On Fri, 2012-07-20 at 08:11 -0400, Stephen Gallagher wrote: > On Fri, 2012-07-20 at 11:43 +0200, Jakub Hrozek wrote: > > On Thu, Jul 19, 2012 at 02:45:40PM -0400, Stephen Gallagher wrote: > > > Patch 0001: List all available backends for provider options > > > > > > Fixes https://fedorahosted.org/sssd/ticket/1432 > > > > > > > I think you forgot to remove the sentence saying "The Data Provider > > identity backend to use for this domain" from the "id_provider" > > description. The manpage renders like this for me now: > > -------------------------------------- > > id_provider (string) > > The identification provider used for the domain. Supported ID providers > > are: > > > > Supported backends: > > > > The Data Provider identity backend to use for this domain. proxy: > > Support a legacy NSS provider > > -------------------------------------- > > > > Good catch, thanks. Looks like an accidental middle-click. My old > nemesis. > > New patches attached.
One further fix based on Jakub's review on IRC.
From f849d881b26b23e39b232cebe9b327ce34c1976d Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <sgall...@redhat.com> Date: Thu, 19 Jul 2012 13:56:00 -0400 Subject: [PATCH 1/2] MAN: List all available backends for provider options https://fedorahosted.org/sssd/ticket/1432 --- src/man/sssd.conf.5.xml | 100 ++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 85 insertions(+), 15 deletions(-) diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 68737b2c598e2eb12ce680b915eba9f44065034c..dbacf7aaa65ba243f7421effba164636e7c55c55 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -1056,20 +1056,40 @@ <term>id_provider (string)</term> <listitem> <para> - The Data Provider identity backend to use for this - domain. - </para> - <para> - Supported backends: + The identification provider used for the domain. + Supported ID providers are: </para> <para> proxy: Support a legacy NSS provider </para> <para> - local: SSSD internal local provider + <quote>local</quote>: SSSD internal provider for + local users </para> <para> - ldap: LDAP provider + <quote>ldap</quote>: LDAP provider. See + <citerefentry> + <refentrytitle>sssd-ldap</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> for more information on + configuring LDAP. + </para> + <para> + <quote>ipa</quote>: FreeIPA and Red Hat Enterprise + Identity Management provider. See + <citerefentry> + <refentrytitle>sssd-ipa</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> for more information on + configuring FreeIPA. + </para> + <para> + <quote>ad</quote>: Active Directory provider. See + <citerefentry> + <refentrytitle>sssd-ipa</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> for more information on + configuring Active Directory. </para> </listitem> </varlistentry> @@ -1117,6 +1137,23 @@ </citerefentry> for more information on configuring Kerberos. </para> <para> + <quote>ipa</quote>: FreeIPA and Red Hat Enterprise + Identity Management provider. See + <citerefentry> + <refentrytitle>sssd-ipa</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> for more information on + configuring FreeIPA. + </para> + <para> + <quote>ad</quote>: Active Directory provider. See + <citerefentry> + <refentrytitle>sssd-ad</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> for more information on + configuring Active Directory. + </para> + <para> <quote>proxy</quote> for relaying authentication to some other PAM target. </para> <para> @@ -1144,6 +1181,30 @@ <quote>deny</quote> always deny access. </para> <para> + <quote>ldap</quote> for native LDAP authentication. See + <citerefentry> + <refentrytitle>sssd-ldap</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> for more information on configuring LDAP. + </para> + <para> + <quote>ipa</quote>: FreeIPA and Red Hat Enterprise + Identity Management provider. See + <citerefentry> + <refentrytitle>sssd-ipa</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> for more information on + configuring FreeIPA. + </para> + <para> + <quote>ad</quote>: Active Directory provider. See + <citerefentry> + <refentrytitle>sssd-ad</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> for more information on + configuring Active Directory. + </para> + <para> <quote>simple</quote> access control based on access or deny lists. See <citerefentry> <refentrytitle>sssd-simple</refentrytitle> @@ -1164,14 +1225,6 @@ Supported change password providers are: </para> <para> - <quote>ipa</quote> to change a password stored - in an IPA server. See - <citerefentry> - <refentrytitle>sssd-ipa</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry> for more information on configuring IPA. - </para> - <para> <quote>ldap</quote> to change a password stored in a LDAP server. See <citerefentry> @@ -1188,6 +1241,23 @@ </citerefentry> for more information on configuring Kerberos. </para> <para> + <quote>ipa</quote>: FreeIPA and Red Hat Enterprise + Identity Management provider. See + <citerefentry> + <refentrytitle>sssd-ipa</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> for more information on + configuring FreeIPA. + </para> + <para> + <quote>ad</quote>: Active Directory provider. See + <citerefentry> + <refentrytitle>sssd-ad</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> for more information on + configuring Active Directory. + </para> + <para> <quote>proxy</quote> for relaying password changes to some other PAM target. </para> -- 1.7.10.4
