pt.po revision 6463ed1dcdd45416468b3fa178bd856b5a9ed2c3
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# SOME DESCRIPTIVE TITLE
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# Copyright (C) YEAR Red Hat
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# This file is distributed under the same license as the sssd-docs package.
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher# Miguel Sousa <migueljorgesousa@sapo.pt>, 2011.
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Project-Id-Version: SSSD\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"POT-Creation-Date: 2013-04-02 18:27+0300\n"
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"PO-Revision-Date: 2012-10-05 17:53+0000\n"
7797e361155f7ce937085fd98e360469d7baf1b6Jakub Hrozek"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Language-Team: Portuguese <trans-pt@lists.fedoraproject.org>\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Language: pt\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"MIME-Version: 1.0\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Content-Type: text/plain; charset=UTF-8\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Content-Transfer-Encoding: 8bit\n"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"Plural-Forms: nplurals=2; plural=(n != 1);\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "SSSD Manual pages"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Páginas de Manual de SSSD"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_groupmod"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "sss_groupmod"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refmeta><manvolnum>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "modify a group"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "modificar um grupo"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>Opções</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"replaceable></arg> <arg choice='plain'> <replaceable>grupo</replaceable></"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "DESCRIPTION"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "DESCRIÇÃO"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupmod</command> modifies the group to reflect the changes "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"that are specified on the command line."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<command>sss_groupmod</command> modifica o grupo para refletir as alterações "
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"que são especificadas na linha de comando."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
ea929f1b022fc2cb77dec89b0e12accef983ec85Jakub Hrozek#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "OPTIONS"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Opções"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Append this group to groups specified by the <replaceable>GROUPS</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"a comma separated list of group names."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"Acrescente este grupo para grupos especificados pelo parâmetro de "
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<replaceable>GROUPS</replaceable>. O parâmetro de <replaceable>GROUPS</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"replaceable> é uma lista separada por vírgulas de nomes de grupo."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Remove this group from groups specified by the <replaceable>GROUPS</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> parameter."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"Remova este grupo de grupos especificados pelo parâmetro de "
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<replaceable>GROUPS</replaceable>."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refmeta><manvolnum>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "File Formats and Conventions"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Formatos de ficheiros e convenções"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "the configuration file for SSSD"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "o ficheiro de configuração para SSSD"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "FILE FORMAT"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "FORMATAR FICHEIRO"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" <replaceable>[section]</replaceable>\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher" <replaceable>[section]</replaceable>\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher" <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher" <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The file has an ini-style syntax and consists of sections and parameters. A "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"section begins with the name of the section in square brackets and continues "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"until the next section begins. An example of section with single and multi-"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The data types used are string (no quotes needed), integer and bool (with "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"values of <quote>TRUE/FALSE</quote>)."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"Os tipos de dados usados são cadeia de caracteres (sem aspas necessárias), "
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"inteiro e bool (com valores de <quote>TRUE/FALSE</quote>)."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"(<quote>;</quote>). Inline comments are not supported."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"All sections can have an optional <replaceable>description</replaceable> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"parameter. Its function is only as a label for the section."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"Todas as seções podem ter um parâmetro opcional <replaceable>description</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"replaceable>. Sua função é apenas como um rótulo para a secção."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<filename>sssd.conf</filename> must be a regular file, owned by root and "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"only root may read from or write to the file."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<filename>sssd.conf</filename> deve ser um ficheiro regular, pertencente a "
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"raiz e somente raiz pode ler ou gravar o arquivo."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "SPECIAL SECTIONS"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "SECÇÕES ESPECIAIS"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The [sssd] section"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "A seção [SSSD]"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Section parameters"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Parâmetros de secção"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "config_file_version (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "config_file_version (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"Indica qual é a sintaxe do arquivo config. SSSD 0.6.0 e posterior utilização "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "services"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "serviços"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Comma separated list of services that are started when sssd itself starts."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"Lista de serviços que são iniciados quando SSSD propriamente dito começa "
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"separados por vírgulas."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "reconnection_retries (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "reconnection_retries (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Number of times services should attempt to reconnect in the event of a Data "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Provider crash or restart before they give up"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"Número de vezes que os serviços devem tentar reconectar-se no caso de uma "
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"falha do provedor de dados ou reiniciar antes de eles desistirem"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 3"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: 3"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "domains"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "domínios"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"A domain is a database containing user information. SSSD can use more "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"domains at the same time, but at least one must be configured or SSSD won't "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"start. This parameter described the list of domains in the order you want "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"them to be queried."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"Um domínio é uma base de dados contendo informações sobre o utilizador. SSSD "
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"pode usar mais domínios ao mesmo tempo, mas pelo menos uma deve ser "
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"configurada ou o SSSD não será iniciado. Este parâmetro descreve a lista de "
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"domínios na ordem desejada."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "re_expression (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "re_expression (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Default regular expression that describes how to parse the string containing "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"user name and domain into these components."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"Each domain can have an individual regular expression configured. For some "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"ID providers there are also default regular expressions. See DOMAIN "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"SECTIONS for more info on these regular expressions."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "full_name_format (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "full_name_format (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"The default <citerefentry> <refentrytitle>printf</refentrytitle> "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"how to translate a (name, domain) tuple into a fully qualified name."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Each domain can have an individual format string configured. see DOMAIN "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"SECTIONS for more info on this option."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "try_inotify (boolean)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "try_inotify (boolean)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"SSSD monitors the state of resolv.conf to identify when it needs to update "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"its internal DNS resolver. By default, we will attempt to use inotify for "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"this, and will fall back to polling resolv.conf every five seconds if "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"inotify cannot be used."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"There are some limited situations where it is preferred that we should skip "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"even trying to use inotify. In these rare cases, this option should be set "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: true on platforms where inotify is supported. False on other "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Note: this option will have no effect on platforms where inotify is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"unavailable. On these platforms, polling will always be used."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_rcache_dir (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "krb5_rcache_dir (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Directory on the filesystem where SSSD should store Kerberos replay cache "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"SSSD to let libkrb5 decide the appropriate location for the replay cache."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: Distribution-specific and specified at build-time. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"(__LIBKRB5_DEFAULTS__ if not configured)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "default_domain_suffix (string)"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"This string will be used as a default domain name for all names without a "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"domain name component. The main use case is environments where the primary "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"domain is intended for managing host policies and all users are located in a "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"trusted domain. The option allows those users to log in just with their "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"user name without giving a domain name as well."
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"Please note that if this option is set all users from the primary domain "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"have to use their fully qualified name, e.g. user@domain.name, to log in."
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:225 sssd-ldap.5.xml:1336 sssd-ldap.5.xml:1348
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ldap.5.xml:1409 sssd-ldap.5.xml:2255 sssd-ldap.5.xml:2282
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#: sssd-krb5.5.xml:366 include/ldap_id_mapping.xml:145
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "Default: not set"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Individual pieces of SSSD functionality are provided by special SSSD "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"services that are started and stopped together with SSSD. The services are "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"managed by a special service frequently called <quote>monitor</quote>. The "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>[sssd]</quote> section is used to configure the monitor as well as "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"some other important options like the identity domains. <placeholder type="
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"\"variablelist\" id=\"0\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "SERVICES SECTIONS"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Settings that can be used to configure different services are described in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"section, for example, for NSS service, the section would be <quote>[nss]</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "General service configuration options"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "These options can be used to configure any service."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "debug_level (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "debug_timestamps (bool)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Add a timestamp to the debug messages"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:261 sssd.conf.5.xml:441 sssd.conf.5.xml:841
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ldap.5.xml:1482 sssd-ldap.5.xml:1608 sssd-ldap.5.xml:2043
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ldap.5.xml:2108 sssd-ldap.5.xml:2126 sssd-ipa.5.xml:264
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: true"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "debug_microseconds (bool)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "debug_microseconds (bool)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Add microseconds to the timestamp in debug messages"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:272 sssd.conf.5.xml:795 sssd.conf.5.xml:1683
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1377 sssd-ldap.5.xml:1396
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ldap.5.xml:1551 sssd-ldap.5.xml:1839 sssd-ipa.5.xml:129
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ipa.5.xml:376 sssd-krb5.5.xml:244 sssd-krb5.5.xml:278
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: false"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: false"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "timeout (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "timeout (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Timeout in seconds between heartbeats for this service. This is used to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ensure that the process is alive and capable of answering requests."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: 10"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "Padrão: 10"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "fd_limit"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"This option specifies the maximum number of file descriptors that may be "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"opened at one time by this SSSD process. On systems where SSSD is granted "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"systems without this capability, the resulting value will be the lower value "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"of this or the limits.conf \"hard\" limit."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: 8192 (or limits.conf \"hard\" limit)"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "client_idle_timeout"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"This option specifies the number of seconds that a client of an SSSD process "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"can hold onto a file descriptor without communicating on it. This value is "
7797e361155f7ce937085fd98e360469d7baf1b6Jakub Hrozek"limited in order to avoid resource exhaustion on the system."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:330 sssd.conf.5.xml:346 sssd.conf.5.xml:613
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:773 sssd.conf.5.xml:1005 sssd-ldap.5.xml:1099
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "Default: 60"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "Padrão: 60"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "force_timeout (integer)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"If a service is not responding to ping checks (see the <quote>timeout</"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"quote> option), it is first sent the SIGTERM signal that instructs it to "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"quit gracefully. If the service does not terminate after "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"by sending a SIGKILL signal."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "NSS configuration options"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"These options can be used to configure the Name Service Switch (NSS) service."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "enum_cache_timeout (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"How many seconds should nss_sss cache enumerations (requests for info about "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 120"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "entry_cache_nowait_percentage (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The entry cache can be set to automatically update entries in the background "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"if they are requested beyond a percentage of the entry_cache_timeout value "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"for the domain."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For example, if the domain's entry_cache_timeout is set to 30s and "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"after 15 seconds past the last cache update will be returned immediately, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"but the SSSD will go and update the cache on its own, so that future "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"requests will not need to block waiting for a cache update."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Valid values for this option are 0-99 and represent a percentage of the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"entry_cache_timeout for each domain. For performance reasons, this "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"percentage will never reduce the nowait timeout to less than 10 seconds. (0 "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"disables this feature)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 50"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: 50"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "entry_negative_timeout (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies for how many seconds nss_sss should cache negative cache hits "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"(that is, queries for invalid database entries, like nonexistent ones) "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"before asking the back end again."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 15"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "filter_users, filter_groups (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Exclude certain users from being fetched from the sss NSS database. This is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"particularly useful for system accounts. This option can also be set per-"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"domain or include fully-qualified names to filter only users from the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"particular domain."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: root"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "filter_users_in_groups (bool)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If you want filtered user still be group members set this option to false."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "override_homedir (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "override_homedir (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#: sssd.conf.5.xml:455 sssd-ad.5.xml:141 sssd-krb5.5.xml:169
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#: sssd.conf.5.xml:456 sssd-ad.5.xml:142 sssd-krb5.5.xml:170
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "login name"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "nome de login"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#: sssd.conf.5.xml:459 sssd-ad.5.xml:145 sssd-krb5.5.xml:173
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "UID number"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Número UID"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#: sssd.conf.5.xml:463 sssd-ad.5.xml:149 sssd-krb5.5.xml:191
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "domain name"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "nome de domínio"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "fully qualified user name (user@domain)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "nome totalmente qualificado do utilizador (utilizador@domínio)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "The original home directory retrieved from the identity provider."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:478 sssd-ad.5.xml:157 sssd-krb5.5.xml:203
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:479 sssd-ad.5.xml:158 sssd-krb5.5.xml:204
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "a literal '%'"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "um literal '%'"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Override the user's home directory. You can either provide an absolute value "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"or a template. In the template, the following sequences are substituted: "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<placeholder type=\"variablelist\" id=\"0\"/>"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "This option can also be set per-domain."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:490 sssd.conf.5.xml:514 sssd-ad.5.xml:169
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"override_homedir = /home/%u\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:488 sssd.conf.5.xml:512 sssd-ad.5.xml:167 sssd-ad.5.xml:191
