1
# SOME DESCRIPTIVE TITLE
2
# Copyright (C) YEAR Red Hat
3
# This file is distributed under the same license as the sssd-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
8
"Project-Id-Version: SSSD\n"
9
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
10
"POT-Creation-Date: 2011-05-27 15:50-0300\n"
11
"PO-Revision-Date: 2011-03-10 00:18+0000\n"
12
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
13
"Language-Team: Spanish (Castilian) <None>\n"
16
"Content-Type: text/plain; charset=UTF-8\n"
17
"Content-Transfer-Encoding: 8bit\n"
18
"Plural-Forms: nplurals=2; plural=(n != 1)\n"
20
#. type: Content of: <reference><title>
21
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
22
#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
23
#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
24
#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
25
#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
26
msgid "SSSD Manual pages"
27
msgstr "Páginas de manual de SSSD"
29
#. type: Content of: <reference><refentry><refnamediv><refname>
30
#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
34
#. type: Content of: <reference><refentry><refmeta><manvolnum>
35
#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
36
#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
37
#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
38
#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
42
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
43
#: sss_groupmod.8.xml:16
44
msgid "modify a group"
45
msgstr "modifica un grupo"
47
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
48
#: sss_groupmod.8.xml:21
50
"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
51
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
54
"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
55
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
58
#. type: Content of: <reference><refentry><refsect1><title>
59
#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:41
60
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
61
#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
62
#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
63
#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
67
#. type: Content of: <reference><refentry><refsect1><para>
68
#: sss_groupmod.8.xml:32
70
"<command>sss_groupmod</command> modifies the group to reflect the changes "
71
"that are specified on the command line."
73
"<command>sss_groupmod</command> modifica el grupo para reflejar los cambios "
74
"indicados en la línea de comandos."
76
#. type: Content of: <reference><refentry><refsect1><title>
77
#: sss_groupmod.8.xml:39 pam_sss.8.xml:48 sssd.8.xml:42 sss_obfuscate.8.xml:58
78
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
79
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
83
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
84
#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
86
"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
89
"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
92
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
93
#: sss_groupmod.8.xml:48
95
"Append this group to groups specified by the <replaceable>GROUPS</"
96
"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
97
"a comma separated list of group names."
99
"Agrega este grupo a otros grupos que hayan sido indicados con el parámetro "
100
"<replaceable>GROUPS</replaceable>. El parámetros <replaceable>GROUPS</"
101
"replaceable> es una lista de nombres de grupos separados por comas."
103
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
104
#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
106
"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
109
"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
112
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
113
#: sss_groupmod.8.xml:62
115
"Remove this group from groups specified by the <replaceable>GROUPS</"
116
"replaceable> parameter."
118
"Elimina este grupo de los grupos especificados con el parámetro "
119
"<replaceable>GROUPS</replaceable>"
121
#. type: Content of: <reference><refentry><refsect1><title>
122
#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1418
123
#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
124
#: sssd-ipa.5.xml:206 sssd.8.xml:166 sss_obfuscate.8.xml:103
125
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
126
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
127
#: sss_usermod.8.xml:138
131
#. type: Content of: <reference><refentry><refsect1><para>
132
#: sss_groupmod.8.xml:74
134
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
135
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
136
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
137
"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
138
"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
139
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
140
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
141
"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
142
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
144
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
145
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
146
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
147
"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
148
"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
149
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
150
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
151
"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
152
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
154
#. type: Content of: <reference><refentry><refnamediv><refname>
155
#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
159
#. type: Content of: <reference><refentry><refmeta><manvolnum>
160
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
161
#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
165
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
166
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
167
#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
168
msgid "File Formats and Conventions"
169
msgstr "Formatos de archivo y convenciones"
171
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
172
#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
173
#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
174
msgid "the configuration file for SSSD"
175
msgstr "El archivo de configuración de SSSD"
177
#. type: Content of: <reference><refentry><refsect1><title>
178
#: sssd.conf.5.xml:21
180
msgstr "Formato de archivo"
182
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
183
#: sssd.conf.5.xml:29
186
" <replaceable>[section]</replaceable>\n"
187
" <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
188
" <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
191
" <replaceable>[section]</replaceable>\n"
192
" <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
193
" <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
196
#. type: Content of: <reference><refentry><refsect1><para>
197
#: sssd.conf.5.xml:24
199
"The file has an ini-style syntax and consists of sections and parameters. A "
200
"section begins with the name of the section in square brackets and continues "
201
"until the next section begins. An example of section with single and multi-"
202
"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
204
"El archivo posee una sintaxis de tipo ini consistente de secciones y "
205
"parámetros. Una sección comienza con el nombre de dicha sección colocado "
206
"entre corchetes, y continua hasta que comienza la próxima sección. Este es "
207
"un ejemplo de una sección con parámetros de valores simples y múltiples: "
208
"<placeholder type=\"programlisting\" id=\"0\"/>"
210
#. type: Content of: <reference><refentry><refsect1><para>
211
#: sssd.conf.5.xml:36
213
"The data types used are string (no quotes needed), integer and bool (with "
214
"values of <quote>TRUE/FALSE</quote>)."
