I'm sending updated patch:
> I would personally prefer not to delete the above sentence altogether,
> just rephrase it. Sorry for nitpicking, but I know that the schema
> differences have been a cause of confusion among users, so I think we
> should keep the documentation as descriptive as possible.
You're probably right. Done.
> This would better be answered by a native English speaker, but "parental
> object" does not sound right to me, is just "parent object" better?
I think it is correct this way. As you said, native English speaker should
probably decide this.
> Also, In description of most of the added ldap_user_* attributes, I
> think that "this parameter" would sound better than just "this".
Done
> This option is already described in sssd.conf since it is used by the
> proxy backend, too.
Removed
> I'm wondering whether this should be considered a generic option,
> similar to entry_cache_timeout and documented in sssd.conf. I think any
> future back ends might implement a cleanup task, too, controlled by the
> same parameter, even though LDAP is the only implemented ID provider so
> far.
Removed
--
Jan
From c9f17bc310378c1f60f527c027ceeec928a1fcb5 Mon Sep 17 00:00:00 2001
From: Jan Zeleny <jzel...@redhat.com>
Date: Wed, 25 Aug 2010 09:27:31 +0200
Subject: [PATCH] Reviewed sssd-ldap man page
Some config options updated, newly documented 12 new options.
---
src/man/sssd-ldap.5.xml | 214 +++++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 207 insertions(+), 7 deletions(-)
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 333ab31..5e9ff16 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -87,17 +87,17 @@
attribute names retrieved from the servers may vary.
The way that some attributes are handled may also differ.
- Two schema types are currently supported:
+ Three schema types are currently supported:
rfc2307
rfc2307bis
+ IPA
- The main difference between these two schema types is
+ The main difference between these schema types is
how group memberships are recorded in the server.
With rfc2307, group members are listed by name in the
<emphasis>memberUid</emphasis> attribute.
- With rfc2307bis, group members are listed by DN and
- stored in the <emphasis>member</emphasis> attribute.
-
+ With rfc2307bis and IPA, group members are listed by DN
+ and stored in the <emphasis>member</emphasis> attribute.
</para>
<para>
Default: rfc2307
@@ -253,6 +253,160 @@
</varlistentry>
<varlistentry>
+ <term>ldap_user_modify_timestamp (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains timestamp of the
+ last modification of the parental object.
+ </para>
+ <para>
+ Default: modifyTimestamp
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ldap_user_shadow_last_change (string)</term>
+ <listitem>
+ <para>
+ When using ldap_pwd_policy=shadow, this parameter
+ contains the name of an LDAP attribute corresponding
+ to its
+ <citerefentry>
+ <refentrytitle>shadow</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry> counterpart (date of the last
+ password change).
+ </para>
+ <para>
+ Default: shadowLastChange
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ldap_user_shadow_min (string)</term>
+ <listitem>
+ <para>
+ When using ldap_pwd_policy=shadow, this parameter
+ contains the name of an LDAP attribute corresponding
+ to its
+ <citerefentry>
+ <refentrytitle>shadow</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry> counterpart (minimum password age).
+ </para>
+ <para>
+ Default: shadowMin
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ldap_user_shadow_max (string)</term>
+ <listitem>
+ <para>
+ When using ldap_pwd_policy=shadow, this parameter
+ contains the name of an LDAP attribute corresponding
+ to its
+ <citerefentry>
+ <refentrytitle>shadow</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry> counterpart (maximum password age).
+ </para>
+ <para>
+ Default: shadowMax
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ldap_user_shadow_warning (string)</term>
+ <listitem>
+ <para>
+ When using ldap_pwd_policy=shadow, this parameter
+ contains the name of an LDAP attribute corresponding
+ to its
+ <citerefentry>
+ <refentrytitle>shadow</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry> counterpart (password warning
+ period).
+ </para>
+ <para>
+ Default: shadowWarning
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ldap_user_shadow_inactive (string)</term>
+ <listitem>
+ <para>
+ When using ldap_pwd_policy=shadow, this parameter
+ contains the name of an LDAP attribute corresponding
+ to its
+ <citerefentry>
+ <refentrytitle>shadow</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry> counterpart (password inactivity
+ period).
+ </para>
+ <para>
+ Default: shadowInactive
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ldap_user_shadow_expire (string)</term>
+ <listitem>
+ <para>
+ When using ldap_pwd_policy=shadow, this parameter
+ contains the name of an LDAP attribute corresponding
+ to its
+ <citerefentry>
+ <refentrytitle>shadow</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry> counterpart (account expiration date).
+ </para>
+ <para>
+ Default: shadowExpire
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ldap_user_krb_last_pwd_change (string)</term>
+ <listitem>
+ <para>
+ When using ldap_pwd_policy=mit_kerberos, this
+ parameter contains the name of an LDAP attribute
+ storing the date and time of last password change
+ in kerberos.
+ </para>
+ <para>
+ Default: krbLastPwdChange
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ldap_user_krb_password_expiration (string)</term>
+ <listitem>
+ <para>
+ When using ldap_pwd_policy=mit_kerberos, this
+ parameter contains the name of an LDAP attribute
+ storing the date and time when current password
+ expires.
+ </para>
+ <para>
+ Default: krbPasswordExpiration
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>ldap_user_principal (string)</term>
<listitem>
<para>
@@ -282,6 +436,20 @@
</varlistentry>
<varlistentry>
+ <term>ldap_enumeration_refresh_timeout (integer)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains how many seconds
+ SSSD has to wait before refreshing its cache of
+ enumerated records.
+ </para>
+ <para>
+ Default: 300
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>ldap_user_fullname (string)</term>
<listitem>
<para>
@@ -386,6 +554,38 @@
</varlistentry>
<varlistentry>
+ <term>ldap_group_modify_timestamp (string)</term>
+ <listitem>
+ <para>
+ The LDAP attribute that contains timestamp of the
+ last modification of the parental object.
+ </para>
+ <para>
+ Default: modifyTimestamp
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ldap_search_timeout (integer)</term>
+ <listitem>
+ <para>
+ Specifies the timeout (in seconds) that ldap searches
+ are allowed to run before they are cancelled and
+ cached results are returned (and offline mode is
+ entered)
+
+ Note: this option is subject to change in future versions
+ of the SSSD. It will likely be replaced at some point by
+ a series of timeouts for specific lookup types.
+ </para>
+ <para>
+ Default: 60
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>ldap_network_timeout (integer)</term>
<listitem>
<para>
@@ -406,7 +606,7 @@
returns in case of no activity.
</para>
<para>
- Default: 5
+ Default: 6
</para>
</listitem>
</varlistentry>
@@ -421,7 +621,7 @@
when communicating with the KDC in case of SASL bind.
</para>
<para>
- Default: 5
+ Default: 6
</para>
</listitem>
</varlistentry>
--
1.7.2.1
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