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "fallback_homedir (string)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Set a default template for a user's home directory if one is not specified "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"explicitly by the domain's data provider."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The available values for this option are the same as for override_homedir."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: not set (no substitution for unset home directories)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "override_shell (string)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"Override the login shell for all users. This option can be specified "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"globally in the [nss] section or per-domain."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "Default: not set (SSSD will use the value retrieved from LDAP)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "allowed_shells (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "allowed_shells (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Restrict user shell to one of the listed values. The order of evaluation is:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"quote>, use the value of the shell_fallback parameter."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"shells</quote>, a nologin shell is used."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "An empty string for shell is passed as-is to libc."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"that a restart of the SSSD is required in case a new shell is installed."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: Not set. The user shell is automatically used."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "vetoed_shells (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "vetoed_shells (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Replace any instance of these shells with the shell_fallback"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "shell_fallback (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "shell_fallback (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The default shell to use if an allowed shell is not installed on the machine."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: /bin/sh"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: /bin/sh"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "default_shell"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The default shell to use if the provider does not return one during lookup. "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"This option supersedes any other shell options if it takes effect and can be "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"set either in the [nss] section or per-domain."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Default: not set (Return NULL if no shell is specified and rely on libc to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"substitute something sensible when necessary, usually /bin/sh)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "get_domains_timeout (int)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specifies time in seconds for which the list of subdomains will be "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"considered valid."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "memcache_timeout (int)"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Specifies time in seconds for which records in the in-memory cache will be "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "Default: 300"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgstr "Padrão: 300"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "PAM configuration options"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"These options can be used to configure the Pluggable Authentication Module "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"(PAM) service."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "offline_credentials_expiration (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If the authentication provider is offline, how long should we allow cached "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"logins (in days since the last successful online login)."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 0 (No limit)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "offline_failed_login_attempts (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If the authentication provider is offline, how many failed login attempts "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "offline_failed_login_delay (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The time in minutes which has to pass after offline_failed_login_attempts "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"has been reached before a new login attempt is possible."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If set to 0 the user cannot authenticate offline if "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"offline_failed_login_attempts has been reached. Only a successful online "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"authentication can enable offline authentication again."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:680 sssd.conf.5.xml:733 sssd.conf.5.xml:1630
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 5"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "pam_verbosity (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Controls what kind of messages are shown to the user during authentication. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The higher the number to more messages are displayed."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Currently sssd supports the following values:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>0</emphasis>: do not show any message"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>1</emphasis>: show only important messages"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>2</emphasis>: show informational messages"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>3</emphasis>: show all messages and debug information"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 1"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: 1"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "pam_id_timeout (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "pam_id_timeout (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For any PAM request while SSSD is online, the SSSD will attempt to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"immediately update the cached identity information for the user in order to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"ensure that authentication takes place with the latest information."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"A complete PAM conversation may perform multiple PAM requests, such as "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"account management and session opening. This option controls (on a per-"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"client-application basis) how long (in seconds) we can cache the identity "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"information to avoid excessive round-trips to the identity provider."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "pam_pwd_expiration_warning (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "pam_pwd_expiration_warning (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Display a warning N days before the password expires."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that the backend server has to provide information about the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"expiration time of the password. If this information is missing, sssd "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"cannot display a warning."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"If zero is set, then this filter is not applied, i.e. if the expiration "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"warning was received from backend server, it will automatically be displayed."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"emphasis> for a particular domain."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: 0"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "SUDO configuration options"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "These options can be used to configure the sudo service."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "sudo_timed (bool)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"that implement time-dependent sudoers entries."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "AUTOFS configuration options"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "These options can be used to configure the autofs service."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "autofs_negative_timeout (integer)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Specifies for how many seconds should the autofs responder negative cache "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"hits (that is, queries for invalid map entries, like nonexistent ones) "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"before asking the back end again."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "SSH configuration options"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "These options can be used to configure the SSH service."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ssh_hash_known_hosts (bool)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
45db68ae27147955a4be4c2c772041824c0dc00fStephen Gallagher"Whether or not to hash host names and addresses in the managed known_hosts "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "ssh_known_hosts_timeout (integer)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"How many seconds to keep a host in the managed known_hosts file after its "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"host keys were requested."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "Default: 180"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "PAC responder configuration options"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"The PAC responder works together with the authorization data plugin for MIT "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"provider collects domain SID and ID ranges of the domain the client is "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"joined to and of remote trusted domains from the local domain controller. "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"If the PAC is decoded and evaluated some of the following operations are "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"If the remote user does not exist in the cache, it is created. The uid is "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"calculated based on the SID, trusted domains will have UPGs and the gid will "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"have the same value as the uid. The home directory is set based on the "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"subdomain_homedir parameter. The shell will be empty by default, i.e. the "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"system defaults are used, but can be overwritten with the default_shell "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"If there are SIDs of groups from the domain the sssd client belongs to, the "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"user will be added to those groups."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "These options can be used to configure the PAC responder."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "allowed_uids (string)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"Specifies the comma-separated list of UID values or user names that are "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"allowed to access the PAC responder. User names are resolved to UIDs at "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "Default: 0 (only the root user is allowed to access the PAC responder)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"Please note that although the UID 0 is used as the default it will be "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"overwritten with this option. If you still want to allow the root user to "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"access the PAC responder, which would be the typical case, you have to add 0 "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"to the list of allowed UIDs as well."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "DOMAIN SECTIONS"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "SECÇÕES DE DOMÍNIO"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "min_id,max_id (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "min_id,max_id (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"UID and GID limits for the domain. If a domain contains an entry that is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"outside these limits, it is ignored."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For users, this affects the primary GID limit. The user will not be returned "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"to NSS if either the UID or the primary GID is outside the range. For non-"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"primary group memberships, those that are in range will be reported as "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 1 for min_id, 0 (no limit) for max_id"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "enumerate (bool)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "enumerate (bool)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Determines if a domain can be enumerated. This parameter can have one of the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"following values:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "TRUE = Users and groups are enumerated"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "FALSE = No enumerations for this domain"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:958 sssd.conf.5.xml:1114 sssd.conf.5.xml:1216
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: FALSE"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: FALSE"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Note: Enabling enumeration has a moderate performance impact on SSSD while "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"enumeration is running. It may take up to several minutes after SSSD startup "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"to fully complete enumerations. During this time, individual requests for "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"information will go directly to LDAP, though it may be slow, due to the "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"heavy enumeration processing. Saving a large number of entries to cache "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"after the enumeration completes might also be CPU intensive as the "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"memberships have to be recomputed."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"While the first enumeration is running, requests for the complete user or "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"group lists may return no results until it completes."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Further, enabling enumeration may increase the time necessary to detect "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"network disconnection, as longer timeouts are required to ensure that "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"enumeration lookups are completed successfully. For more information, refer "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"to the man pages for the specific id_provider in use."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"For the reasons cited above, enabling enumeration is not recommended, "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"especially in large environments."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "entry_cache_timeout (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "entry_cache_timeout (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"How many seconds should nss_sss consider entries valid before asking the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"backend again"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 5400"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: 5400"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "entry_cache_user_timeout (integer)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"How many seconds should nss_sss consider user entries valid before asking "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the backend again"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:1031 sssd.conf.5.xml:1044 sssd.conf.5.xml:1057
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:1070 sssd.conf.5.xml:1083 sssd.conf.5.xml:1097
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: entry_cache_timeout"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "entry_cache_group_timeout (integer)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"How many seconds should nss_sss consider group entries valid before asking "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the backend again"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "entry_cache_netgroup_timeout (integer)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"How many seconds should nss_sss consider netgroup entries valid before "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"asking the backend again"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "entry_cache_service_timeout (integer)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"How many seconds should nss_sss consider service entries valid before asking "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the backend again"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "entry_cache_sudo_timeout (integer)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"How many seconds should sudo consider rules valid before asking the backend "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgid "entry_cache_autofs_timeout (integer)"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"How many seconds should the autofs service consider automounter maps valid "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"before asking the backend again"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "cache_credentials (bool)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "cache_credentials (bool)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Determines if user credentials are also cached in the local LDB cache"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "User credentials are stored in a SHA512 hash, not in plaintext"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "account_cache_expiration (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "account_cache_expiration (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Number of days entries are left in cache after last successful login before "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"being removed during a cleanup of the cache. 0 means keep forever. The "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"value of this parameter must be greater than or equal to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"offline_credentials_expiration."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 0 (unlimited)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: 0 (ilimitado)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "pwd_expiration_warning (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Please note that the backend server has to provide information about the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"expiration time of the password. If this information is missing, sssd "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"cannot display a warning. Also an auth provider has to be configured for the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: 7 (Kerberos), 0 (LDAP)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "id_provider (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "id_provider (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The identification provider used for the domain. Supported ID providers are:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "<quote>proxy</quote>: Support a legacy NSS provider"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "<quote>local</quote>: SSSD internal provider for local users"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"information on configuring LDAP."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:1180 sssd.conf.5.xml:1259 sssd.conf.5.xml:1310
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:1189 sssd.conf.5.xml:1268 sssd.conf.5.xml:1319
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"citerefentry> for more information on configuring Active Directory."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "use_fully_qualified_names (bool)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "use_fully_qualified_names (bool)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Use the full name and domain (as formatted by the domain's full_name_format) "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"as the user's login name reported to NSS."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If set to TRUE, all requests to this domain must use fully qualified names. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For example, if used in LOCAL domain that contains a \"test\" user, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>getent passwd test</command> wouldn't find the user while "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>getent passwd test@LOCAL</command> would."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#| msgid "ipa_netgroup_member_host (string)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "ignore_group_members (bool)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "ipa_netgroup_member_host (string)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "Do not return group members for group lookups."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"If set to TRUE, the group membership attribute is not requested from the "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"ldap server, and group members are not returned when processing group lookup "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "auth_provider (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "auth_provider (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The authentication provider used for the domain. Supported auth providers "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry> for more information on configuring LDAP."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry> for more information on configuring Kerberos."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>proxy</quote> for relaying authentication to some other PAM target."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<quote>none</quote> disables authentication explicitly."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: <quote>id_provider</quote> is used if it is set and can handle "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"authentication requests."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "access_provider (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "access_provider (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The access control provider used for the domain. There are two built-in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"access providers (in addition to any included in installed backends) "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Internal special providers are:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>permit</quote> always allow access. It's the only permitted access "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"provider for a local domain."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<quote>deny</quote> always deny access."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>simple</quote> access control based on access or deny lists. See "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum></citerefentry> for more information on configuring the simple "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"access module."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: <quote>permit</quote>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "chpass_provider (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The provider which should handle change password operations for the domain. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Supported change password providers are:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>ldap</quote> to change a password stored in a LDAP server. See "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry> for more information on configuring LDAP."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry> for more information on configuring Kerberos."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>proxy</quote> for relaying password changes to some other PAM target."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<quote>none</quote> disallows password changes explicitly."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: <quote>auth_provider</quote> is used if it is set and can handle "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"change password requests."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "sudo_provider (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The SUDO provider used for the domain. Supported SUDO providers are:"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"citerefentry> for more information on configuring LDAP."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "<quote>none</quote> disables SUDO explicitly."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:1411 sssd.conf.5.xml:1465 sssd.conf.5.xml:1497
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: The value of <quote>id_provider</quote> is used if it is set."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "selinux_provider (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The provider which should handle loading of selinux settings. Note that this "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"provider will be called right after access provider ends. Supported selinux "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"providers are:"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<quote>ipa</quote> to load selinux settings from an IPA server. See "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"manvolnum> </citerefentry> for more information on configuring IPA."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "<quote>none</quote> disallows fetching selinux settings explicitly."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Default: <quote>id_provider</quote> is used if it is set and can handle "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"selinux loading requests."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "subdomains_provider (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"The provider which should handle fetching of subdomains. This value should "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"be always the same as id_provider. Supported subdomain providers are:"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"manvolnum> </citerefentry> for more information on configuring IPA."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "<quote>none</quote> disallows fetching subdomains explicitly."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "autofs_provider (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The autofs provider used for the domain. Supported autofs providers are:"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"citerefentry> for more information on configuring LDAP."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"citerefentry> for more information on configuring IPA."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "<quote>none</quote> disables autofs explicitly."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "hostid_provider (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The provider used for retrieving host identity information. Supported "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"hostid providers are:"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>ipa</quote> to load host identity stored in an IPA server. See "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"manvolnum> </citerefentry> for more information on configuring IPA."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "<quote>none</quote> disables hostid explicitly."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Regular expression for this domain that describes how to parse the string "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"containing user name and domain into these components."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"P<name>[^@\\\\]+)$))</quote> which allows three different styles for "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"user names:"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "username"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "username@domain.name"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "domain\\username"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"While the first two correspond to the general default the third one is "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"introduced to allow easy integration of users from Windows domains."