216
"Los tipos de datos utilizados son cadenas (no es necesario ingresarlos entre "
217
"comillas), enteros o booleanos (cuyos valores son <quote>TRUE/FALSE</quote>)."
219
#. type: Content of: <reference><refentry><refsect1><para>
220
#: sssd.conf.5.xml:41
222
"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
225
"Una línea que ha sido comentada es iniciada con el símbolo numeral "
226
"(<quote>#</quote>) o con un punto y coma (<quote>;</quote>)"
228
#. type: Content of: <reference><refentry><refsect1><para>
229
#: sssd.conf.5.xml:46
231
"All sections can have an optional <replaceable>description</replaceable> "
232
"parameter. Its function is only as a label for the section."
234
"Todas las secciones pueden tener un parámetro opcional de "
235
"<replaceable>descripción</replaceable>. Su función es solo la de servir como "
236
"etiqueta a tal sección."
238
#. type: Content of: <reference><refentry><refsect1><para>
239
#: sssd.conf.5.xml:52
241
"<filename>sssd.conf</filename> must be a regular file, owned by root and "
242
"only root may read from or write to the file."
244
"<filename>sssd.conf</filename> debe ser un archivo regular, cuyo dueño sea "
245
"el usuario root, y sólo este usuario podrá tener permisos de lectura y "
246
"escritura sobre él."
248
#. type: Content of: <reference><refentry><refsect1><title>
249
#: sssd.conf.5.xml:58
250
msgid "SPECIAL SECTIONS"
251
msgstr "SECCIONES ESPECIALES"
253
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
254
#: sssd.conf.5.xml:61
255
msgid "The [sssd] section"
256
msgstr "La sección [sssd]"
258
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
259
#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
260
msgid "Section parameters"
261
msgstr "Parámetros de sección"
263
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
264
#: sssd.conf.5.xml:72
265
msgid "config_file_version (integer)"
266
msgstr "config_file_version (entero)"
268
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
269
#: sssd.conf.5.xml:75
271
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
274
"Indica cuál es la sintaxis del archivo de configuración. SSSD 0.6.0 y "
275
"posteriores utilizan una versión 2."
277
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
278
#: sssd.conf.5.xml:81
282
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
283
#: sssd.conf.5.xml:84
285
"Comma separated list of services that are started when sssd itself starts."
287
"Una lista separadas por comas de los servicios que son iniciados cuando se "
290
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
291
#: sssd.conf.5.xml:88
292
msgid "Supported services: nss, pam"
293
msgstr "Servicios soportados: nss, pam"
295
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
296
#: sssd.conf.5.xml:93 sssd.conf.5.xml:234
297
msgid "reconnection_retries (integer)"
298
msgstr "reconnection_retries (entero)"
300
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
301
#: sssd.conf.5.xml:96 sssd.conf.5.xml:237
303
"Number of times services should attempt to reconnect in the event of a Data "
304
"Provider crash or restart before they give up"
306
"Cantidad de intentos de reconexión de los servicios ante una eventual caída "
307
"de datos del proveedor, o de reiniciarse antes de abandonar"
309
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
310
#: sssd.conf.5.xml:101 sssd.conf.5.xml:242
312
msgstr "Predeterminado: 3"
314
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
315
#: sssd.conf.5.xml:106
319
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
320
#: sssd.conf.5.xml:109
322
"A domain is a database containing user information. SSSD can use more "
323
"domains at the same time, but at least one must be configured or SSSD won't "
324
"start. This parameter described the list of domains in the order you want "
325
"them to be queried."
327
"Un dominio es una base datos que contiene información del usuario. SSSD "
328
"puede utilizar varios dominios al mismo tiempo, pero al menos uno debe ser "
329
"configurado. De lo contrario SSSD no podrá iniciarse. Este parámetro "
330
"describe una lista de los dominios, en el orden en que se prefiera que sean "
333
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
334
#: sssd.conf.5.xml:119
335
msgid "re_expression (string)"
336
msgstr "re_expression (cadena)"
338
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
339
#: sssd.conf.5.xml:122
341
"Regular expression that describes how to parse the string containing user "
342
"name and domain into these components."
344
"Expresiones regulares que describen cómo analizar la cadena, conteniendo "
345
"nombre de usuariosy dominio en estos componentes."
