalized when connecting to "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"LDAP server. This feature is available with MIT Kerberos >= 1.7"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_pwd_policy (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Select the policy to evaluate the password expiration on the client side. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The following values are allowed:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>none</emphasis> - No evaluation on the client side. This option "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"cannot disable server-side password policies."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"evaluate if the password has expired."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"to determine if the password has expired. Use chpass_provider=krb5 to update "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"these attributes when the password is changed."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_referrals (boolean)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Specifies whether automatic referral chasing should be enabled."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that sssd only supports referral chasing when it is compiled "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"with OpenLDAP version 2.4.13 or higher."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Chasing referrals may incur a performance penalty in environments that use "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"them heavily, a notable example is Microsoft Active Directory. If your setup "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"does not in fact require the use of referrals, setting this option to false "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"might bring a noticeable performance improvement."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_dns_service_name (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Specifies the service name to use when service discovery is enabled."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: ldap"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_chpass_dns_service_name (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the service name to use to find an LDAP server which allows "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"password changes when service discovery is enabled."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: not set, i.e. service discovery is disabled"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_access_filter (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If using access_provider = ldap, this option is mandatory. It specifies an "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"LDAP search filter criteria that must be met for the user to be granted "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"access on this host. If access_provider = ldap and this option is not set, "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"it will result in all users being denied access. Use access_provider = "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"permit to change this default behavior."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Example:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"access_provider = ldap\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This example means that access to this host is restricted to members of the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"\"allowedusers\" group in ldap."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Offline caching for this feature is limited to determining whether the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"user's last online login was granted access permission. If they were granted "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"access during their last login, they will continue to be granted access "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"while offline and vice-versa."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: Empty"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_account_expire_policy (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"With this option a client side evaluation of access control attributes can "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Please note that it is always recommended to use server side access control, "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"i.e. the LDAP server should deny the bind request with a suitable error code "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"even if the password is correct."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The following values are allowed:"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"determine if the account is expired."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>ad</emphasis>: use the value of the 32bit field "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"ldap_user_ad_user_account_control and allow access if the second bit is not "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"set. If the attribute is missing access is granted. Also the expiration time "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"of the account is checked."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"emphasis>: use the value of ldap_ns_account_lock to check if access is "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"allowed or not."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>nds</emphasis>: the values of "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"If both attributes are missing access is granted."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_access_order (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Comma separated list of access control options. Allowed values are:"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "<emphasis>filter</emphasis>: use ldap_access_filter"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"to determine access"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "<emphasis>host</emphasis>: use the host attribute to determine access"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: filter"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Please note that it is a configuration error if a value is used more than "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_deref (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Specifies how alias dereferencing is done when performing a search. The "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"following options are allowed:"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the base object, but not in locating the base object of the search."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the base object of the search."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"in locating the base object of the search."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"client libraries)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"All of the common configuration options that apply to SSSD domains also "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"manvolnum> </citerefentry> manual page for full details. <placeholder type="
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"\"variablelist\" id=\"0\"/>"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "SUDO OPTIONS"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_object_class (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The object class of a sudo rule entry in LDAP."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoRole"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_name (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that corresponds to the sudo rule name."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_command (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that corresponds to the command name."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoCommand"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_host (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the host name (or host IP address, "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"host IP network, or host netgroup)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoHost"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_user (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the user name (or UID, group name or "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"user's netgroup)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoUser"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_option (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that corresponds to the sudo options."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoOption"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_runasuser (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the user name that commands may be "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoRunAsUser"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_runasgroup (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the group name or group GID that "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"commands may be run as."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoRunAsGroup"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_notbefore (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the start date/time for when the sudo "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"rule is valid."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoNotBefore"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_notafter (string)"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the expiration date/time, after which "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the sudo rule will no longer be valid."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoNotAfter"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_order (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that corresponds to the ordering index of the rule."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoOrder"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudo_refresh_enabled (boolean)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Enables periodical download of all sudo rules. The cache is purged before "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudo_refresh_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "<placeholder type=\"variablelist\" id=\"0\"/>"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"This manual page only describes attribute name mapping. For detailed "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"explanation of sudo related attribute semantics, see <citerefentry> "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"citerefentry>"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "AUTOFS OPTIONS"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Please note that the default values correspond to the default schema which "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_map_object_class (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The object class of an automount map entry in LDAP."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: automountMap"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_map_name (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The name of an automount map entry in LDAP."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ou"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_entry_object_class (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_entry_key (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The key of an automount entry in LDAP. The entry usually corresponds to a "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_entry_value (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: automountInformation"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"\"variablelist\" id=\"4\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ADVANCED OPTIONS"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_netgroup_search_base (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"An optional base DN to restrict netgroup searches to a specific subtree."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_user_search_base (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "An optional base DN to restrict user searches to a specific subtree."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ldap_group_search_base (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "An optional base DN to restrict group searches to a specific subtree."