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"which translates to \"the name is everything up to the <quote>@</quote> "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"sign, the domain everything after that\""
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"PLEASE NOTE: the support for non-unique named subpatterns is not available "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"version 7 or higher can support non-unique named subpatterns."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"P<name>) to label subpatterns."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"manvolnum> </citerefentry>-compatible format that describes how to translate "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"a (name, domain) tuple for this domain into a fully qualified name."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "Default: <quote>%1$s@%2$s</quote>."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgstr "Default: <quote>%1$s@%2$s</quote>."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "lookup_family_order (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Provides the ability to select preferred address family to use when "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"performing DNS lookups."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Supported values:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: ipv4_first"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Default: ipv4_first"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "dns_resolver_timeout (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "dns_resolver_timeout (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Defines the amount of time (in seconds) to wait for a reply from the DNS "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"resolver before assuming that it is unreachable. If this timeout is reached, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the domain will continue to operate in offline mode."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "dns_discovery_domain (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "dns_discovery_domain (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If service discovery is used in the back end, specifies the domain part of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the service discovery DNS query."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: Use the domain part of machine's hostname"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "override_gid (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "override_gid (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Override the primary GID value with the one specified."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "case_sensitive (boolean)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "case_sensitive (boolean)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"Treat user and group names as case sensitive. At the moment, this option is "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"not supported in the local provider."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: True"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: TRUE"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "proxy_fast_alias (boolean)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"When a user or group is looked up by name in the proxy provider, a second "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"lookup by ID is performed to \"canonicalize\" the name in case the requested "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"name was an alias. Setting this option to true would cause the SSSD to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"perform the ID lookup from cache for performance reasons."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "subdomain_homedir (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Use this homedir as default value for all subdomains within this domain. See "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<emphasis>override_homedir</emphasis> for info about possible values."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The value can be overridden by <emphasis>override_homedir</emphasis> option."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "Default: <filename>/home/%d/%u</filename>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"These configuration options can be present in a domain configuration "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "proxy_pam_target (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "proxy_pam_target (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The proxy target PAM proxies to."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: not set by default, you have to take an existing pam configuration "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"or create a new one and add the service name here."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "proxy_lib_name (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "proxy_lib_name (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The name of the NSS library to use in proxy domains. The NSS functions "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"searched for in the library are in the form of _nss_$(libName)_$(function), "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"for example _nss_files_getpwent."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The local domain section"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "A secção de domínio local"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This section contains settings for domain that stores users and groups in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"SSSD native database, that is, a domain that uses "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>id_provider=local</replaceable>."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "default_shell (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "default_shell (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The default shell for users created with SSSD userspace tools."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: <filename>/bin/bash</filename>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: <filename>bash/bin/bash</filename>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "base_directory (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "base_directory (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The tools append the login name to <replaceable>base_directory</replaceable> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"and use that as the home directory."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: <filename>/home</filename>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: <filename>/ home</filename>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "create_homedir (bool)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "create_homedir (bool)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Indicate if a home directory should be created by default for new users. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Can be overridden on command line."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: TRUE"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: TRUE"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "remove_homedir (bool)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "remove_homedir (bool)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Indicate if a home directory should be removed by default for deleted "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"users. Can be overridden on command line."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "homedir_umask (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "homedir_umask (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"on a newly created home directory."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 077"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: 077"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "skel_dir (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "skel_dir (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The skeleton directory, which contains files and directories to be copied in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the user's home directory, when the home directory is created by "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: <filename>/etc/skel</filename>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: <filename>skel/etc/skel</filename>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "mail_dir (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "mail_dir (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The mail spool directory. This is needed to manipulate the mailbox when its "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"corresponding user account is modified or deleted. If not specified, a "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"default value is used."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: <filename>/var/mail</filename>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: <filename>mail/var/mail</filename>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "userdel_cmd (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "userdel_cmd (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The command that is run after a user is removed. The command us passed the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"username of the user being removed as the first and only parameter. The "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"return code of the command is not taken into account."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: None, no command is run"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: None, nenhum comando é executado"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd.conf.5.xml:1868 sssd-ldap.5.xml:2308 sssd-simple.5.xml:131
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ipa.5.xml:643 sssd-ad.5.xml:229 sssd-krb5.5.xml:441
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "EXAMPLE"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "EXEMPLO"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"domains = LDAP\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"services = nss, pam\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"config_file_version = 2\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"filter_groups = root\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"filter_users = root\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"id_provider = ldap\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"ldap_uri = ldap://ldap.example.com\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"ldap_search_base = dc=example,dc=com\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"auth_provider = krb5\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"krb5_realm = EXAMPLE.COM\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"cache_credentials = true\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"min_id = 10000\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"max_id = 20000\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"enumerate = False\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"domains = LDAP\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"services = nss, pam\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"config_file_version = 2\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"filter_groups = root\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"filter_users = root\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"id_provider = ldap\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"ldap_uri = ldap://ldap.example.com\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"ldap_search_base = dc=example,dc=com\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"auth_provider = krb5\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"krb5_realm = EXAMPLE.COM\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"cache_credentials = true\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"min_id = 10000\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"max_id = 20000\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"enumerate = False\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The following example shows a typical SSSD config. It does not describe "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"configuration of the domains themselves - refer to documentation on "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"configuring domains for more details. <placeholder type=\"programlisting\" "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sssd-ldap"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "sssd-ldap"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This manual page describes the configuration of LDAP domains for "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry> manual page for detailed syntax information."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "You can configure SSSD to use more than one LDAP domain."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"LDAP back end supports id, auth, access and chpass providers. If you want to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"over an unencrypted channel. If the LDAP server is used only as an identity "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"provider, an encrypted channel is not needed. Please refer to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>ldap_access_filter</quote> config option for more information about "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"using LDAP as an access provider."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:75
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "CONFIGURATION OPTIONS"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "OPÇÕES DE CONFIGURAÇÃO"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "ldap_uri, ldap_backup_uri (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"should connect in the order of preference. Refer to the <quote>FAILOVER</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"quote> section for more information on failover and server redundancy. If "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"neither option is specified, service discovery is enabled. For more "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The format of the URI must match the format defined in RFC 2732:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap[s]://<host>[:port]"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap[s]://<host>[:port]"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For explicit IPv6 addresses, <host> must be enclosed in brackets []"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "example: ldap://[fc00::126:25]:389"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"should connect in the order of preference to change the password of a user. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Refer to the <quote>FAILOVER</quote> section for more information on "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"failover and server redundancy."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "To enable service discovery ldap_chpass_dns_service_name must be set."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: empty, i.e. ldap_uri is used."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: empty, ou seja, ldap_uri é usado."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_search_base (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_search_base (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The default base DN to use for performing LDAP user operations."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallaghermsgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallaghermsgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"The filter must be a valid LDAP search filter as specified by http://www."
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallaghermsgid "Examples:"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Exemplos:"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"ldap_search_base = dc=example,dc=com (which is equivalent to) "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"ldap_search_base = dc=example,dc=com?subtree?"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"ldap_search_base = dc=example,dc=com (which is equivalent to) "
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"ldap_search_base = dc=example,dc=com?subtree?"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"(host=thishost)?dc=example.com?subtree?"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"(host=thishost)?dc=example.com?subtree?"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"Note: It is unsupported to have multiple search bases which reference "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"identically-named objects (for example, groups with the same name in two "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"different search bases). This will lead to unpredictable behavior on client "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"Default: If not set, the value of the defaultNamingContext or namingContexts "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"attribute from the RootDSE of the LDAP server is used. If "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"defaultNamingContext does not exist or has an empty value namingContexts is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"used. The namingContexts attribute must have a single value with the DN of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the search base of the LDAP server to make this work. Multiple values are "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"are not supported."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_schema (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the Schema Type in use on the target LDAP server. Depending on "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the selected schema, the default attribute names retrieved from the servers "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"may vary. The way that some attributes are handled may also differ."