347
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
348
#: sssd.conf.5.xml:126
350
"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> "
351
"which translates to \"the name is everything up to the <quote>@</quote> "
352
"sign, the domain everything after that\""
354
"Predeterminado: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</"
355
"quote> que traduce al \"todo lo que hay hasta el signo <quote>@</quote> es "
356
"el nombre, el dominio es el resto detrás de este signo\""
358
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
359
#: sssd.conf.5.xml:131
361
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
362
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
363
"version 7 or higher can support non-unique named subpatterns."
366
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
367
#: sssd.conf.5.xml:138
369
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
370
"P<name>) to label subpatterns."
372
"POR FAVOR TENGA EN CUENTA ADEMAS: Versiones anteriores de libpcre sólo "
373
"soportan la sintaxis Python (?P<name>) para identificar subpatrones."
375
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
376
#: sssd.conf.5.xml:145
377
msgid "full_name_format (string)"
378
msgstr "full_name_format (cadena)"
380
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
381
#: sssd.conf.5.xml:148
383
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
384
"manvolnum> </citerefentry>-compatible format that describes how to translate "
385
"a (name, domain) tuple into a fully qualified name."
387
"Un formato compatible con <citerefentry> <refentrytitle>printf</"
388
"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> que describe cómo "
389
"traducir una tupla (nombre, dominio), a un nombre totalmente calificado."
391
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
392
#: sssd.conf.5.xml:156
393
msgid "Default: <quote>%1$s@%2$s</quote>."
394
msgstr "Predeterminado: <quote>%1$s@%2$s</quote>."
396
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
397
#: sssd.conf.5.xml:161
398
msgid "try_inotify (boolean)"
399
msgstr "try_inotify (booleano)"
401
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
402
#: sssd.conf.5.xml:164
404
"SSSD monitors the state of resolv.conf to identify when it needs to update "
405
"its internal DNS resolver. By default, we will attempt to use inotify for "
406
"this, and will fall back to polling resolv.conf every five seconds if "
407
"inotify cannot be used."
409
"SSSD monitorea el estado de resolv.conf para saber cuando es necesario "
410
"actualizar su resolutor DNS interno. Por defecto, intentaremos utilizar para "
411
"ello la herramienta inotify, quien consultará a resolv.conf cada cinco "
412
"segundos en caso que inotify no pueda ser utilizado."
414
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
415
#: sssd.conf.5.xml:172
417
"There are some limited situations where it is preferred that we should skip "
418
"even trying to use inotify. In these rare cases, this option should be set "
421
"Existen algunas pocas situaciones en donde lo preferible es evitar el uso de "
422
"inotify. En estas raras excepciones, la opción debería ser definida en "
425
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
426
#: sssd.conf.5.xml:178
428
"Default: true on platforms where inotify is supported. False on other "
431
"Predeterminado: 'true' en plataformas donde inotify tenga soporte. 'False' "
432
"en el resto de las plataformas."
434
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
435
#: sssd.conf.5.xml:182
437
"Note: this option will have no effect on platforms where inotify is "
438
"unavailable. On these platforms, polling will always be used."
440
"Nota: esta opción no tendrá efecto en plataformas donde inotify no se "
441
"encuenytre disponible. En estas plataformas, la consulta (polling) será "
444
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
445
#: sssd.conf.5.xml:63
447
"Individual pieces of SSSD functionality are provided by special SSSD "
448
"services that are started and stopped together with SSSD. The services are "
449
"managed by a special service frequently called <quote>monitor</quote>. The "
450
"<quote>[sssd]</quote> section is used to configure the monitor as well as "
451
"some other important options like the identity domains. <placeholder type="
452
"\"variablelist\" id=\"0\"/>"
455
#. type: Content of: <reference><refentry><refsect1><title>
456
#: sssd.conf.5.xml:195
457
msgid "SERVICES SECTIONS"
458
msgstr "SECCIONES DE SERVICIOS"
460
#. type: Content of: <reference><refentry><refsect1><para>
461
#: sssd.conf.5.xml:197
463
"Settings that can be used to configure different services are described in "
464
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
465
"section, for example, for NSS service, the section would be <quote>[nss]</"
469
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
470
#: sssd.conf.5.xml:204
471
msgid "General service configuration options"
474
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
475
#: sssd.conf.5.xml:206
476
msgid "These options can be used to configure any service."
479
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
480
#: sssd.conf.5.xml:210
481
msgid "debug_level (integer)"
484
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
485
#: sssd.conf.5.xml:213
487
"Sets the debug level for the service. The value can be in range from 0 (only "
488
"critical messages) to 10 (very verbose)."