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "ldap_user_search_filter (string)"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"This option specifies an additional LDAP search filter criteria that "
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"restrict user searches."
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"by ldap_user_search_base."
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"This filter would restrict user searches to users that have their shell set "
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "ldap_group_search_filter (string)"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"This option specifies an additional LDAP search filter criteria that "
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher"restrict group searches."
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"by ldap_group_search_base."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudo_search_base (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"An optional base DN to restrict sudo rules searches to a specific subtree."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_search_base (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"An optional base DN to restrict automounter searches to a specific subtree."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"These options are supported by LDAP domains, but they should be used with "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"caution. Please include them in your configuration only if you know what you "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"are doing. <placeholder type=\"variablelist\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The following example assumes that SSSD is correctly configured and LDAP is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"set to one of the domains in the <replaceable>[domains]</replaceable> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" id_provider = ldap\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" auth_provider = ldap\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" ldap_uri = ldap://ldap.mydomain.org\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" ldap_search_base = dc=mydomain,dc=org\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" ldap_tls_reqcert = demand\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" cache_credentials = true\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" enumerate = true\n"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<placeholder type=\"programlisting\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The descriptions of some of the configuration options in this manual page "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"distribution."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refentryinfo>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "pam_sss"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "PAM module for SSSD"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>pam_sss.so</command> is the PAM interface to the System Security "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Services daemon (SSSD). Errors and results are logged through <command>syslog"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"(3)</command> with the LOG_AUTHPRIV facility."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>quiet</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Suppress log messages for unknown users."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>forward_pass</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If <option>forward_pass</option> is set the entered password is put on the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"stack for other PAM modules to use."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>use_first_pass</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The argument use_first_pass forces the module to use a previous stacked "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"modules password and will never prompt the user - if no password is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"available or the password is not appropriate, the user will be denied access."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>use_authtok</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"When password changing enforce the module to set the new password to the one "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"provided by a previously stacked password module."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>retry=N</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If specified the user is asked another N times for a password if "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"authentication fails. Default is 0."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that this option might not work as expected if the application "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"calling PAM handles the user dialog on its own. A typical example is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sshd</command> with <option>PasswordAuthentication</option>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "MODULE TYPES PROVIDED"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"All module types (<option>account</option>, <option>auth</option>, "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<option>password</option> and <option>session</option>) are provided."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If a password reset by root fails, because the corresponding SSSD provider "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"does not support password resets, an individual message can be displayed. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This message can e.g. contain instructions about how to reset a password."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"filename> where LOC stands for a locale string returned by <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>. If there is no matching file the content of "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"the owner of the files and only root may have read and write permissions "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"while all other users must have only read permissions."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"These files are searched in the directory <filename>/etc/sssd/customize/"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sssd_krb5_locator_plugin"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"libraries what Realm and which KDC to use. Typically this is done in "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"To simplify the configuration the Realm and the KDC can be defined in "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> as described in <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"</citerefentry> puts the Realm and the name or IP address of the KDC into "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"libraries it reads and evaluates these variables and returns them to the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Not all Kerberos implementations support the use of plugins. If "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sssd_krb5_locator_plugin</command> is not available on your system "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"debug messages will be sent to stderr."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sssd-simple"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "the configuration file for SSSD's 'simple' access-control provider"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This manual page describes the configuration of the simple access-control "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> manual page."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The simple access provider grants or denies access based on an access or "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"deny list of user or group names. The following rules apply:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "If all lists are empty, access is granted"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If any list is provided, the order of evaluation is allow,deny. This means "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"that any matching deny rule will supersede any matched allow rule."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If either or both \"allow\" lists are provided, all users are denied unless "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"they appear in the list."