man/include/ipa_modified_defaults.xml

	ipa_modified_defaults.xml revision 8caf7ba5005b3be5447311713ad2b58169f9d32f
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering<refsect1 id='modified-default-options'>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering    <title>MODIFIED DEFAULT OPTIONS</title>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering    <para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering        Certain option defaults do not match their respective backend
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering        provider defaults, these option names and IPA provider-specific
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering        defaults are listed below:
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering    </para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering    <refsect2 id='krb5_modifications'>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering        <title>KRB5 Provider</title>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering        <itemizedlist>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            <listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                <para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                    krb5_validate = true
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                </para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            </listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            <listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                <para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                    krb5_use_fast = try
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                </para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            </listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            <listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                <para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                    krb5_canonicalize = true
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                </para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            </listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering        </itemizedlist>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering    </refsect2>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering    <refsect2 id='ldap_general_modifications'>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering        <title>LDAP Provider - General</title>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering        <itemizedlist>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            <listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                <para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                    ldap_schema = ipa_v1
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                </para>
0c0cdb06c139b52ff103287f6909b3daa5b2dc54Ronny Chevalier            </listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            <listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                <para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                    ldap_force_upper_case_realm = true
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                </para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            </listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            <listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                <para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                    ldap_sasl_mech = GSSAPI
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                </para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            </listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            <listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                <para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                    ldap_sasl_minssf = 56
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                </para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            </listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            <listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                <para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                    ldap_account_expire_policy = ipa
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                </para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            </listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            <listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                <para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                    ldap_use_tokengroups = true
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering                </para>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering            </listitem>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering        </itemizedlist>
fa6ac76083b8ffc1309876459f54f9f0e2843731Lennart Poettering    </refsect2>
    <refsect2 id='ldap_user_modifications'>
        <title>LDAP Provider - User options</title>
        <itemizedlist>
            <listitem>
                <para>
                    ldap_user_member_of = memberOf
                </para>
            </listitem>
            <listitem>
                <para>
                    ldap_user_uuid = ipaUniqueID
                </para>
            </listitem>
            <listitem>
                <para>
                    ldap_user_ssh_public_key = ipaSshPubKey
                </para>
            </listitem>
            <listitem>
                <para>
                    ldap_user_auth_type = ipaUserAuthType
                </para>
            </listitem>
            <listitem>
                <para>
                    ldap_user_certificate = userCertificate;binary
                </para>
            </listitem>
        </itemizedlist>
    </refsect2>
    <refsect2 id='ldap_group_modifications'>
        <title>LDAP Provider - Group options</title>
        <itemizedlist>
            <listitem>
                <para>
                    ldap_group_object_class = ipaUserGroup
                </para>
            </listitem>
            <listitem>
                <para>
                    ldap_group_object_class_alt = posixGroup
                </para>
            </listitem>
            <listitem>
                <para>
                    ldap_group_member = member
                </para>
            </listitem>
            <listitem>
                <para>
                    ldap_group_uuid = ipaUniqueID
                </para>
            </listitem>
            <listitem>
                <para>
                    ldap_group_objectsid = ipaNTSecurityIdentifier
                </para>
            </listitem>
            <listitem>
                <para>
                    ldap_group_external_member = ipaExternalMember
                </para>
            </listitem>
        </itemizedlist>
    </refsect2>
</refsect1>