491
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
492
#: sssd.conf.5.xml:218 sssd.conf.5.xml:312
496
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
497
#: sssd.conf.5.xml:223 sssd.8.xml:58
498
msgid "debug_timestamps (bool)"
501
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
502
#: sssd.conf.5.xml:226 sssd.8.xml:61
503
msgid "Add a timestamp to the debug messages"
506
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
507
#: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:1044
508
#: sssd-ldap.5.xml:1149 sssd-ipa.5.xml:155
509
msgid "Default: true"
512
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
513
#: sssd.conf.5.xml:247
514
msgid "command (string)"
517
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
518
#: sssd.conf.5.xml:250
520
"By default, the executable representing this service is called <command>sssd_"
521
"${service_name}</command>. This directive allows to change the executable "
522
"name for the service. In the vast majority of configurations, the default "
523
"values should suffice."
526
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
527
#: sssd.conf.5.xml:258
528
msgid "Default: <command>sssd_${service_name}</command>"
531
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
532
#: sssd.conf.5.xml:266
533
msgid "NSS configuration options"
536
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
537
#: sssd.conf.5.xml:268
539
"These options can be used to configure the Name Service Switch (NSS) service."
542
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
543
#: sssd.conf.5.xml:273
544
msgid "enum_cache_timeout (integer)"
547
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
548
#: sssd.conf.5.xml:276
550
"How many seconds should nss_sss cache enumerations (requests for info about "
554
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
555
#: sssd.conf.5.xml:280
559
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
560
#: sssd.conf.5.xml:285
561
msgid "entry_cache_nowait_percentage (integer)"
564
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
565
#: sssd.conf.5.xml:288
567
"The entry cache can be set to automatically update entries in the background "
568
"if they are requested beyond a percentage of the entry_cache_timeout value "
572
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
573
#: sssd.conf.5.xml:294
575
"For example, if the domain's entry_cache_timeout is set to 30s and "
576
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
577
"after 15 seconds past the last cache update will be returned immediately, "
578
"but the SSSD will go and update the cache on its own, so that future "
579
"requests will not need to block waiting for a cache update."
582
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
583
#: sssd.conf.5.xml:304
585
"Valid values for this option are 0-99 and represent a percentage of the "
586
"entry_cache_timeout for each domain. For performance reasons, this "
587
"percentage will never reduce the nowait timeout to less than 10 seconds. (0 "
588
"disables this feature)"
591
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
592
#: sssd.conf.5.xml:317
593
msgid "entry_negative_timeout (integer)"
596
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
597
#: sssd.conf.5.xml:320
599
"Specifies for how many seconds nss_sss should cache negative cache hits "
600
"(that is, queries for invalid database entries, like nonexistent ones) "
601
"before asking the back end again."
604
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
605
#: sssd.conf.5.xml:326 sssd-krb5.5.xml:223
609
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
610
#: sssd.conf.5.xml:331
611
msgid "filter_users, filter_groups (string)"
614
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
615
#: sssd.conf.5.xml:334
617
"Exclude certain users from being fetched from the sss NSS database. This is "
618
"particularly useful for system accounts. This option can also be set per-"
619
"domain or include fully-qualified names to filter only users from the "
623
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
624
#: sssd.conf.5.xml:341
625
msgid "Default: root"
628
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
629
#: sssd.conf.5.xml:346
630
msgid "filter_users_in_groups (bool)"
633
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
634
#: sssd.conf.5.xml:349
636
"If you want filtered user still be group members set this option to false."
639
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
640
#: sssd.conf.5.xml:360
641
msgid "PAM configuration options"
644
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
645
#: sssd.conf.5.xml:362
647
"These options can be used to configure the Pluggable Authentication Module "
651
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
652
#: sssd.conf.5.xml:367
653
msgid "offline_credentials_expiration (integer)"
656
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
657
#: sssd.conf.5.xml:370
659
"If the authentication provider is offline, how long should we allow cached "
660
"logins (in days since the last successful online login)."
663
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
664
#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
665
msgid "Default: 0 (No limit)"
668
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
669
#: sssd.conf.5.xml:381
670
msgid "offline_failed_login_attempts (integer)"
673
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
674
#: sssd.conf.5.xml:384
676
"If the authentication provider is offline, how many failed login attempts "
680
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
681
#: sssd.conf.5.xml:394
682
msgid "offline_failed_login_delay (integer)"
685
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
686
#: sssd.conf.5.xml:397
688
"The time in minutes which has to pass after offline_failed_login_attempts "
689
"has been reached before a new login attempt is possible."
692
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
693
#: sssd.conf.5.xml:402
695
"If set to 0 the user cannot authenticate offline if "
696
"offline_failed_login_attempts has been reached. Only a successful online "
697
"authentication can enable enable offline authentication again."