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If only \"deny\" lists are provided, all users are granted access unless "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"they appear in the list."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "simple_allow_users (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Comma separated list of users who are allowed to log in."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "simple_deny_users (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Comma separated list of users who are explicitly denied access."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "simple_allow_groups (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Comma separated list of groups that are allowed to log in. This applies only "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"to groups within this SSSD domain. Local groups are not evaluated."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "simple_deny_groups (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Comma separated list of groups that are explicitly denied access. This "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"applies only to groups within this SSSD domain. Local groups are not "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> manual page for details on the configuration of an SSSD "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that it is an configuration error if both, simple_allow_users "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"and simple_deny_users, are defined."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The following example assumes that SSSD is correctly configured and example."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"This examples shows only the simple access provider-specific options."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" access_provider = simple\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" simple_allow_users = user1, user2\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sssd-ipa"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This manual page describes the configuration of the IPA provider for "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The IPA provider is a back end used to connect to an IPA server. (Refer to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the freeipa.org web site for information about IPA servers.) This provider "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"requires that the machine be joined to the IPA domain; configuration is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"almost entirely self-discovered and obtained directly from the server."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The IPA provider accepts the same options used by the <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"provider with some exceptions described below."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"However, it is neither necessary nor recommended to set these options. IPA "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"provider can also be used as an access and chpass provider. As an access "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"provider it uses HBAC (host-based access control) rules. Please refer to "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"freeipa.org for more information about HBAC. No configuration of access "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"provider is required on the client side."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipa_domain (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Specifies the name of the IPA domain. This is optional. If not provided, "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the configuration domain name is used."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipa_server (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The comma-separated list of IP addresses or hostnames of the IPA servers to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"which SSSD should connect in the order of preference. For more information "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This is optional if autodiscovery is enabled. For more information on "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipa_hostname (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Optional. May be set on machines where the hostname(5) does not reflect the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"fully qualified name used in the IPA domain to identify this host."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipa_dyndns_update (boolean)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Optional. This option tells SSSD to automatically update the DNS server "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"built into FreeIPA v2 with the IP address of this client."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the default Kerberos realm must be set properly in /etc/krb5.conf"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipa_dyndns_iface (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"interface whose IP address should be used for dynamic DNS updates."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: Use the IP address of the IPA LDAP connection"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "ipa_hbac_search_base (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallaghermsgid "Optional. Use the given string as search base for HBAC related objects."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: Use base DN"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_host_search_base (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Optional. Use the given string as search base for host objects."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"If filter is given in any of search bases and "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"will be ignored."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_search_base (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Optional. Use the given string as search base for SELinux user maps."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ipa_subdomains_search_base (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Optional. Use the given string as search base for trusted domains."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_validate (boolean)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Verify with the help of krb5_keytab that the TGT obtained has not been "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Note that this default differs from the traditional Kerberos provider back "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The name of the Kerberos realm. This is optional and defaults to the value "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"of <quote>ipa_domain</quote>."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The name of the Kerberos realm has a special meaning in IPA - it is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"converted into the base DN to use for performing LDAP operations."
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"Specifies if the host and user principal should be canonicalized when "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"connecting to IPA LDAP and also for AS requests. This feature is available "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"with MIT Kerberos >= 1.7"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "ipa_hbac_refresh (integer)"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"The amount of time between lookups of the HBAC rules against the IPA server. "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"This will reduce the latency and load on the IPA server if there are many "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"access-control requests made in a short period."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "Default: 5 (seconds)"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "ipa_hbac_treat_deny_as (string)"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"client will support two modes of operation during this transition period:"
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"users will be denied access."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher"careful with this option, as it may result in opening unintended access."