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "Four schema types are currently supported:"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "rfc2307"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "rfc2307bis"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"The main difference between these schema types is how group memberships are "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"recorded in the server. With rfc2307, group members are listed by name in "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"group members are listed by DN and stored in the <emphasis>member</emphasis> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"attribute. The AD schema type sets the attributes to correspond with Active "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Directory 2008r2 values."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: rfc2307"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_default_bind_dn (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The default bind DN to use for performing LDAP operations."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_default_authtok_type (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The type of the authentication token of the default bind DN."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The two mechanisms currently supported are:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "password"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "obfuscated_password"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: password"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_default_authtok (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The authentication token of the default bind DN. Only clear text passwords "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"are currently supported."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_object_class (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The object class of a user entry in LDAP."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: posixAccount"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_name (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the user's login name."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: uid"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_uid_number (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the user's id."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: uidNumber"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_gid_number (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the user's primary group id."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: gidNumber"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_gecos (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the user's gecos field."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: gecos"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_home_directory (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that contains the name of the user's home directory."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: homeDirectory"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: homeDirectory"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_shell (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_shell (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that contains the path to the user's default shell."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: loginShell"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: diret"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_uuid (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_uuid (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:804 sssd-ldap.5.xml:990
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: nsUniqueId"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: nsUniqueId"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_user_objectsid (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The LDAP attribute that contains the objectSID of an LDAP user object. This "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"is usually only necessary for ActiveDirectory servers."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: objectSid for ActiveDirectory, not set for other servers."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_modify_timestamp (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_modify_timestamp (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:828 sssd-ldap.5.xml:999
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The LDAP attribute that contains timestamp of the last modification of the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"parent object."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:832 sssd-ldap.5.xml:1006
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: modifyTimestamp"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: modifyTimestamp"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_shadow_last_change (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_shadow_last_change (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the last password change)."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: shadowLastChange"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: shadowLastChange"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_shadow_min (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_shadow_min (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"password age)."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: shadowMin"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: shadowMin"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_shadow_max (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_shadow_max (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"password age)."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: shadowMax"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: shadowMax"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_shadow_warning (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_shadow_warning (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"(password warning period)."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: shadowWarning"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: shadowWarning"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_shadow_inactive (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_shadow_inactive (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"(password inactivity period)."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: shadowInactive"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: shadowInactive"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_shadow_expire (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_shadow_expire (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"parameter contains the name of an LDAP attribute corresponding to its "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry> counterpart (account expiration date)."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: shadowExpire"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: shadowExpire"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_krb_last_pwd_change (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_krb_last_pwd_change (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"an LDAP attribute storing the date and time of last password change in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: krbLastPwdChange"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: krbLastPwdChange"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_krb_password_expiration (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_krb_password_expiration (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"an LDAP attribute storing the date and time when current password expires."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: krbPasswordExpiration"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: krbPasswordExpiration"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_ad_account_expires (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_account_expire_policy=ad, this parameter contains the name "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"of an LDAP attribute storing the expiration time of the account."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: accountExpires"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_ad_user_account_control (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_account_expire_policy=ad, this parameter contains the name "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"of an LDAP attribute storing the user account control bit field."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: userAccountControl"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_ns_account_lock (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"determines if access is allowed or not."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: nsAccountLock"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_nds_login_disabled (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_account_expire_policy=nds, this attribute determines if "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"access is allowed or not."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: loginDisabled"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_nds_login_expiration_time (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_account_expire_policy=nds, this attribute determines until "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"which date access is granted."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_nds_login_allowed_time_map (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_account_expire_policy=nds, this attribute determines the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"hours of a day in a week when access is granted."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: loginAllowedTimeMap"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_principal (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_principal (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The LDAP attribute that contains the user's Kerberos User Principal Name "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: krbPrincipalName"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: krbPrincipalName"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_user_ssh_public_key (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains the user's SSH public keys."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_force_upper_case_realm (boolean)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_force_upper_case_realm (boolean)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Some directory servers, for example Active Directory, might deliver the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"realm part of the UPN in lower case, which might cause the authentication to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"fail. Set this option to a non-zero value if you want to use an upper-case "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_enumeration_refresh_timeout (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_enumeration_refresh_timeout (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallagher"Specifies how many seconds SSSD has to wait before refreshing its cache of "
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallagher"enumerated records."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallaghermsgid "ldap_purge_cache_timeout (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Determine how often to check the cache for inactive entries (such as groups "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"with no members and users who have never logged in) and remove them to save "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Setting this option to zero will disable the cache cleanup operation."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 10800 (12 hours)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: 10800 (12 horas)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_fullname (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_fullname (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the user's full name."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:765 sssd-ldap.5.xml:940
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ldap.5.xml:1031 sssd-ldap.5.xml:1872 sssd-ldap.5.xml:2198
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: cn"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: NC"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_member_of (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that lists the user's group memberships."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: memberOf"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_authorized_service (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"use the presence of the authorizedService attribute in the user's LDAP entry "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"to determine access privilege."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"explicit allow (svc) and finally for allow_all (*)."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: authorizedService"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_authorized_host (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_authorized_host (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"presence of the host attribute in the user's LDAP entry to determine access "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"An explicit deny (!host) is resolved first. Second, SSSD searches for "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"explicit allow (host) and finally for allow_all (*)."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: host"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: host"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_object_class (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The object class of a group entry in LDAP."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: posixGroup"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_name (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the group name."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_gid_number (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the group's id."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_member (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that contains the names of the group's members."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_uuid (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_group_objectsid (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The LDAP attribute that contains the objectSID of an LDAP group object. This "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"is usually only necessary for ActiveDirectory servers."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_modify_timestamp (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_nesting_level (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If ldap_schema is set to a schema format that supports nested groups (e.g. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"RFC2307bis), then this option controls how many levels of nesting SSSD will "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"follow. This option has no effect on the RFC2307 schema."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 2"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "ldap_groups_use_matching_rule_in_chain"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"This option tells SSSD to take advantage of an Active Directory-specific "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"feature which may speed up group lookup operations on deployments with "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"complex or deep nested groups."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"In most common cases, it is best to leave this option disabled. It generally "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"only provides a performance increase on very complex nestings."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"If this option is enabled, SSSD will use it if it detects that the server "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"supports it during initial connection. So \"True\" here essentially means "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"\"auto-detect\"."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Note: This feature is currently known to work only with Active Directory "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"for more details."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#: sssd-ldap.5.xml:880 sssd-ldap.5.xml:907 sssd-ldap.5.xml:1198
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ldap.5.xml:1650 include/ldap_id_mapping.xml:184
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "Default: False"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "ldap_initgroups_use_matching_rule_in_chain"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"This option tells SSSD to take advantage of an Active Directory-specific "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"feature which might speed up initgroups operations (most notably when "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"dealing with complex or deep nested groups)."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "ldap_netgroup_object_class (string)"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The object class of a netgroup entry in LDAP."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "In IPA provider, ipa_netgroup_object_class should be used instead."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: nisNetgroup"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_netgroup_name (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the netgroup name."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "In IPA provider, ipa_netgroup_name should be used instead."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_netgroup_member (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that contains the names of the netgroup's members."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "In IPA provider, ipa_netgroup_member should be used instead."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: memberNisNetgroup"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_netgroup_triple (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The LDAP attribute that contains the (host, user, domain) netgroup triples."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "This option is not available in IPA provider."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: nisNetgroupTriple"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: nisNetgroupTriple"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_netgroup_uuid (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_netgroup_uuid (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "In IPA provider, ipa_netgroup_uuid should be used instead."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_netgroup_modify_timestamp (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_netgroup_modify_timestamp (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_service_object_class (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The object class of a service entry in LDAP."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipService"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_service_name (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that contains the name of service attributes and their "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_service_port (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains the port managed by this service."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipServicePort"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_service_proto (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that contains the protocols understood by this service."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipServiceProtocol"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_service_search_base (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_search_timeout (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_search_timeout (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the timeout (in seconds) that ldap searches are allowed to run "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"before they are cancelled and cached results are returned (and offline mode "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Note: this option is subject to change in future versions of the SSSD. It "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"will likely be replaced at some point by a series of timeouts for specific "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"lookup types."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1140
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 6"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: 6"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_enumeration_search_timeout (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the timeout (in seconds) that ldap searches for user and group "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"enumerations are allowed to run before they are cancelled and cached results "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"are returned (and offline mode is entered)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_network_timeout (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_network_timeout (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the timeout (in seconds) after which the <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry> following a <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry> returns in case of no activity."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_opt_timeout (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_opt_timeout (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"will abort if no response is received. Also controls the timeout when "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"communicating with the KDC in case of SASL bind."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ldap_connection_expire_timeout (integer)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"maintained. After this time, the connection will be re-established. If used "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"the TGT lifetime) will be used."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: 900 (15 minutes)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_page_size (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_page_size (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specify the number of records to retrieve from LDAP in a single request. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Some LDAP servers enforce a maximum limit per-request."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 1000"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: 1000"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_disable_paging (boolean)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Disable the LDAP paging control. This option should be used if the LDAP "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"server reports that it supports the LDAP paging control in its RootDSE but "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"it is not enabled or does not behave properly."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Example: OpenLDAP servers with the paging control module installed on the "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"server but not enabled will report it in the RootDSE but be unable to use it."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Example: 389 DS has a bug where it can only support a one paging control at "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"a time on a single connection. On busy clients, this can result in some "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"requests being denied."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_sasl_minssf (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"When communicating with an LDAP server using SASL, specify the minimum "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"security level necessary to establish the connection. The values of this "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"option are defined by OpenLDAP."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: Use the system default (usually specified by ldap.conf)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_deref_threshold (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specify the number of group members that must be missing from the internal "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"cache in order to trigger a dereference lookup. If less members are missing, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"they are looked up individually."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"You can turn off dereference lookups completely by setting the value to 0."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"A dereference lookup is a means of fetching all group members in a single "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"LDAP call. Different LDAP servers may implement different dereference "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"filter, then the dereference lookup performance enhancement will be disabled "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"regardless of this setting."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_tls_reqcert (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_tls_reqcert (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies what checks to perform on server certificates in a TLS session, if "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"any. It can be specified as one of the following values:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>never</emphasis> = The client will not request or check any server "
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<emphasis>never</emphasis> = O cliente não irá solicitar ou verificar "
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"qualquer certificado de servidor."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>allow</emphasis> = The server certificate is requested. If no "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"certificate is provided, the session proceeds normally. If a bad certificate "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"is provided, it will be ignored and the session proceeds normally."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>try</emphasis> = The server certificate is requested. If no "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"certificate is provided, the session proceeds normally. If a bad certificate "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"is provided, the session is immediately terminated."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>demand</emphasis> = The server certificate is requested. If no "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"certificate is provided, or a bad certificate is provided, the session is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"immediately terminated."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: hard"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: hard"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_tls_cacert (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_tls_cacert (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the file that contains certificates for all of the Certificate "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Authorities that <command>sssd</command> will recognize."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#: sssd-ldap.5.xml:1304 sssd-ldap.5.xml:1322 sssd-ldap.5.xml:1363
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"conf</filename>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_tls_cacertdir (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_tls_cacertdir (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the path of a directory that contains Certificate Authority "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"certificates in separate individual files. Typically the file names need to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"be the hash of the certificate followed by '.0'. If available, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>cacertdir_rehash</command> can be used to create the correct names."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_tls_cert (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specifies the file that contains the certificate for the client's key."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_tls_key (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specifies the file that contains the client's key."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_tls_cipher_suite (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies acceptable cipher suites. Typically this is a colon sperated "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<manvolnum>5</manvolnum></citerefentry> for format."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_id_use_start_tls (boolean)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_id_use_start_tls (boolean)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies that the id_provider connection must also use <systemitem class="
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"\"protocol\">tls</systemitem> to protect the channel."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_id_mapping (boolean)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specifies that SSSD should attempt to map user and group IDs from the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"on ldap_user_uid_number and ldap_group_gid_number."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Currently this feature supports only ActiveDirectory objectSID mapping."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_sasl_mech (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_sasl_mech (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_sasl_authid (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_sasl_authid (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specify the SASL authorization id to use. When GSSAPI is used, this "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"represents the Kerberos principal used for authentication to the directory. "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"This option can either contain the full principal (for example host/"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgid "Default: host/hostname@REALM"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#| msgid "ldap_sasl_mech (string)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "ldap_sasl_realm (string)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "ldap_sasl_mech (string)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"Specify the SASL realm to use. When not specified, this option defaults to "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"well, this option is ignored."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "Default: the value of krb5_realm."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_sasl_canonicalize (boolean)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_sasl_canonicalize (boolean)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If set to true, the LDAP library would perform a reverse lookup to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"canonicalize the host name during a SASL bind."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: false;"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: false;"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_krb5_keytab (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_krb5_keytab (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specify the keytab to use when using SASL/GSSAPI."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_krb5_init_creds (boolean)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_krb5_init_creds (boolean)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies that the id_provider should init Kerberos credentials (TGT). This "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"action is performed only if SASL is used and the mechanism selected is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_krb5_ticket_lifetime (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_krb5_ticket_lifetime (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 86400 (24 hours)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: 86400 (24 horas)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "krb5_server, krb5_backup_server (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the comma-separated list of IP addresses or hostnames of the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Kerberos servers to which SSSD should connect in the order of preference. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For more information on failover and server redundancy, see the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"colon) may be appended to the addresses or hostnames. If empty, service "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"discovery is enabled - for more information, refer to the <quote>SERVICE "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"DISCOVERY</quote> section."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using service discovery for KDC or kpasswd servers, SSSD first searches "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"none are found."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"While the legacy name is recognized for the time being, users are advised to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"migrate their config files to use <quote>krb5_server</quote> instead."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ldap.5.xml:1530 sssd-ipa.5.xml:274 sssd-krb5.5.xml:103
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_realm (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "krb5_realm (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ldap.5.xml:1542 sssd-ipa.5.xml:289 sssd-krb5.5.xml:418
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallaghermsgid "krb5_canonicalize (boolean)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "krb5_canonicalize (boolean)"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"Specifies if the host principal should be canonicalized when connecting to "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"LDAP server. This feature is available with MIT Kerberos >= 1.7"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_pwd_policy (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_pwd_policy (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Select the policy to evaluate the password expiration on the client side. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The following values are allowed:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>none</emphasis> - No evaluation on the client side. This option "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"cannot disable server-side password policies."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"evaluate if the password has expired."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"to determine if the password has expired. Use chpass_provider=krb5 to update "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"these attributes when the password is changed."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "Default: none"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "Padrão: none"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_referrals (boolean)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specifies whether automatic referral chasing should be enabled."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that sssd only supports referral chasing when it is compiled "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"with OpenLDAP version 2.4.13 or higher."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Chasing referrals may incur a performance penalty in environments that use "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"them heavily, a notable example is Microsoft Active Directory. If your setup "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"does not in fact require the use of referrals, setting this option to false "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"might bring a noticeable performance improvement."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_dns_service_name (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specifies the service name to use when service discovery is enabled."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: ldap"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_chpass_dns_service_name (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the service name to use to find an LDAP server which allows "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"password changes when service discovery is enabled."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: not set, i.e. service discovery is disabled"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "ldap_chpass_update_last_change (bool)"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"Specifies whether to update the ldap_user_shadow_last_change attribute with "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"days since the Epoch after a password change operation."