700
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
701
#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
705
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
706
#: sssd.conf.5.xml:414
707
msgid "pam_verbosity (integer)"
710
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
711
#: sssd.conf.5.xml:417
713
"Controls what kind of messages are shown to the user during authentication. "
714
"The higher the number to more messages are displayed."
717
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
718
#: sssd.conf.5.xml:422
719
msgid "Currently sssd supports the following values:"
722
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
723
#: sssd.conf.5.xml:425
724
msgid "<emphasis>0</emphasis>: do not show any message"
727
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
728
#: sssd.conf.5.xml:428
729
msgid "<emphasis>1</emphasis>: show only important messages"
732
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
733
#: sssd.conf.5.xml:432
734
msgid "<emphasis>2</emphasis>: show informational messages"
737
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
738
#: sssd.conf.5.xml:435
739
msgid "<emphasis>3</emphasis>: show all messages and debug information"
742
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
743
#: sssd.conf.5.xml:439
747
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
748
#: sssd.conf.5.xml:444
749
msgid "pam_id_timeout (integer)"
752
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
753
#: sssd.conf.5.xml:447
755
"For any PAM request while SSSD is online, the SSSD will attempt to "
756
"immediately update the cached identity information for the user in order to "
757
"ensure that authentication takes place with the latest information."
760
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
761
#: sssd.conf.5.xml:453
763
"A complete PAM conversation may perform multiple PAM requests, such as "
764
"account management and session opening. This option controls (on a per-"
765
"client-application basis) how long (in seconds) we can cache the identity "
766
"information to avoid excessive round-trips to the identity provider."
769
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
770
#: sssd.conf.5.xml:467
771
msgid "pam_pwd_expiration_warning (integer)"
774
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
775
#: sssd.conf.5.xml:470
776
msgid "Display a warning N days before the password expires."
779
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
780
#: sssd.conf.5.xml:473
782
"Please note that the backend server has to provide information about the "
783
"expiration time of the password. If this information is missing, sssd "
784
"cannot display a warning."
787
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
788
#: sssd.conf.5.xml:479
792
#. type: Content of: <reference><refentry><refsect1><title>
793
#: sssd.conf.5.xml:488
794
msgid "DOMAIN SECTIONS"
797
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
798
#: sssd.conf.5.xml:495
799
msgid "min_id,max_id (integer)"
802
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
803
#: sssd.conf.5.xml:498
805
"UID and GID limits for the domain. If a domain contains an entry that is "
806
"outside these limits, it is ignored."
809
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
810
#: sssd.conf.5.xml:503
812
"For users, this affects the primary GID limit. The user will not be returned "
813
"to NSS if either the UID or the primary GID is outside the range. For non-"
814
"primary group memberships, those that are in range will be reported as "
818
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
819
#: sssd.conf.5.xml:510
820
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
823
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
824
#: sssd.conf.5.xml:516
825
msgid "timeout (integer)"
828
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
829
#: sssd.conf.5.xml:519
831
"Timeout in seconds between heartbeats for this domain. This is used to "
832
"ensure that the backend process is alive and capable of answering requests."
835
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
836
#: sssd.conf.5.xml:524
840
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
841
#: sssd.conf.5.xml:530
842
msgid "enumerate (bool)"
845
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
846
#: sssd.conf.5.xml:533
848
"Determines if a domain can be enumerated. This parameter can have one of the "
852
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
853
#: sssd.conf.5.xml:537
854
msgid "TRUE = Users and groups are enumerated"
857
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
858
#: sssd.conf.5.xml:540
859
msgid "FALSE = No enumerations for this domain"
862
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
863
#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
864
msgid "Default: FALSE"
867
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
868
#: sssd.conf.5.xml:546
870
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
871
"enumeration is running. It may take up to several minutes after SSSD startup "
872
"to fully complete enumerations. During this time, individual requests for "
873
"information will go directly to LDAP, though it may be slow, due to the "
874
"heavy enumeration processing."
877
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
878
#: sssd.conf.5.xml:556
880
"While the first enumeration is running, requests for the complete user or "
881
"group lists may return no results until it completes."
884
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
885
#: sssd.conf.5.xml:561
887
"Further, enabling enumeration may increase the time necessary to detect "
888
"network disconnection, as longer timeouts are required to ensure that "
889
"enumeration lookups are completed successfully. For more information, refer "
890
"to the man pages for the specific id_provider in use."