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9643e7da1a54a9edb2360ab8f855664a8b4397caStephen Gallaghermsgid "Default: DENY_ALL"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_hbac_support_srchost (boolean)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"If this is set to false, then srchost as given to SSSD by PAM will be "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallaghermsgid "ipa_automount_location (string)"
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallaghermsgid "The automounter location this IPA client will be using"
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallaghermsgid "Default: The location named \"default\""
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_netgroup_member_of (string)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "The LDAP attribute that lists netgroup's memberships."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_netgroup_member_user (string)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"The LDAP attribute that lists system users and groups that are direct "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"members of the netgroup."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: memberUser"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_netgroup_member_host (string)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"The LDAP attribute that lists hosts and host groups that are direct members "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"of the netgroup."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: memberHost"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_netgroup_member_ext_host (string)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"The LDAP attribute that lists FQDNs of hosts and host groups that are "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"members of the netgroup."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: externalHost"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_netgroup_domain (string)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "The LDAP attribute that contains NIS domain name of the netgroup."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: nisDomainName"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_host_object_class (string)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "The object class of a host entry in LDAP."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: ipaHost"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_host_fqdn (string)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "The LDAP attribute that contains FQDN of the host."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: fqdn"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_object_class (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_name (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains the name of SELinux usermap."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_member_user (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that contains all users / groups this rule match against."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_member_host (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that contains all hosts / hostgroups this rule match "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_see_also (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that contains DN of HBAC rule which can be used for "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"matching instead of memberUser and memberHost"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: seeAlso"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_selinux_user (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains SELinux user string itself."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipaSELinuxUser"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_enabled (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that contains whether or not is user map enabled for "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipaEnabledFlag"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_user_category (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains user category such as 'all'."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: userCategory"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_host_category (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains host category such as 'all'."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: hostCategory"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_uuid (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains unique ID of the user map."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipaUniqueID"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_host_ssh_public_key (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains the host's SSH public keys."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipaSshPubKey"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The following example assumes that SSSD is correctly configured and example."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"This examples shows only the ipa provider-specific options."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" id_provider = ipa\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" ipa_hostname = myhost.example.com\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sssd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "System Security Services Daemon"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>SSSD</command> provides a set of daemons to manage access to remote "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"directories and authentication mechanisms. It provides an NSS and PAM "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"interface toward the system and a pluggable backend system to connect to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"multiple different account sources as well as D-Bus interface. It is also "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the basis to provide client auditing and policy services for projects like "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"FreeIPA. It provides a more robust database to store local users as well as "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"extended user data."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-f</option>,<option>--debug-to-files</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Send the debug output to files instead of stderr. By default, the log files "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"are stored in <filename>/var/log/sssd</filename> and there are separate log "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"files for every SSSD service and domain."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-D</option>,<option>--daemon</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Become a daemon after starting up."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-i</option>,<option>--interactive</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Run in the foreground, don't become a daemon."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-c</option>,<option>--config</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"conf</filename>. For reference on the config file syntax and options, "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<manvolnum>5</manvolnum> </citerefentry> manual page."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "<option>--version</option>"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Print version number and exit."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Signals"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Informs the SSSD to gracefully terminate all of its child processes and then "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"shut down the monitor."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Tells the SSSD to stop writing to its current debug file descriptors and to "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"close and reopen them. This is meant to facilitate log rolling with programs "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"like logrotate."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "SIGUSR1"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Tells the SSSD to simulate offline operation for one minute. This is mostly "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"useful for testing purposes."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "SIGUSR2"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Tells the SSSD to go online immediately. This is mostly useful for testing "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_obfuscate"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "obfuscate a clear text password"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable></arg>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_obfuscate</command> converts a given password into human-"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"unreadable format and places it into appropriate domain section of the SSSD "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The cleartext password is read from standard input or entered "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"interactively. The obfuscated password is put into "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<quote>ldap_default_authtok_type</quote> parameter is set to "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> for more details on these parameters."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that obfuscating the password provides <emphasis>no real "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"security benefit</emphasis> as it is still possible for an attacker to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"reverse-engineer the password back. Using better authentication mechanisms "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-s</option>,<option>--stdin</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The password to obfuscate will be read from standard input."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:82