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_access_filter (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"If using access_provider = ldap and ldap_access_order = filter (default), "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"this option is mandatory. It specifies an LDAP search filter criteria that "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"must be met for the user to be granted access on this host. If "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"access_provider = ldap, ldap_access_order = filter and this option is not "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"set, it will result in all users being denied access. Use access_provider = "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"permit to change this default behavior."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Example:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"access_provider = ldap\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This example means that access to this host is restricted to members of the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"\"allowedusers\" group in ldap."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Offline caching for this feature is limited to determining whether the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"user's last online login was granted access permission. If they were granted "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"access during their last login, they will continue to be granted access "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"while offline and vice-versa."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: Empty"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_account_expire_policy (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"With this option a client side evaluation of access control attributes can "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that it is always recommended to use server side access control, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"i.e. the LDAP server should deny the bind request with a suitable error code "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"even if the password is correct."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The following values are allowed:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"determine if the account is expired."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>ad</emphasis>: use the value of the 32bit field "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"ldap_user_ad_user_account_control and allow access if the second bit is not "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"set. If the attribute is missing access is granted. Also the expiration time "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"of the account is checked."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"emphasis>: use the value of ldap_ns_account_lock to check if access is "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"allowed or not."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>nds</emphasis>: the values of "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"If both attributes are missing access is granted."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_access_order (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Comma separated list of access control options. Allowed values are:"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "<emphasis>filter</emphasis>: use ldap_access_filter"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"to determine access"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "<emphasis>host</emphasis>: use the host attribute to determine access"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: filter"
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgstr "Padrão: filter"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Please note that it is a configuration error if a value is used more than "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_deref (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgstr "ldap_deref (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Specifies how alias dereferencing is done when performing a search. The "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"following options are allowed:"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the base object, but not in locating the base object of the search."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the base object of the search."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"in locating the base object of the search."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"client libraries)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#| msgid "ldap_krb5_init_creds (boolean)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "ldap_rfc2307_fallback_to_local_users (boolean)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "ldap_krb5_init_creds (boolean)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"Allows to retain local users as members of an LDAP group for servers that "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"use the RFC2307 schema."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"In some environments where the RFC2307 schema is used, local users are made "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"members of LDAP groups by adding their names to the memberUid attribute. "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"The self-consistency of the domain is compromised when this is done, so SSSD "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"would normally remove the \"missing\" users from the cached group "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"memberships as soon as nsswitch tries to fetch information about the user "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"via getpw*() or initgroups() calls."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"This option falls back to checking if local users are referenced, and caches "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"them so that later initgroups() calls will augment the local users with the "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"additional LDAP groups."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"All of the common configuration options that apply to SSSD domains also "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"manvolnum> </citerefentry> manual page for full details. <placeholder type="
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"\"variablelist\" id=\"0\"/>"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "SUDO OPTIONS"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_object_class (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The object class of a sudo rule entry in LDAP."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoRole"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_name (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that corresponds to the sudo rule name."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_command (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that corresponds to the command name."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoCommand"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_host (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the host name (or host IP address, "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"host IP network, or host netgroup)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoHost"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_user (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the user name (or UID, group name or "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"user's netgroup)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoUser"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_option (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that corresponds to the sudo options."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoOption"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_runasuser (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the user name that commands may be "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoRunAsUser"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_runasgroup (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the group name or group GID that "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"commands may be run as."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoRunAsGroup"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_notbefore (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the start date/time for when the sudo "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"rule is valid."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoNotBefore"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_notafter (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the expiration date/time, after which "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the sudo rule will no longer be valid."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoNotAfter"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_order (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that corresponds to the ordering index of the rule."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoOrder"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ldap_sudo_full_refresh_interval (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"How many seconds SSSD will wait between executing a full refresh of sudo "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"rules (which downloads all rules that are stored on the server)."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "Default: 21600 (6 hours)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ldap_sudo_smart_refresh_interval (integer)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"How many seconds SSSD has to wait before executing a smart refresh of sudo "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"rules (which downloads all rules that have USN higher than the highest USN "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"of cached rules)."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"If USN attributes are not supported by the server, the modifyTimestamp "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"attribute is used instead."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ldap_sudo_use_host_filter (boolean)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"If true, SSSD will download only rules that are applicable to this machine "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"(using the IPv4 or IPv6 host/network addresses and hostnames)."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ldap_sudo_hostnames (string)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"Space separated list of hostnames or fully qualified domain names that "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"should be used to filter the rules."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"If this option is empty, SSSD will try to discover the hostname and the "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"fully qualified domain name automatically."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ldap.5.xml:2062 sssd-ldap.5.xml:2085 sssd-ldap.5.xml:2103
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"emphasis> then this option has no effect."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "Default: not specified"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ldap_sudo_ip (string)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"Space separated list of IPv4 or IPv6 host/network addresses that should be "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"used to filter the rules."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"If this option is empty, SSSD will try to discover the addresses "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"automatically."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ldap_sudo_include_netgroups (boolean)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"If true then SSSD will download every rule that contains a netgroup in "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"sudoHost attribute."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ldap_sudo_include_regexp (boolean)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"If true then SSSD will download every rule that contains a wildcard in "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"sudoHost attribute."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "<placeholder type=\"variablelist\" id=\"0\"/>"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"This manual page only describes attribute name mapping. For detailed "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"explanation of sudo related attribute semantics, see <citerefentry> "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"citerefentry>"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "AUTOFS OPTIONS"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Please note that the default values correspond to the default schema which "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_map_object_class (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The object class of an automount map entry in LDAP."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: automountMap"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_map_name (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The name of an automount map entry in LDAP."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ou"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_entry_object_class (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_entry_key (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The key of an automount entry in LDAP. The entry usually corresponds to a "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_entry_value (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: automountInformation"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"\"variablelist\" id=\"4\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ADVANCED OPTIONS"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "OPÇÕES AVANÇADAS"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_netgroup_search_base (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_netgroup_search_base (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_search_base (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_search_base (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_search_base (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_group_search_base (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_search_filter (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_user_search_filter (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This option specifies an additional LDAP search filter criteria that "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"restrict user searches."
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"by ldap_user_search_base."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This filter would restrict user searches to users that have their shell set "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_search_filter (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ldap_group_search_filter (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This option specifies an additional LDAP search filter criteria that "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"restrict group searches."
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"by ldap_group_search_base."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudo_search_base (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_search_base (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"These options are supported by LDAP domains, but they should be used with "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"caution. Please include them in your configuration only if you know what you "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"are doing. <placeholder type=\"variablelist\" id=\"0\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The following example assumes that SSSD is correctly configured and LDAP is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"set to one of the domains in the <replaceable>[domains]</replaceable> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#, fuzzy, no-wrap
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#| " id_provider = ldap\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#| " auth_provider = ldap\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#| " ldap_uri = ldap://ldap.mydomain.org\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#| " ldap_search_base = dc=mydomain,dc=org\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#| " ldap_tls_reqcert = demand\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#| " cache_credentials = true\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#| " enumerate = true\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" id_provider = ldap\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" auth_provider = ldap\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" ldap_uri = ldap://ldap.mydomain.org\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" ldap_search_base = dc=mydomain,dc=org\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" ldap_tls_reqcert = demand\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" cache_credentials = true\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher" id_provider = ldap\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher" auth_provider = ldap\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher" ldap_uri = ldap://ldap.mydomain.org\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher" ldap_search_base = dc=mydomain,dc=org\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher" ldap_tls_reqcert = demand\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher" cache_credentials = true\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher" enumerate = true\n"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ldap.5.xml:2315 sssd-simple.5.xml:139 sssd-ipa.5.xml:651
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ad.5.xml:237 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-sudo.5.xml:99
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#: sssd-krb5.5.xml:450 include/ldap_id_mapping.xml:63
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<placeholder type=\"programlisting\" id=\"0\"/>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ldap.5.xml:2328 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:252
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The descriptions of some of the configuration options in this manual page "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"distribution."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refentryinfo>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "pam_sss"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "pam_sss"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "PAM module for SSSD"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Módulo PAM para SSSD"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>pam_sss.so</command> is the PAM interface to the System Security "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Services daemon (SSSD). Errors and results are logged through <command>syslog"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"(3)</command> with the LOG_AUTHPRIV facility."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>quiet</option>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<option>quiet</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Suppress log messages for unknown users."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>forward_pass</option>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<option>forward_pass</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If <option>forward_pass</option> is set the entered password is put on the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"stack for other PAM modules to use."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>use_first_pass</option>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<option>use_first_pass</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The argument use_first_pass forces the module to use a previous stacked "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"modules password and will never prompt the user - if no password is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"available or the password is not appropriate, the user will be denied access."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>use_authtok</option>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<option>use_authtok</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When password changing enforce the module to set the new password to the one "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"provided by a previously stacked password module."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>retry=N</option>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<option>retry=N</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If specified the user is asked another N times for a password if "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"authentication fails. Default is 0."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that this option might not work as expected if the application "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"calling PAM handles the user dialog on its own. A typical example is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sshd</command> with <option>PasswordAuthentication</option>."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "MODULE TYPES PROVIDED"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "MÓDULOS TIPO FORNECIDOS"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"All module types (<option>account</option>, <option>auth</option>, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>password</option> and <option>session</option>) are provided."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "FICHEIROS"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If a password reset by root fails, because the corresponding SSSD provider "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"does not support password resets, an individual message can be displayed. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This message can e.g. contain instructions about how to reset a password."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"filename> where LOC stands for a locale string returned by <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry>. If there is no matching file the content of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the owner of the files and only root may have read and write permissions "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"while all other users must have only read permissions."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"These files are searched in the directory <filename>/etc/sssd/customize/"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sssd_krb5_locator_plugin"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "sssd_krb5_locator_plugin"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"libraries what Realm and which KDC to use. Typically this is done in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"To simplify the configuration the Realm and the KDC can be defined in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry> as described in <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"</citerefentry> puts the Realm and the name or IP address of the KDC into "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"libraries it reads and evaluates these variables and returns them to the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Not all Kerberos implementations support the use of plugins. If "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sssd_krb5_locator_plugin</command> is not available on your system "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"debug messages will be sent to stderr."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sssd-simple"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "sssd-simple"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "the configuration file for SSSD's 'simple' access-control provider"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This manual page describes the configuration of the simple access-control "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry> manual page."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The simple access provider grants or denies access based on an access or "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"deny list of user or group names. The following rules apply:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "If all lists are empty, access is granted"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If any list is provided, the order of evaluation is allow,deny. This means "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"that any matching deny rule will supersede any matched allow rule."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If either or both \"allow\" lists are provided, all users are denied unless "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"they appear in the list."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If only \"deny\" lists are provided, all users are granted access unless "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"they appear in the list."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "simple_allow_users (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Comma separated list of users who are allowed to log in."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "simple_deny_users (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Comma separated list of users who are explicitly denied access."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "simple_allow_groups (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Comma separated list of groups that are allowed to log in. This applies only "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"to groups within this SSSD domain. Local groups are not evaluated."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "simple_deny_groups (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Comma separated list of groups that are explicitly denied access. This "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"applies only to groups within this SSSD domain. Local groups are not "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:76
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry> manual page for details on the configuration of an SSSD "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"Specifying no values for any of the lists is equivalent to skipping it "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"entirely. Beware of this while generating parameters for the simple provider "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"using automated scripts."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that it is an configuration error if both, simple_allow_users "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"and simple_deny_users, are defined."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The following example assumes that SSSD is correctly configured and example."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This examples shows only the simple access provider-specific options."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" access_provider = simple\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" simple_allow_users = user1, user2\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sssd-ipa"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This manual page describes the configuration of the IPA provider for "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The IPA provider is a back end used to connect to an IPA server. (Refer to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the freeipa.org web site for information about IPA servers.) This provider "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"requires that the machine be joined to the IPA domain; configuration is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"almost entirely self-discovered and obtained directly from the server."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The IPA provider accepts the same options used by the <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"provider with some exceptions described below."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"However, it is neither necessary nor recommended to set these options. IPA "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"provider can also be used as an access and chpass provider. As an access "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"provider it uses HBAC (host-based access control) rules. Please refer to "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"freeipa.org for more information about HBAC. No configuration of access "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"provider is required on the client side."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"The IPA provider will use the PAC responder if the Kerberos tickets of users "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"from trusted realms contain a PAC. To make configuration easier the PAC "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"responder is started automatically if the IPA ID provider is configured."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipa_domain (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ipa_domain (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the name of the IPA domain. This is optional. If not provided, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the configuration domain name is used."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "ipa_server, ipa_backup_server (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The comma-separated list of IP addresses or hostnames of the IPA servers to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"which SSSD should connect in the order of preference. For more information "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This is optional if autodiscovery is enabled. For more information on "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipa_hostname (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ipa_hostname (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Optional. May be set on machines where the hostname(5) does not reflect the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"fully qualified name used in the IPA domain to identify this host."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipa_dyndns_update (boolean)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ipa_dyndns_update (boolean)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Optional. This option tells SSSD to automatically update the DNS server "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"built into FreeIPA v2 with the IP address of this client."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the default Kerberos realm must be set properly in /etc/krb5.conf"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#| msgid "pam_id_timeout (integer)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "ipa_dyndns_ttl (integer)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "pam_id_timeout (integer)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"The TTL to apply to the client DNS record when updating it. If "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"ipa_dyndns_update is false this has no effect. This will override the TTL "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"serverside if set by an administrator."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#| msgid "Default: 10800 (12 hours)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "Default: 1200 (seconds)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "Padrão: 10800 (12 horas)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipa_dyndns_iface (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ipa_dyndns_iface (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"interface whose IP address should be used for dynamic DNS updates."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: Use the IP address of the IPA LDAP connection"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipa_hbac_search_base (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ipa_hbac_search_base (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Optional. Use the given string as search base for HBAC related objects."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: Use base DN"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Default: Use base DN"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_host_search_base (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Optional. Use the given string as search base for host objects."