893
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
894
#: sssd.conf.5.xml:572
895
msgid "entry_cache_timeout (integer)"
898
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
899
#: sssd.conf.5.xml:575
901
"How many seconds should nss_sss consider entries valid before asking the "
905
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
906
#: sssd.conf.5.xml:579
907
msgid "Default: 5400"
910
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
911
#: sssd.conf.5.xml:584
912
msgid "cache_credentials (bool)"
915
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
916
#: sssd.conf.5.xml:587
917
msgid "Determines if user credentials are also cached in the local LDB cache"
920
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
921
#: sssd.conf.5.xml:596
922
msgid "account_cache_expiration (integer)"
925
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
926
#: sssd.conf.5.xml:599
928
"Number of days entries are left in cache after last successful login before "
929
"being removed during a cleanup of the cache. 0 means keep forever. The "
930
"value of this parameter must be greater than or equal to "
931
"offline_credentials_expiration."
934
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
935
#: sssd.conf.5.xml:606
936
msgid "Default: 0 (unlimited)"
939
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
940
#: sssd.conf.5.xml:612
941
msgid "id_provider (string)"
944
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
945
#: sssd.conf.5.xml:615
946
msgid "The Data Provider identity backend to use for this domain."
949
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
950
#: sssd.conf.5.xml:619
951
msgid "Supported backends:"
954
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
955
#: sssd.conf.5.xml:622
956
msgid "proxy: Support a legacy NSS provider"
959
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
960
#: sssd.conf.5.xml:625
961
msgid "local: SSSD internal local provider"
964
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
965
#: sssd.conf.5.xml:628
966
msgid "ldap: LDAP provider"
969
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
970
#: sssd.conf.5.xml:634
971
msgid "use_fully_qualified_names (bool)"
974
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
975
#: sssd.conf.5.xml:637
977
"If set to TRUE, all requests to this domain must use fully qualified names. "
978
"For example, if used in LOCAL domain that contains a \"test\" user, "
979
"<command>getent passwd test</command> wouldn't find the user while "
980
"<command>getent passwd test@LOCAL</command> would."
983
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
984
#: sssd.conf.5.xml:650
985
msgid "auth_provider (string)"
988
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
989
#: sssd.conf.5.xml:653
991
"The authentication provider used for the domain. Supported auth providers "
995
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
996
#: sssd.conf.5.xml:657
998
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
999
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
1000
"citerefentry> for more information on configuring LDAP."
1003
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1004
#: sssd.conf.5.xml:664
1006
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
1007
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
1008
"citerefentry> for more information on configuring Kerberos."
1011
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1012
#: sssd.conf.5.xml:671
1014
"<quote>proxy</quote> for relaying authentication to some other PAM target."
1017
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1018
#: sssd.conf.5.xml:674
1019
msgid "<quote>none</quote> disables authentication explicitly."
1022
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1023
#: sssd.conf.5.xml:677
1025
"Default: <quote>id_provider</quote> is used if it is set and can handle "
1026
"authentication requests."
1029
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1030
#: sssd.conf.5.xml:683
1031
msgid "access_provider (string)"
1034
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1035
#: sssd.conf.5.xml:686
1037
"The access control provider used for the domain. There are two built-in "
1038
"access providers (in addition to any included in installed backends) "
1039
"Internal special providers are:"
1042
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1043
#: sssd.conf.5.xml:692
1044
msgid "<quote>permit</quote> always allow access."
1047
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1048
#: sssd.conf.5.xml:695
1049
msgid "<quote>deny</quote> always deny access."
1052
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1053
#: sssd.conf.5.xml:698
1055
"<quote>simple</quote> access control based on access or deny lists. See "
1056
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
1057
"manvolnum></citerefentry> for more information on configuring the simple "
1061
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1062
#: sssd.conf.5.xml:705
1063
msgid "Default: <quote>permit</quote>"
1066
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1067
#: sssd.conf.5.xml:710
1068
msgid "chpass_provider (string)"
1071
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1072
#: sssd.conf.5.xml:713
1074
"The provider which should handle change password operations for the domain. "
1075
"Supported change password providers are:"
1078
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1079
#: sssd.conf.5.xml:718
1081
"<quote>ipa</quote> to change a password stored in an IPA server. See "
1082
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
1083
"manvolnum> </citerefentry> for more information on configuring IPA."
1086
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1087
#: sssd.conf.5.xml:726
1089
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
1090
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
1091
"manvolnum> </citerefentry> for more information on configuring LDAP."
1094
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1095
#: sssd.conf.5.xml:734
1097
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
1098
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
1099
"citerefentry> for more information on configuring Kerberos."
1102
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1103
#: sssd.conf.5.xml:742
1105
"<quote>proxy</quote> for relaying password changes to some other PAM target."
1108
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1109
#: sssd.conf.5.xml:746
1110
msgid "<quote>none</quote> disallows password changes explicitly."
1113
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1114
#: sssd.conf.5.xml:749
1116
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
1117
"change password requests."