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The SSSD domain to use the password in. The default name is <quote>default</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Read the config file specified by the positional parameter."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_useradd"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "create a new user"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_useradd</command> creates a new user account using the values "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"specified on the command line plus the default values from the system."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"not given, it is chosen automatically."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Any text string describing the user. Often used as the field for the user's "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The home directory of the user account. The default is to append the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"that as the home directory. The base that is prepended before "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"baseDirectory</quote> setting in sssd.conf."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The user's login shell. The default is currently <filename>/bin/bash</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"filename>. The default can be changed with <quote>user_defaults/"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"defaultShell</quote> setting in sssd.conf."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "A list of existing groups this user is also a member of."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-m</option>,<option>--create-home</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Create the user's home directory if it does not exist. The files and "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"directories contained in the skeleton directory (which can be defined with "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the -k option or in the config file) will be copied to the home directory."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-M</option>,<option>--no-create-home</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Do not create the user's home directory. Overrides configuration settings."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The skeleton directory, which contains files and directories to be copied in "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"the user's home directory, when the home directory is created by "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_useradd</command>."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This option is only valid if the <option>-m</option> (or <option>--create-"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"home</option>) option is specified, or creation of home directories is set "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"to TRUE in the configuration."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<option>-Z</option>,<option>--selinux-user</option> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<replaceable>SELINUX_USER</replaceable>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The SELinux user for the user's login. If not specified, the system default "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"will be used."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sssd-krb5"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This manual page describes the configuration of the Kerberos 5 "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"authentication backend for <citerefentry> <refentrytitle>sssd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> manual page"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The Kerberos 5 authentication backend contains auth and chpass providers. It "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"must be paired with identity provider in order to function properly (for "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"example, id_provider = ldap). Some information required by the Kerberos 5 "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"authentication backend must be provided by the identity provider, such as "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"the user's Kerberos Principal Name (UPN). The configuration of the identity "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"provider should have an entry to specify the UPN. Please refer to the man "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"page for the applicable identity provider for details on how to configure "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This backend also provides access control based on the .k5login file in the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Please note that an empty .k5login file will deny all access to this user. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"To activate this feature use 'access_provider = krb5' in your sssd "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"configuration."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"In the case where the UPN is not available in the identity backend "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sssd</command> will construct a UPN using the format "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The name of the Kerberos realm. This option is required and must be "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_kpasswd (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"If the change password service is not running on the KDC alternative servers "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"can be defined here. An optional port number (preceded by a colon) may be "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"appended to the addresses or hostnames."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"For more information on failover and server redundancy, see the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<quote>FAILOVER</quote> section. Please note that even if there are no more "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"kpasswd servers to try the back end is not switch to offline if "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"authentication against the KDC is still possible."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: Use the KDC"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_ccachedir (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Directory to store credential caches. All the substitution sequences of "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"krb5_ccname_template can be used here, too, except %d and %P. If the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"directory does not exist it will be created. If %u, %U, %p or %h are used a "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"private directory belonging to the user is created. Otherwise a public "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry> for details) is created."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: /tmp"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_ccname_template (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "login UID"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "principal name"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "realm name"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "home directory"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "value of krb5ccache_dir"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "the process ID of the sssd client"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Location of the user's credential cache. Currently only file based "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"credential caches are supported. In the template the following sequences are "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_auth_timeout (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Timeout in seconds after an online authentication or change password request "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"is aborted. If possible the authentication request is continued offline."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_keytab (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The location of the keytab to use when validating credentials obtained from "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_store_password_if_offline (boolean)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Store the password of the user if the provider is offline and use it to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"request a TGT when the provider gets online again."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that this feature currently only available on a Linux platform. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Passwords stored in this way are kept in plaintext in the kernel keyring and "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"are potentially accessible by the root user (with difficulty)."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_renewable_lifetime (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Request a renewable ticket with a total lifetime given by an integer "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"immediately followed by one of the following delimiters:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>s</emphasis> seconds"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>m</emphasis> minutes"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>h</emphasis> hours"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<emphasis>d</emphasis> days."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that it is not possible to mix units. If you want to set the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"renewable lifetime to one and a half hours please use '90m' instead of "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: not set, i.e. the TGT is not renewable"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_lifetime (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Request ticket with a with a lifetime given by an integer immediately "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"followed by one of the following delimiters:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note that it is not possible to mix units. If you want to set the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"lifetime to one and a half hours please use '90m' instead of '1h30m'."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Default: not set, i.e. the default ticket lifetime configured on the KDC."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_renew_interval (integer)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The time in seconds between two checks if the TGT should be renewed. TGTs "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"are renewed if about half of their lifetime is exceeded."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "If this option is not set or 0 the automatic renewal is disabled."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "krb5_use_fast (string)"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"authentication. The following options are supported:"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"option at all."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"continue without."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Default: not set, i.e. FAST is not used."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Please note that a keytab is required to use fast."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"and above. If sssd used with an older version using this option is a "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"configuration error."