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ipa.5.xml:183 sssd-ipa.5.xml:207 sssd-ipa.5.xml:226 sssd-ipa.5.xml:245
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"See <quote>ldap_search_base</quote> for information about configuring "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"multiple search bases."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"If filter is given in any of search bases and "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"will be ignored."
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#: sssd-ipa.5.xml:193 sssd-ipa.5.xml:212 include/ldap_search_bases.xml:23
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#: include/ldap_search_bases_experimental.xml:23
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_search_base (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Optional. Use the given string as search base for SELinux user maps."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ipa_subdomains_search_base (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Optional. Use the given string as search base for trusted domains."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "ipa_master_domain_search_base (string)"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "Optional. Use the given string as search base for master domain object."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_validate (boolean)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "krb5_validate (boolean)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Verify with the help of krb5_keytab that the TGT obtained has not been "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Note that this default differs from the traditional Kerberos provider back "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The name of the Kerberos realm. This is optional and defaults to the value "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"of <quote>ipa_domain</quote>."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The name of the Kerberos realm has a special meaning in IPA - it is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"converted into the base DN to use for performing LDAP operations."
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"Specifies if the host and user principal should be canonicalized when "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"connecting to IPA LDAP and also for AS requests. This feature is available "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"with MIT Kerberos >= 1.7"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipa_hbac_refresh (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The amount of time between lookups of the HBAC rules against the IPA server. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This will reduce the latency and load on the IPA server if there are many "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"access-control requests made in a short period."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 5 (seconds)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#| msgid "pam_id_timeout (integer)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "ipa_hbac_selinux (integer)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "pam_id_timeout (integer)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"The amount of time between lookups of the SELinux maps against the IPA "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"server. This will reduce the latency and load on the IPA server if there are "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"many user login requests made in a short period."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipa_hbac_treat_deny_as (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"client will support two modes of operation during this transition period:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"users will be denied access."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"careful with this option, as it may result in opening unintended access."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: DENY_ALL"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: DENY_ALL"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_hbac_support_srchost (boolean)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"If this is set to false, then srchost as given to SSSD by PAM will be "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallaghermsgid "ipa_automount_location (string)"
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallaghermsgid "The automounter location this IPA client will be using"
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallaghermsgid "Default: The location named \"default\""
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_netgroup_member_of (string)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "The LDAP attribute that lists netgroup's memberships."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_netgroup_member_user (string)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"The LDAP attribute that lists system users and groups that are direct "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"members of the netgroup."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: memberUser"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: memberUser"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_netgroup_member_host (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ipa_netgroup_member_host (string)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"The LDAP attribute that lists hosts and host groups that are direct members "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"of the netgroup."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: memberHost"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: memberHost"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_netgroup_member_ext_host (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ipa_netgroup_member_ext_host (string)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"The LDAP attribute that lists FQDNs of hosts and host groups that are "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"members of the netgroup."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: externalHost"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: externalHost"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_netgroup_domain (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ipa_netgroup_domain (string)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "The LDAP attribute that contains NIS domain name of the netgroup."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: nisDomainName"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: nisDomainName"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_host_object_class (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ipa_host_object_class (string)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "The object class of a host entry in LDAP."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: ipaHost"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: ipaHost"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ipa_host_fqdn (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ipa_host_fqdn (string)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "The LDAP attribute that contains FQDN of the host."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: fqdn"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: fqdn"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_object_class (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_name (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains the name of SELinux usermap."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_member_user (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that contains all users / groups this rule match against."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_member_host (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that contains all hosts / hostgroups this rule match "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_see_also (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that contains DN of HBAC rule which can be used for "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"matching instead of memberUser and memberHost"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: seeAlso"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_selinux_user (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains SELinux user string itself."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipaSELinuxUser"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_enabled (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that contains whether or not is user map enabled for "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipaEnabledFlag"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_user_category (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains user category such as 'all'."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: userCategory"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_host_category (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains host category such as 'all'."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: hostCategory"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_usermap_uuid (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains unique ID of the user map."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipaUniqueID"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_host_ssh_public_key (string)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains the host's SSH public keys."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipaSshPubKey"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "SUBDOMAINS PROVIDER"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"The IPA subdomains provider behaves slightly differently if it is configured "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"explicitly or implicitly."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"If the option 'subdomains_provider = ipa' is found in the domain section of "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"subdomain requests are sent to the IPA server if necessary."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"If the option 'subdomains_provider' is not set in the domain section of sssd."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"conf but there is the option 'id_provider = ipa', the IPA subdomains "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"provider is configured implictly. In this case, if a subdomain request fails "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"and indicates that the server does not support subdomains, i.e. is not "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"configured for trusts, the IPA subdomains provider is disabled. After an "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"hour or after the IPA provider goes online, the subdomains provider is "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"enabled again."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The following example assumes that SSSD is correctly configured and example."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This examples shows only the ipa provider-specific options."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" id_provider = ipa\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" ipa_hostname = myhost.example.com\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher" id_provider = ipa\n"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher" ipa_hostname = myhost.example.com\n"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "sssd-ad"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"This manual page describes the configuration of the AD provider for "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"The AD provider is a back end used to connect to an Active Directory server. "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"This provider requires that the machine be joined to the AD domain and a "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"keytab is available."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"The AD provider supports connecting to Active Directory 2008 R2 or later. "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"Earlier versions may work, but are unsupported."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"The AD provider accepts the same options used by the <citerefentry> "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"provider with some exceptions described below."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"However, it is neither necessary nor recommended to set these options. The "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"AD provider can also be used as an access and chpass provider. No "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"configuration of the access provider is required on the client side."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ldap_id_mapping = False\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"By default, the AD provider will map UID and GID values from the objectSID "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"parameter in Active Directory. For details on this, see the <quote>ID "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"MAPPING</quote> section below. If you want to disable ID mapping and instead "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"rely on POSIX attributes defined in Active Directory, you should set "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ad_domain (string)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"Specifies the name of the Active Directory domain. This is optional. If not "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"provided, the configuration domain name is used."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"For proper operation, this option should be specified as the lower-case "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"version of the long version of the Active Directory domain."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "ad_server, ad_backup_server (string)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"The comma-separated list of IP addresses or hostnames of the AD servers to "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"which SSSD should connect in order of preference. For more information on "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"failover and server redundancy, see the <quote>FAILOVER</quote> section. "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"This is optional if autodiscovery is enabled. For more information on "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ad_hostname (string)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"Optional. May be set on machines where the hostname(5) does not reflect the "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"fully qualified name used in the Active Directory domain to identify this "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"This field is used to determine the host principal in use in the keytab. It "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"must match the hostname for which the keytab was issued."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"fallback_homedir = /home/%u\n"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"The following example assumes that SSSD is correctly configured and example."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"This example shows only the AD provider-specific options."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"id_provider = ad\n"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"auth_provider = ad\n"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"access_provider = ad\n"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"chpass_provider = ad\n"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"ad_hostname = client.example.com\n"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"ad_domain = example.com\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"access_provider = ldap\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"ldap_access_order = expire\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"ldap_account_expire_policy = ad\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"The AD access control provider checks if the account is expired. It has the "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"same effect as the following configuration of the LDAP provider: "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "sssd-sudo"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "Configuring sudo with the SSSD back end"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"This manual page describes how to configure <citerefentry> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "Configuring sudo to cooperate with SSSD"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"the <emphasis>sudoers</emphasis> entry in <citerefentry> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"citerefentry>."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"For example, to configure sudo to first lookup rules in the standard "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"manvolnum> </citerefentry> file (which should contain rules that apply to "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"local users) and then in SSSD, the nsswitch.conf file should contain the "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"following line:"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "sudoers: files sss\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"More information about configuring the sudoers search order from the "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"nsswitch.conf file as well as information about the LDAP schema that is used "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"to store sudo rules in the directory can be found in <citerefentry> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"citerefentry>."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "Configuring SSSD to fetch sudo rules"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The following example shows how to configure SSSD to download sudo rules "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"from an LDAP server."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"config_file_version = 2\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"services = nss, pam, sudo\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"domains = EXAMPLE\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"id_provider = ldap\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"sudo_provider = ldap\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ldap_uri = ldap://example.com\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The following example illustrates setting up SSSD to download sudo rules "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"from an IPA server. It is necessary to use the LDAP provider and set "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"appropriate connection parameters to authenticate correctly against the IPA "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"server, because SSSD does not have native support of IPA provider for sudo "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"config_file_version = 2\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"services = nss, pam, sudo\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"domains = EXAMPLE\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"id_provider = ipa\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ipa_domain = example.com\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ipa_server = ipa.example.com\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ldap_tls_cacert = /etc/ipa/ca.crt\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"sudo_provider = ldap\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ldap_uri = ldap://ipa.example.com\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ldap_sasl_mech = GSSAPI\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ldap_sasl_authid = host/hostname.example.com\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ldap_sasl_realm = EXAMPLE.COM\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"krb5_server = ipa.example.com\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "The SUDO rule caching mechanism"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The biggest challenge, when developing sudo support in SSSD, was to ensure "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"that running sudo with SSSD as the data source provides the same user "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"experience and is as fast as sudo but keeps providing the most current set "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"of rules as possible. To satisfy these requirements, SSSD uses three kinds "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"of updates. They are referred to as full refresh, smart refresh and rules "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"new or were modified after the last update. Its primary goal is to keep the "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"database growing by fetching only small increments that do not generate "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"large amounts of network traffic."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"in the cache and replaces them with all rules that are stored on the server. "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"This is used to keep the cache consistent by removing every rule which was "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"deleted from the server. However, full refresh may produce a lot of traffic "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"and thus it should be run only occasionally depending on the size and "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"stability of the sudo rules."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"more permission than defined. It is triggered each time the user runs sudo. "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"Rules refresh will find all rules that apply to this user, check their "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"expiration time and redownload them if expired. In the case that any of "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"these rules are missing on the server, the SSSD will do an out of band full "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"refresh because more rules (that apply to other users) may have been deleted."