1120
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1121
#: sssd.conf.5.xml:756
1122
msgid "lookup_family_order (string)"
1125
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1126
#: sssd.conf.5.xml:759
1128
"Provides the ability to select preferred address family to use when "
1129
"performing DNS lookups."
1132
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1133
#: sssd.conf.5.xml:763
1134
msgid "Supported values:"
1137
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1138
#: sssd.conf.5.xml:766
1139
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
1142
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1143
#: sssd.conf.5.xml:769
1144
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
1147
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1148
#: sssd.conf.5.xml:772
1149
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
1152
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1153
#: sssd.conf.5.xml:775
1154
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
1157
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1158
#: sssd.conf.5.xml:778
1159
msgid "Default: ipv4_first"
1162
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1163
#: sssd.conf.5.xml:784
1164
msgid "dns_resolver_timeout (integer)"
1167
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1168
#: sssd.conf.5.xml:787
1170
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
1171
"resolver before assuming that it is unreachable. If this timeout is reached, "
1172
"the domain will continue to operate in offline mode."
1175
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1176
#: sssd.conf.5.xml:799
1177
msgid "dns_discovery_domain (string)"
1180
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1181
#: sssd.conf.5.xml:802
1183
"If service discovery is used in the back end, specifies the domain part of "
1184
"the service discovery DNS query."
1187
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1188
#: sssd.conf.5.xml:806
1189
msgid "Default: Use the domain part of machine's hostname"
1192
#. type: Content of: <reference><refentry><refsect1><para>
1193
#: sssd.conf.5.xml:490
1195
"These configuration options can be present in a domain configuration "
1196
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
1197
"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
1200
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1201
#: sssd.conf.5.xml:818
1202
msgid "proxy_pam_target (string)"
1205
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1206
#: sssd.conf.5.xml:821
1207
msgid "The proxy target PAM proxies to."
1210
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1211
#: sssd.conf.5.xml:824
1213
"Default: not set by default, you have to take an existing pam configuration "
1214
"or create a new one and add the service name here."
1217
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1218
#: sssd.conf.5.xml:832
1219
msgid "proxy_lib_name (string)"
1222
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1223
#: sssd.conf.5.xml:835
1225
"The name of the NSS library to use in proxy domains. The NSS functions "
1226
"searched for in the library are in the form of _nss_$(libName)_$(function), "
1227
"for example _nss_files_getpwent."
1230
#. type: Content of: <reference><refentry><refsect1><para>
1231
#: sssd.conf.5.xml:814
1233
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
1237
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
1238
#: sssd.conf.5.xml:847
1239
msgid "The local domain section"
1242
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
1243
#: sssd.conf.5.xml:849
1245
"This section contains settings for domain that stores users and groups in "
1246
"SSSD native database, that is, a domain that uses "
1247
"<replaceable>id_provider=local</replaceable>."
1250
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
1251
#: sssd.conf.5.xml:856
1252
msgid "default_shell (string)"
1255
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1256
#: sssd.conf.5.xml:859
1257
msgid "The default shell for users created with SSSD userspace tools."
1260
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1261
#: sssd.conf.5.xml:863
1262
msgid "Default: <filename>/bin/bash</filename>"
1265
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
1266
#: sssd.conf.5.xml:868
1267
msgid "base_directory (string)"
1270
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1271
#: sssd.conf.5.xml:871
1273
"The tools append the login name to <replaceable>base_directory</replaceable> "
1274
"and use that as the home directory."
1277
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1278
#: sssd.conf.5.xml:876
1279
msgid "Default: <filename>/home</filename>"
1282
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
1283
#: sssd.conf.5.xml:881
1284
msgid "create_homedir (bool)"
1287
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1288
#: sssd.conf.5.xml:884
1290
"Indicate if a home directory should be created by default for new users. "
1291
"Can be overridden on command line."
1294
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1295
#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
1296
msgid "Default: TRUE"
1299
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
1300
#: sssd.conf.5.xml:893
1301
msgid "remove_homedir (bool)"
1304
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1305
#: sssd.conf.5.xml:896
1307
"Indicate if a home directory should be removed by default for deleted "
1308
"users. Can be overridden on command line."
1311
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
1312
#: sssd.conf.5.xml:905
1313
msgid "homedir_umask (integer)"
1316
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1317
#: sssd.conf.5.xml:908
1319
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
1320
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
1321
"on a newly created home directory."