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "krb5_fast_principal (string)"
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
333b7970cc60c6277363c80564456a716c2d6634Stephen Gallaghermsgid "Specifies the server principal to use for FAST."
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"Specifies if the host and user principal should be canonicalized. This "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"feature is available with MIT Kerberos >= 1.7"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"If the auth-module krb5 is used in a SSSD domain, the following options must "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"SECTIONS</quote> for details on the configuration of a SSSD domain. "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<placeholder type=\"variablelist\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The following example assumes that SSSD is correctly configured and FOO is "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"example shows only configuration of Kerberos authentication, it does not "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"include any identity provider."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" auth_provider = krb5\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" krb5_server = 192.168.1.1\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher" krb5_realm = EXAMPLE.COM\n"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_groupadd"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "create a new group"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_groupadd</command> creates a new group. These groups are "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"compatible with POSIX groups, with the additional feature that they can "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"contain other groups as members."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Set the GID of the group to the value of <replaceable>GID</replaceable>. If "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"not given, it is chosen automatically."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_userdel"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "delete a user account"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_userdel</command> deletes a user identified by login name "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<replaceable>LOGIN</replaceable> from the system."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-r</option>,<option>--remove</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Files in the user's home directory will be removed along with the home "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"directory itself and the user's mail spool. Overrides the configuration."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-R</option>,<option>--no-remove</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Files in the user's home directory will NOT be removed along with the home "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"directory itself and the user's mail spool. Overrides the configuration."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-f</option>,<option>--force</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"This option forces <command>sss_userdel</command> to remove the user's home "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"directory and mail spool, even if they are not owned by the specified user."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-k</option>,<option>--kick</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Before actually deleting the user, terminate all his processes."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_groupdel"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "delete a group"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_groupdel</command> deletes a group identified by its name "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<replaceable>GROUP</replaceable> from the system."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_groupshow"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "print properties of a group"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_groupshow</command> displays information about a group "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"identified by its name <replaceable>GROUP</replaceable>. The information "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"includes the group ID number, members of the group and the parent group."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-R</option>,<option>--recursive</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Also print indirect group members in a tree-like hierarchy. Note that this "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"also affects printing parent groups - without <option>R</option>, only the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"direct parent will be printed."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "sss_usermod"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "modify a user account"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<command>sss_usermod</command> modifies the account specified by "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"on the command line."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The home directory of the user account."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The user's login shell."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Append this user to groups specified by the <replaceable>GROUPS</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"a comma separated list of group names."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"Remove this user from groups specified by the <replaceable>GROUPS</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"replaceable> parameter."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-l</option>,<option>--lock</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Lock the user account. The user won't be able to log in."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-u</option>,<option>--unlock</option>"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Unlock the user account."