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"If enabled, SSSD will store only rules that can be applied to this machine. "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"This means rules that contain one of the following values in "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<emphasis>sudoHost</emphasis> attribute:"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "keyword ALL"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "wildcard"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "netgroup (in the form \"+netgroup\")"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "hostname or fully qualified domain name of this machine"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "one of the IP addresses of this machine"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "one of the IP addresses of the network (in the form \"address/mask\")"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"There are many configuration options that can be used to adjust the "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "System Security Services Daemon"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Daemon de serviços de segurança do sistema"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"replaceable> </arg>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>SSSD</command> provides a set of daemons to manage access to remote "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"directories and authentication mechanisms. It provides an NSS and PAM "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"interface toward the system and a pluggable backend system to connect to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"multiple different account sources as well as D-Bus interface. It is also "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the basis to provide client auditing and policy services for projects like "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"FreeIPA. It provides a more robust database to store local users as well as "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"extended user data."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-f</option>,<option>--debug-to-files</option>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<option>-f</option>,<option>--debug-to-files</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Send the debug output to files instead of stderr. By default, the log files "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"are stored in <filename>/var/log/sssd</filename> and there are separate log "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"files for every SSSD service and domain."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-D</option>,<option>--daemon</option>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<option>-D</option>,<option>--daemon</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Become a daemon after starting up."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Tornar-se um daemon após a instalação."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-i</option>,<option>--interactive</option>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<option>-i</option>,<option>--interactive</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Run in the foreground, don't become a daemon."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Executar em primeiro plano, não se torne um daemon."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-c</option>,<option>--config</option>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<option>-c</option>,<option>--config</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"conf</filename>. For reference on the config file syntax and options, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<manvolnum>5</manvolnum> </citerefentry> manual page."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "<option>--version</option>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<option>--version</option>"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Print version number and exit."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Imprimir o número da versão e sair."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Signals"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Sinais"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Informs the SSSD to gracefully terminate all of its child processes and then "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"shut down the monitor."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "SIGHUP"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Tells the SSSD to stop writing to its current debug file descriptors and to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"close and reopen them. This is meant to facilitate log rolling with programs "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"like logrotate."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "SIGUSR1"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "SIGUSR1"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Tells the SSSD to simulate offline operation for one minute. This is mostly "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"useful for testing purposes."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "SIGUSR2"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "SIGUSR2"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Tells the SSSD to go online immediately. This is mostly useful for testing "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_obfuscate"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "sss_obfuscate"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "obfuscate a clear text password"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "ofuscar uma senha de texto não criptografado"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable></arg>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"replaceable></arg>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_obfuscate</command> converts a given password into human-"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"unreadable format and places it into appropriate domain section of the SSSD "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The cleartext password is read from standard input or entered "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"interactively. The obfuscated password is put into "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>ldap_default_authtok_type</quote> parameter is set to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry> for more details on these parameters."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that obfuscating the password provides <emphasis>no real "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"security benefit</emphasis> as it is still possible for an attacker to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"reverse-engineer the password back. Using better authentication mechanisms "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-s</option>,<option>--stdin</option>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<option>-s</option>,<option>--stdin</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The password to obfuscate will be read from standard input."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ea929f1b022fc2cb77dec89b0e12accef983ec85Jakub Hrozek#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The SSSD domain to use the password in. The default name is <quote>default</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Read the config file specified by the positional parameter."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_useradd"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "create a new user"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_useradd</command> creates a new user account using the values "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"specified on the command line plus the default values from the system."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"not given, it is chosen automatically."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Any text string describing the user. Often used as the field for the user's "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The home directory of the user account. The default is to append the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"that as the home directory. The base that is prepended before "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"baseDirectory</quote> setting in sssd.conf."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The user's login shell. The default is currently <filename>/bin/bash</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"filename>. The default can be changed with <quote>user_defaults/"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"defaultShell</quote> setting in sssd.conf."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "A list of existing groups this user is also a member of."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-m</option>,<option>--create-home</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Create the user's home directory if it does not exist. The files and "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"directories contained in the skeleton directory (which can be defined with "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the -k option or in the config file) will be copied to the home directory."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-M</option>,<option>--no-create-home</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Do not create the user's home directory. Overrides configuration settings."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The skeleton directory, which contains files and directories to be copied in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the user's home directory, when the home directory is created by "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_useradd</command>."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This option is only valid if the <option>-m</option> (or <option>--create-"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"home</option>) option is specified, or creation of home directories is set "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"to TRUE in the configuration."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-Z</option>,<option>--selinux-user</option> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>SELINUX_USER</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The SELinux user for the user's login. If not specified, the system default "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"will be used."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sssd-krb5"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This manual page describes the configuration of the Kerberos 5 "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"authentication backend for <citerefentry> <refentrytitle>sssd</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"manvolnum> </citerefentry> manual page."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The Kerberos 5 authentication backend contains auth and chpass providers. It "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"must be paired with an identity provider in order to function properly (for "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"example, id_provider = ldap). Some information required by the Kerberos 5 "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"authentication backend must be provided by the identity provider, such as "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the user's Kerberos Principal Name (UPN). The configuration of the identity "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"provider should have an entry to specify the UPN. Please refer to the man "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"page for the applicable identity provider for details on how to configure "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This backend also provides access control based on the .k5login file in the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that an empty .k5login file will deny all access to this user. "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"To activate this feature, use 'access_provider = krb5' in your SSSD "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"configuration."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"In the case where the UPN is not available in the identity backend, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sssd</command> will construct a UPN using the format "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"Specifies the comma-separated list of IP addresses or hostnames of the "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"Kerberos servers to which SSSD should connect, in the order of preference. "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"For more information on failover and server redundancy, see the "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"colon) may be appended to the addresses or hostnames. If empty, service "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"discovery is enabled; for more information, refer to the <quote>SERVICE "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"DISCOVERY</quote> section."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The name of the Kerberos realm. This option is required and must be "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "krb5_kpasswd, krb5_backup_kpasswd (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"If the change password service is not running on the KDC, alternative "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"servers can be defined here. An optional port number (preceded by a colon) "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"may be appended to the addresses or hostnames."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For more information on failover and server redundancy, see the "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"servers to try, the backend is not switched to operate offline if "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"authentication against the KDC is still possible."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: Use the KDC"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: Usar o KDC"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_ccachedir (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "krb5_ccachedir (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Directory to store credential caches. All the substitution sequences of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"krb5_ccname_template can be used here, too, except %d and %P. If the "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"a private directory belonging to the user is created. Otherwise, a public "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"directory with restricted deletion flag (aka sticky bit, as described in "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"</citerefentry> for details) is created."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: /tmp"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: /tmp."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_ccname_template (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "krb5_ccname_template (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "login UID"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "principal name"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "nome principal"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "realm name"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "nome de território"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "home directory"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "value of krb5ccache_dir"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "valor de krb5ccache_dir"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#| msgid "the process ID of the sssd client"
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "the process ID of the SSSD client"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "o ID do processo do cliente SSSD"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Location of the user's credential cache. Two credential cache types are "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"currently supported: <quote>FILE</quote> and <quote>DIR</quote>. The cache "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"can be specified either as <replaceable>TYPE:RESIDUAL</replaceable>, or as "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"an absolute path, which implies the <quote>FILE</quote> type. In the "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"template, the following sequences are substituted: <placeholder type="
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"\"variablelist\" id=\"0\"/> If the template ends with 'XXXXXX' mkstemp(3) is "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"used to create a unique filename in a safe way."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: FILE:%d/krb5cc_%U_XXXXXX"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_auth_timeout (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "krb5_auth_timeout (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"Timeout in seconds after an online authentication request or change password "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"request is aborted. If possible, the authentication request is continued "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"Verify with the help of krb5_keytab that the TGT obtained has not been "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"spoofed. The keytab is checked for entries sequentially, and the first entry "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"with a matching realm is used for validation. If no entry matches the realm, "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"the last entry in the keytab is used. This process can be used to validate "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"environments using cross-realm trust by placing the appropriate keytab entry "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"as the last entry or the only entry in the keytab file."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_keytab (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "krb5_keytab (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The location of the keytab to use when validating credentials obtained from "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_store_password_if_offline (boolean)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "krb5_store_password_if_offline (boolean)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Store the password of the user if the provider is offline and use it to "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"request a TGT when the provider comes online again."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"NOTE: this feature is only available on Linux. Passwords stored in this way "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"are kept in plaintext in the kernel keyring and are potentially accessible "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"by the root user (with difficulty)."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_renewable_lifetime (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "krb5_renewable_lifetime (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"Request a renewable ticket with a total lifetime, given as an integer "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"immediately followed by a time unit:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#| msgid "<emphasis>s</emphasis> seconds"
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "<emphasis>s</emphasis> for seconds"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<emphasis>s</emphasis> segundos"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#| msgid "<emphasis>m</emphasis> minutes"
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "<emphasis>m</emphasis> for minutes"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<emphasis>m</emphasis> minutos"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#| msgid "<emphasis>h</emphasis> hours"
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "<emphasis>h</emphasis> for hours"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<emphasis>h</emphasis> horas"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#| msgid "<emphasis>d</emphasis> days."
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "<emphasis>d</emphasis> for days."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<emphasis>d</emphasis> dias."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#| msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Se não houver nenhum delimitador <emphasis>s</emphasis> é assumido."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"and a half hours, use '90m' instead of '1h30m'."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: not set, i.e. the TGT is not renewable"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Padrão: não definido, ou seja, o TGT não é renovável"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_lifetime (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "krb5_lifetime (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"Request ticket with a with a lifetime, given as an integer immediately "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"followed by a time unit:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#| msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "If there is no unit given <emphasis>s</emphasis> is assumed."
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgstr "Se não houver nenhum delimitador <emphasis>s</emphasis> é assumido."
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"NOTE: It is not possible to mix units. To set the lifetime to one and a "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"half hours please use '90m' instead of '1h30m'."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: not set, i.e. the default ticket lifetime configured on the KDC."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_renew_interval (integer)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "krb5_renew_interval (integer)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The time in seconds between two checks if the TGT should be renewed. TGTs "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"are renewed if about half of their lifetime is exceeded."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "If this option is not set or is 0 the automatic renewal is disabled."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_use_fast (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"authentication. The following options are supported:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"option at all."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"continue the authentication without it."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"server does not require fast."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: not set, i.e. FAST is not used."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "NOTE: a keytab is required to use FAST."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"SSSD is used with an older version of MIT Kerberos, using this option is a "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"configuration error."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_fast_principal (string)"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "krb5_fast_principal (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specifies the server principal to use for FAST."