From beb92f6760e4bc88e9407cd2359788d22a90f270 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <sgall...@redhat.com> Date: Thu, 19 Jul 2012 14:42:41 -0400 Subject: [PATCH 2/2] MAN: Improvements to the AD provider manpage Add information about ID mapping (including how to disable it) as well as information on how to handle homedir and shell. https://fedorahosted.org/sssd/ticket/1433 --- src/man/sssd-ad.5.xml | 98 +++++++++++++++++++++++++++++++++++++++++++++++ src/man/sssd.conf.5.xml | 16 ++++++++ 2 files changed, 114 insertions(+) diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 46660b306250ace449d16fd40cab373875eb64a6..b218839ecbda4e7cba443627fbe49135227822e0 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -59,6 +59,16 @@ provider. No configuration of the access provider is required on the client side. </para> + <para> + By default, the AD provider will map UID and GID values from the + objectSID parameter in Active Directory. For details on this, see + the <quote>ID MAPPING</quote> section below. If you want to + disable ID mapping and instead rely on POSIX attributes defined in + Active Directory, you should set + <programlisting> +ldap_id_mapping = False + </programlisting> + </para> </refsect1> <refsect1 id='file-format'> @@ -118,6 +128,92 @@ </listitem> </varlistentry> + <varlistentry> + <term>override_homedir (string)</term> + <listitem> + <para> + Override the user's home directory. You + can either provide an absolute value or a + template. In the template, the following + sequences are substituted: + <variablelist> + <varlistentry> + <term>%u</term> + <listitem><para>login name</para></listitem> + </varlistentry> + <varlistentry> + <term>%U</term> + <listitem><para>UID number</para></listitem> + </varlistentry> + <varlistentry> + <term>%d</term> + <listitem><para>domain name</para></listitem> + </varlistentry> + <varlistentry> + <term>%f</term> + <listitem><para>fully qualified user name (user@domain)</para></listitem> + </varlistentry> + <varlistentry> + <term>%%</term> + <listitem><para>a literal '%'</para> + </listitem> + </varlistentry> + </variablelist> + </para> + <para> + This option can also be set per-domain. + </para> + <para> + example: + <programlisting> +override_homedir = /home/%u + </programlisting> + </para> + <para> + Default: Not set (SSSD will use the value + retrieved from LDAP) + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>fallback_homedir (string)</term> + <listitem> + <para> + Set a default template for a user's home directory + if one is not specified explicitly by the domain's + data provider. + </para> + <para> + The available values for this option are the same + as for override_homedir. + </para> + <para> + example: + <programlisting> +fallback_homedir = /home/%u + </programlisting> + </para> + <para> + Default: not set (no substitution for unset home + directories) + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>default_shell</term> + <listitem> + <para> + The default shell to use if the provider does not + return one during lookup. This option supersedes + any other shell options if it takes effect. + </para> + <para> + Default: not set (Return NULL if no shell is + specified and rely on libc to substitute something + sensible when necessary, usually /bin/sh) + </para> + </listitem> + </varlistentry> </variablelist> </para> </refsect1> @@ -126,6 +222,8 @@ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="include/service_discovery.xml" /> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="include/ldap_id_mapping.xml" /> + <refsect1 id='example'> <title>EXAMPLE</title> <para> diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index dbacf7aaa65ba243f7421effba164636e7c55c55..d19cfd48b8157a7ab016d7d802d127f7841d0692 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -449,6 +449,16 @@ <para> This option can also be set per-domain. </para> + <para> + example: + <programlisting> +override_homedir = /home/%u + </programlisting> + </para> + <para> + Default: Not set (SSSD will use the value + retrieved from LDAP) + </para> </listitem> </varlistentry> <varlistentry> @@ -464,6 +474,12 @@ as for override_homedir. </para> <para> + example: + <programlisting> +override_homedir = /home/%u + </programlisting> + </para> + <para> Default: not set (no substitution for unset home directories) </para> -- 1.7.10.4
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