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The SELinux user for the user's login."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "sss_cache"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "perform cache cleanup"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"records are forced to be reloaded from server as soon as related SSSD "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"backend is online."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Invalidate specific user."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<option>-U</option>,<option>--users</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Invalidate all user records. This option overrides invalidation of specific "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"user if it was also set."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Invalidate specific group."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<option>-G</option>,<option>--groups</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Invalidate all group records. This option overrides invalidation of specific "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"group if it was also set."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Invalidate specific netgroup."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<option>-N</option>,<option>--netgroups</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Invalidate all netgroup records. This option overrides invalidation of "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"specific netgroup if it was also set."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| "replaceable>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<option>-s</option>,<option>--service</option> <replaceable>service</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Invalidate specific service."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| "replaceable>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "<option>-S</option>,<option>--services</option>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Invalidate all service records. This option overrides invalidation of "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"specific service if it was also set."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| "replaceable>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Invalidate specific autofs maps."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| "replaceable>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "<option>-A</option>,<option>--autofs-maps</option>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Invalidate all autofs maps. This option overrides invalidation of specific "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"map if it was also set."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Restrict invalidation process only to a particular domain."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "sss_debuglevel"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "change debug level while SSSD is running"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable></arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "sss_ssh_authorizedkeys"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refmeta><manvolnum>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "get OpenSSH authorized keys"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<replaceable>options</replaceable> </arg> <arg "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"choice='plain'><replaceable>USER</replaceable></arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> for more information)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"command> for public key user authentication if it is compiled with support "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<manvolnum>5</manvolnum></citerefentry> options."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"If <quote>AuthorizedKeysCommand</quote> is supported, "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> can be configured to use it by putting the following directive "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"If <quote>PubkeyAgent</quote> is supported, "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> can be configured to use it by using the following directive "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"\" id=\"0\"/>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry> <refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum> </"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>sshd_config</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle><manvolnum>1</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum> </citerefentry>."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "sss_ssh_knownhostsproxy"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "get OpenSSH host keys"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<replaceable>options</replaceable> </arg> <arg "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"pubconf/known_hosts</filename> and estabilishes connection to the host."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"create the connection to the host instead of opening a socket."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"command> for host key authentication by using the following directives for "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Use port <replaceable>PORT</replaceable> to connect to the host. By "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"default, port 22 is used."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry> <refentrytitle>ssh</refentrytitle><manvolnum>8</manvolnum> </"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry>, <citerefentry> <refentrytitle>ssh_config</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle><manvolnum>1</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum> </citerefentry>."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "SERVICE DISCOVERY"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The service discovery feature allows back ends to automatically find the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"appropriate servers to connect to using a special DNS query."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Configuration"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If no servers are specified, the back end automatically uses service "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"discovery to try to find a server. Optionally, the user may choose to use "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"both fixed server addresses and service discovery by inserting a special "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"preference is maintained. This feature is useful if, for example, the user "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"prefers to use service discovery whenever possible, and fall back to a "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"specific server when no servers can be discovered using DNS."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The domain name"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"manvolnum> </citerefentry> manual page for more details."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The protocol"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The queries usually specify _tcp as the protocol. Exceptions are documented "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"in respective option description."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "See Also"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"For more information on the service discovery mechanism, refer to RFC 2782."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: outside any tag (error?)
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "FAILOVER"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The failover feature allows back ends to automatically switch to a different "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"server if the primary server fails."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Failover Syntax"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The list of servers is given as a comma-separated list; any number of spaces "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"is allowed around the comma. The servers are listed in order of preference. "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"The list can contain any number of servers."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><title>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "The Failover Mechanism"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"The failover mechanism distinguishes between a machine and a service. The "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"back end first tries to resolve the hostname of a given machine; if this "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"resolution attempt fails, the machine is considered offline. No further "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"attempts are made to connect to this machine for any other service. If the "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"resolution attempt succeeds, the back end tries to connect to a service on "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"this machine. If the service connection attempt fails, then only this "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"particular service is considered offline and the back end automatically "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"switches over to the next service. The machine is still considered online "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"and might still be tried for another service."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"Further connection attempts are made to machines or services marked as "
1008001f34abb42df75f840db17f14a83f0c21d4Stephen Gallagher"offline after a specified period of time; this is currently hard coded to 30 "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"If there are no more machines to try, the back end as a whole switches to "