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"Specifies if the host and user principal should be canonicalized. This "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"feature is available with MIT Kerberos 1.7 and later versions."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"If the auth-module krb5 is used in an SSSD domain, the following options "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"must be used. See the <citerefentry> <refentrytitle>sssd.conf</"
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The following example assumes that SSSD is correctly configured and FOO is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"example shows only configuration of Kerberos authentication; it does not "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"include any identity provider."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" auth_provider = krb5\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" krb5_server = 192.168.1.1\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher" krb5_realm = EXAMPLE.COM\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_groupadd"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "create a new group"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupadd</command> creates a new group. These groups are "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"compatible with POSIX groups, with the additional feature that they can "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"contain other groups as members."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Set the GID of the group to the value of <replaceable>GID</replaceable>. If "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"not given, it is chosen automatically."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_userdel"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "delete a user account"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_userdel</command> deletes a user identified by login name "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>LOGIN</replaceable> from the system."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-r</option>,<option>--remove</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Files in the user's home directory will be removed along with the home "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"directory itself and the user's mail spool. Overrides the configuration."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-R</option>,<option>--no-remove</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Files in the user's home directory will NOT be removed along with the home "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"directory itself and the user's mail spool. Overrides the configuration."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-f</option>,<option>--force</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This option forces <command>sss_userdel</command> to remove the user's home "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"directory and mail spool, even if they are not owned by the specified user."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-k</option>,<option>--kick</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Before actually deleting the user, terminate all his processes."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_groupdel"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "sss_groupdel"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "delete a group"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "excluir um grupo"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupdel</command> deletes a group identified by its name "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>GROUP</replaceable> from the system."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_groupshow"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "sss_groupshow"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "print properties of a group"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupshow</command> displays information about a group "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"identified by its name <replaceable>GROUP</replaceable>. The information "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"includes the group ID number, members of the group and the parent group."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-R</option>,<option>--recursive</option>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<option>-R</option>,<option>--recursive</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Also print indirect group members in a tree-like hierarchy. Note that this "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"also affects printing parent groups - without <option>R</option>, only the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"direct parent will be printed."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_usermod"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "sss_usermod"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "modify a user account"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "modificar uma conta de utilizador"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_usermod</command> modifies the account specified by "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"on the command line."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The home directory of the user account."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The user's login shell."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Append this user to groups specified by the <replaceable>GROUPS</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"a comma separated list of group names."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Remove this user from groups specified by the <replaceable>GROUPS</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> parameter."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-l</option>,<option>--lock</option>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<option>-l</option>,<option>--lock</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Lock the user account. The user won't be able to log in."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallagher"Bloquear a conta do utilizador. O utilizador não será capaz de efetuar login."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-u</option>,<option>--unlock</option>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<option>-u</option>,<option>--unlock</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Unlock the user account."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Desbloquear a conta de utilizador."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The SELinux user for the user's login."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "sss_cache"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "perform cache cleanup"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"records are forced to be reloaded from server as soon as related SSSD "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"backend is online."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Invalidate specific user."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<option>-U</option>,<option>--users</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Invalidate all user records. This option overrides invalidation of specific "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"user if it was also set."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Invalidate specific group."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<option>-G</option>,<option>--groups</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Invalidate all group records. This option overrides invalidation of specific "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"group if it was also set."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Invalidate specific netgroup."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<option>-N</option>,<option>--netgroups</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Invalidate all netgroup records. This option overrides invalidation of "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"specific netgroup if it was also set."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<option>-s</option>,<option>--service</option> <replaceable>service</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Invalidate specific service."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "<option>-S</option>,<option>--services</option>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Invalidate all service records. This option overrides invalidation of "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"specific service if it was also set."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Invalidate specific autofs maps."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "<option>-A</option>,<option>--autofs-maps</option>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Invalidate all autofs maps. This option overrides invalidation of specific "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"map if it was also set."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Restrict invalidation process only to a particular domain."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "sss_debuglevel"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "change debug level while SSSD is running"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable></arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "sss_seed"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "seed the SSSD cache with a user"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<command>sss_seed</command> seeds the SSSD cache with a user entry and "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"temporary password. If a user entry is already present in the SSSD cache "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"then the entry is updated with the temporary password."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"replaceable>"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"Provide the name of the domain in which the user is a member of. The domain "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"is also used to retrieve user information. The domain must be configured in "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"Information retrieved from the domain overrides what is provided in the "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<option>-n</option>,<option>--username</option> <replaceable>USER</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"replaceable>"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The username of the entry to be created or modified in the cache. The "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<replaceable>USER</replaceable> option must be provided."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "Set the UID of the user to <replaceable>UID</replaceable>."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "Set the GID of the user to <replaceable>GID</replaceable>."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "Set the login shell of the user to <replaceable>SHELL</replaceable>."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"Interactive mode for entering user information. This option will only prompt "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"for information not provided in the options or retrieved from the domain."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"replaceable>"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"Specify file to read user's password from. (if not specified password is "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"prompted for)"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"The length of the password (or the size of file specified with -p or --"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"on systems with no globally-defined PASS_MAX value)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "sss_ssh_authorizedkeys"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refmeta><manvolnum>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "get OpenSSH authorized keys"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<replaceable>options</replaceable> </arg> <arg "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"choice='plain'><replaceable>USER</replaceable></arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> for more information)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"command> for public key user authentication if it is compiled with support "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<manvolnum>5</manvolnum></citerefentry> options."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"If <quote>AuthorizedKeysCommand</quote> is supported, "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> can be configured to use it by putting the following directive "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"If <quote>PubkeyAgent</quote> is supported, "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> can be configured to use it by using the following directive "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"\" id=\"0\"/>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "sss_ssh_knownhostsproxy"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "get OpenSSH host keys"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<replaceable>options</replaceable> </arg> <arg "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"pubconf/known_hosts</filename> and estabilishes connection to the host."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"create the connection to the host instead of opening a socket."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"command> for host key authentication by using the following directives for "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Use port <replaceable>PORT</replaceable> to connect to the host. By "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"default, port 22 is used."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "SERVICE DISCOVERY"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "DESCOBERTA DE SERVIÇOS"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The service discovery feature allows back ends to automatically find the "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"appropriate servers to connect to using a special DNS query. This feature is "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"not supported for backup servers."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Configuration"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Configuração"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If no servers are specified, the back end automatically uses service "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"discovery to try to find a server. Optionally, the user may choose to use "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"both fixed server addresses and service discovery by inserting a special "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"preference is maintained. This feature is useful if, for example, the user "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"prefers to use service discovery whenever possible, and fall back to a "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"specific server when no servers can be discovered using DNS."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The domain name"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "O nome de domínio"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry> manual page for more details."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The protocol"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "O protocolo"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The queries usually specify _tcp as the protocol. Exceptions are documented "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"in respective option description."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "See Also"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Ver também"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For more information on the service discovery mechanism, refer to RFC 2782."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: outside any tag (error?)
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "FAILOVER"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The failover feature allows back ends to automatically switch to a different "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"server if the current server fails."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Failover Syntax"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The list of servers is given as a comma-separated list; any number of spaces "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"is allowed around the comma. The servers are listed in order of preference. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The list can contain any number of servers."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <refsect1><refsect2><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"For each failover-enabled config option, two variants exist: "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"that servers in the primary list are preferred and backup servers are only "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"searched if no primary servers can be reached. If a backup server is "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"selected, a timeout of 31 seconds is set. After this timeout SSSD will "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"periodically try to reconnect to one of the primary servers. If it succeeds, "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"it will replace the current active (backup) server."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The Failover Mechanism"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The failover mechanism distinguishes between a machine and a service. The "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"back end first tries to resolve the hostname of a given machine; if this "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"resolution attempt fails, the machine is considered offline. No further "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"attempts are made to connect to this machine for any other service. If the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"resolution attempt succeeds, the back end tries to connect to a service on "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"this machine. If the service connection attempt fails, then only this "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"particular service is considered offline and the back end automatically "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"switches over to the next service. The machine is still considered online "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"and might still be tried for another service."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Further connection attempts are made to machines or services marked as "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"offline after a specified period of time; this is currently hard coded to 30 "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If there are no more machines to try, the back end as a whole switches to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"offline mode, and then attempts to reconnect every 30 seconds."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ID MAPPING"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The ID-mapping feature allows SSSD to act as a client of Active Directory "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"without requiring administrators to extend user attributes to support POSIX "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"attributes for user and group identifiers."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ignored. This is to avoid the possibility of conflicts between automatically-"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"assigned and manually-assigned values. If you need to use manually-assigned "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"values, ALL values must be manually-assigned."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Mapping Algorithm"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Active Directory provides an objectSID for every user and group object in "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"the directory. This objectSID can be broken up into components that "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"represent the Active Directory domain identity and the relative identifier "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"(RID) of the user or group object."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"into equally-sized component sections - called \"slices\"-. Each slice "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"represents the space available to an Active Directory domain."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"When a user or group entry for a particular domain is encountered for the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"first time, the SSSD allocates one of the available slices for that domain. "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"In order to make this slice-assignment repeatable on different client "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"machines, we select the slice based on the following algorithm:"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The SID string is passed through the murmurhash3 algorithm to convert it to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"a 32-bit hashed value. We then take the modulus of this value with the total "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"number of available slices to pick the slice."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"NOTE: It is possible to encounter collisions in the hash and subsequent "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"modulus. In these situations, we will select the next available slice, but "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"it may not be possible to reproduce the same exact set of slices on other "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"machines (since the order that they are encountered will determine their "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"slice). In this situation, it is recommended to either switch to using "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"configure a default domain to guarantee that at least one is always "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"consistent. See <quote>Configuration</quote> for details."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para><programlisting>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ldap_id_mapping = True\n"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ldap_schema = ad\n"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The default configuration results in configuring 10,000 slices, each capable "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"of holding up to 200,000 IDs, starting from 10,001 and going up to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"2,000,100,000. This should be sufficient for most deployments."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Advanced Configuration"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_range_min (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specifies the lower bound of the range of POSIX IDs to use for mapping "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Active Directory user and group SIDs."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"NOTE: This option is different from <quote>min_id</quote> in that "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"<quote>min_id</quote> acts to filter the output of requests to this domain, "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"whereas this option controls the range of ID assignment. This is a subtle "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"distinction, but the good general advice would be to have <quote>min_id</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgid "Default: 200000"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_range_max (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specifies the upper bound of the range of POSIX IDs to use for mapping "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Active Directory user and group SIDs."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"NOTE: This option is different from <quote>max_id</quote> in that "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"<quote>max_id</quote> acts to filter the output of requests to this domain, "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"whereas this option controls the range of ID assignment. This is a subtle "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"distinction, but the good general advice would be to have <quote>max_id</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "Default: 2000200000"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_range_size (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specifies the number of IDs available for each slice. If the range size "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"does not divide evenly into the min and max values, it will create as many "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"complete slices as it can."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_default_domain_sid (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specify the domain SID of the default domain. This will guarantee that this "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"domain will always be assigned to slice zero in the ID map, bypassing the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"murmurhash algorithm described above."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_default_domain (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Specify the name of the default domain."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_autorid_compat (boolean)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"winbind's <quote>idmap_autorid</quote> algorithm."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"When this option is configured, domains will be allocated starting with "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"slice zero and increasing monatomically with each additional domain."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"NOTE: This algorithm is non-deterministic (it depends on the order that "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"users and groups are requested). If this mode is required for compatibility "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"with machines running winbind, it is recommended to also use the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"least one domain is consistently allocated to slice zero."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <varlistentry><term>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "<option>-?</option>,<option>--help</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#: include/param_help.xml:7 include/param_help_py.xml:7
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Display help message and exit."
b355dcb54194f498921743ca33304eac35d89718Stephen Gallaghermsgstr "Exibe a mensagem de ajuda e sai."
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <varlistentry><term>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "<option>-h</option>,<option>--help</option>"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgstr "<option>-h</option>,<option>--help</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"default value as well as the lowest allowed value, 0xFFF0 is the most "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"verbose mode. This setting overrides the settings from config file."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Currently supported debug levels:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"SSSD from starting up or causes it to cease running."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"the SSSD, but one that indicates that at least one major feature is not "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"going to work properly."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"particular request or operation has failed."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"percolate down to cause the operation failure of 2."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<emphasis>0x0100</emphasis>: Configuration settings."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<emphasis>0x0200</emphasis>: Function data."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"may be interesting."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"To log required debug levels, simply add their numbers together as shown in "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"following examples:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"serious failures and function data use 0x0270."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"function data, trace messages for internal control functions use 0x1310."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: outside any tag (error?)
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis> This is an experimental feature, please use http://fedorahosted."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"org/sssd to report any issues. </emphasis>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "THE LOCAL DOMAIN"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"In order to function correctly, a domain with <quote>id_provider=local</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"quote> must be created and the SSSD must be running."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The administrator might want to use the SSSD local users instead of "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"traditional UNIX users in cases where the group nesting (see <citerefentry> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"citerefentry>) is needed. The local users are also useful for testing and "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"development of the SSSD without having to deploy a full remote server. The "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"local LDB storage to store users and groups."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <refsect1><title>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "SEE ALSO"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgstr "VER TAMBÉM"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <refsect1><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"manvolnum> </citerefentry>, <citerefentry> "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"for this attribute type."
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <listitem><para><programlisting>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#: include/ldap_search_bases_experimental.xml:13
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#: include/ldap_search_bases_experimental.xml:19
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"For examples of this syntax, please refer to the <quote>ldap_search_base</"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"quote> examples section."
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#: include/ldap_search_bases_experimental.xml:27
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"Please note that specifying scope or filter is not supported for searches "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"against an Active Directory Server that might yield a large number of "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"results and trigger the Range Retrieval extension in the response."
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"Please note that the automounter only reads the master map on startup, so if "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"any autofs-related changes are made to the sssd.conf, you typically also "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"need to restart the automounter daemon after restarting the SSSD."