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher"offline mode, and then attempts to reconnect every 30 seconds."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ID MAPPING"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The ID-mapping feature allows SSSD to act as a client of Active Directory "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"without requiring administrators to extend user attributes to support POSIX "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"attributes for user and group identifiers."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ignored. This is to avoid the possibility of conflicts between automatically-"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"assigned and manually-assigned values. If you need to use manually-assigned "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"values, ALL values must be manually-assigned."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Mapping Algorithm"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Active Directory provides an objectSID for every user and group object in "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"the directory. This objectSID can be broken up into components that "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"represent the Active Directory domain identity and the relative identifier "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"(RID) of the user or group object."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"into equally-sized component sections - called \"slices\"-. Each slice "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"represents the space available to an Active Directory domain."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"When a user or group entry for a particular domain is encountered for the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"first time, the SSSD allocates one of the available slices for that domain. "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"In order to make this slice-assignment repeatable on different client "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"machines, we select the slice based on the following algorithm:"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The SID string is passed through the murmurhash3 algorithm to convert it to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"a 32-bit hashed value. We then take the modulus of this value with the total "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"number of available slices to pick the slice."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"NOTE: It is possible to encounter collisions in the hash and subsequent "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"modulus. In these situations, we will select the next available slice, but "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"it may not be possible to reproduce the same exact set of slices on other "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"machines (since the order that they are encountered will determine their "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"slice). In this situation, it is recommended to either switch to using "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"configure a default domain to guarantee that at least one is always "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"consistent. See <quote>Configuration</quote> for details."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para><programlisting>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ldap_id_mapping = True\n"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ldap_schema = ad\n"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The default configuration results in configuring 10,000 slices, each capable "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"of holding up to 200,000 IDs, starting from 10,001 and going up to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"2,000,100,000. This should be sufficient for most deployments."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Advanced Configuration"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_range_min (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specifies the lower bound of the range of POSIX IDs to use for mapping "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Active Directory user and group SIDs."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"NOTE: This option is different from <quote>id_mn</quote> in that "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>id_min</quote> acts to filter the output of requests to this domain, "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"whereas this option controls the range of ID assignment. This is a subtle "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"distinction, but the good general advice would be to have <quote>id_min</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| msgid "Default: 120"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: 10001"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "Standaard: 120"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_range_max (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specifies the upper bound of the range of POSIX IDs to use for mapping "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Active Directory user and group SIDs."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"NOTE: This option is different from <quote>id_max</quote> in that "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>id_max</quote> acts to filter the output of requests to this domain, "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"whereas this option controls the range of ID assignment. This is a subtle "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"distinction, but the good general advice would be to have <quote>id_max</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| msgid "Default: 120"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: 2000100000"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "Standaard: 120"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_range_size (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specifies the number of IDs available for each slice. If the range size "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"does not divide evenly into the min and max values, it will create as many "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"complete slices as it can."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#| msgid "Default: 120"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: 200000"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "Standaard: 120"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_default_domain_sid (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specify the domain SID of the default domain. This will guarantee that this "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"domain will always be assigned to slice zero in the ID map, bypassing the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"murmurhash algorithm described above."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_default_domain (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Specify the name of the default domain."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_autorid_compat (boolean)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"winbind's <quote>idmap_autorid</quote> algorithm."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"When this option is configured, domains will be allocated starting with "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"slice zero and increasing monatomically with each additional domain."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"NOTE: This algorithm is non-deterministic (it depends on the order that "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"users and groups are requested). If this mode is required for compatibility "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"with machines running winbind, it is recommended to also use the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"least one domain is consistently allocated to slice zero."
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <varlistentry><term>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "<option>-h</option>,<option>--help</option>"
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallagher#. type: Content of: <varlistentry><listitem><para>
6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39Stephen Gallaghermsgid "Display help message and exit."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"default value as well as the lowest allowed value, 0xFFF0 is the most "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"verbose mode. This setting overrides the settings from config file."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Currently supported debug levels:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"SSSD from starting up or causes it to cease running."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"the SSSD, but one that indicates that at least one major feature is not "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"going to work properly."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"particular request or operation has failed."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"percolate down to cause the operation failure of 2."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<emphasis>0x0100</emphasis>: Configuration settings."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<emphasis>0x0200</emphasis>: Function data."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"may be interesting."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"To log required debug levels, simply add their numbers together as shown in "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"following examples:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"serious failures and function data use 0x0270."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"function data, trace messages for internal control functions use 0x1310."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: outside any tag (error?)
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis> This is an experimental feature, please use http://fedorahosted."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"org/sssd to report any issues. </emphasis>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "THE LOCAL DOMAIN"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"In order to function correctly, a domain with <quote>id_provider=local</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"quote> must be created and the SSSD must be running."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The administrator might want to use the SSSD local users instead of "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"traditional UNIX users in cases where the group nesting (see <citerefentry> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"citerefentry>) is needed. The local users are also useful for testing and "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"development of the SSSD without having to deploy a full remote server. The "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"local LDB storage to store users and groups."