1324
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1325
#: sssd.conf.5.xml:916
1326
msgid "Default: 077"
1329
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
1330
#: sssd.conf.5.xml:921
1331
msgid "skel_dir (string)"
1334
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1335
#: sssd.conf.5.xml:924
1337
"The skeleton directory, which contains files and directories to be copied in "
1338
"the user's home directory, when the home directory is created by "
1339
"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
1340
"manvolnum> </citerefentry>"
1343
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1344
#: sssd.conf.5.xml:934
1345
msgid "Default: <filename>/etc/skel</filename>"
1348
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
1349
#: sssd.conf.5.xml:939
1350
msgid "mail_dir (string)"
1353
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1354
#: sssd.conf.5.xml:942
1356
"The mail spool directory. This is needed to manipulate the mailbox when its "
1357
"corresponding user account is modified or deleted. If not specified, a "
1358
"default value is used."
1361
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1362
#: sssd.conf.5.xml:949
1363
msgid "Default: <filename>/var/mail</filename>"
1366
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
1367
#: sssd.conf.5.xml:954
1368
msgid "userdel_cmd (string)"
1371
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1372
#: sssd.conf.5.xml:957
1374
"The command that is run after a user is removed. The command us passed the "
1375
"username of the user being removed as the first and only parameter. The "
1376
"return code of the command is not taken into account."
1379
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
1380
#: sssd.conf.5.xml:963
1381
msgid "Default: None, no command is run"
1384
#. type: Content of: <reference><refentry><refsect1><title>
1385
#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1386 sssd-simple.5.xml:126
1386
#: sssd-ipa.5.xml:188 sssd-krb5.5.xml:405
1390
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
1391
#: sssd.conf.5.xml:979
1396
"services = nss, pam\n"
1397
"config_file_version = 2\n"
1400
"filter_groups = root\n"
1401
"filter_users = root\n"
1406
"id_provider = ldap\n"
1407
"ldap_uri = ldap://ldap.example.com\n"
1408
"ldap_search_base = dc=example,dc=com\n"
1410
"auth_provider = krb5\n"
1411
"krb5_server = kerberos.example.com\n"
1412
"krb5_realm = EXAMPLE.COM\n"
1413
"cache_credentials = true\n"
1417
"enumerate = False\n"
1420
#. type: Content of: <reference><refentry><refsect1><para>
1421
#: sssd.conf.5.xml:975
1423
"The following example shows a typical SSSD config. It does not describe "
1424
"configuration of the domains themselves - refer to documentation on "
1425
"configuring domains for more details. <placeholder type=\"programlisting\" "
1429
#. type: Content of: <reference><refentry><refsect1><para>
1430
#: sssd.conf.5.xml:1010
1432
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
1433
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
1434
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
1435
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
1436
"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
1437
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1438
"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
1439
"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
1440
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1441
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
1442
"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
1443
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
1444
"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
1448
#. type: Content of: <reference><refentry><refnamediv><refname>
1449
#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
1453
#. type: Content of: <reference><refentry><refsect1><para>
1454
#: sssd-ldap.5.xml:23
1456
"This manual page describes the configuration of LDAP domains for "
1457
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
1458
"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
1459
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
1460
"manvolnum> </citerefentry> manual page for detailed syntax information."
1463
#. type: Content of: <reference><refentry><refsect1><para>
1464
#: sssd-ldap.5.xml:35
1465
msgid "You can configure SSSD to use more than one LDAP domain."
1468
#. type: Content of: <reference><refentry><refsect1><para>
1469
#: sssd-ldap.5.xml:38
1471
"LDAP back end supports id, auth, access and chpass providers. If you want to "
1472
"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
1473
"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
1474
"over an unencrypted channel. If the LDAP server is used only as an identity "
1475
"provider, an encrypted channel is not needed. Please refer to "
1476
"<quote>ldap_access_filter</quote> config option for more information about "
1477
"using LDAP as an access provider."
1480
#. type: Content of: <reference><refentry><refsect1><title>
1481
#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
1482
#: sssd-krb5.5.xml:63
1483
msgid "CONFIGURATION OPTIONS"
1486
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1487
#: sssd-ldap.5.xml:60
1488
msgid "ldap_uri (string)"
1491
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1492
#: sssd-ldap.5.xml:63
1494
"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
1495
"should connect in the order of preference. Refer to the <quote>FAILOVER</"
1496
"quote> section for more information on failover and server redundancy. If "
1497
"not specified, service discovery is enabled. For more information, refer to "
1498
"the <quote>SERVICE DISCOVERY</quote> section."
1501
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1502
#: sssd-ldap.5.xml:70
1503
msgid "The format of the URI must match the format defined in RFC 2732:"
1506
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1507
#: sssd-ldap.5.xml:73
1508
msgid "ldap[s]://<host>[:port]"
1511
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1512
#: sssd-ldap.5.xml:76
1514
"For explicit IPv6 addresses, <host> must be enclosed in brackets []"
1517
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1518
#: sssd-ldap.5.xml:79
1519
msgid "example: ldap://[fc00::126:25]:389"
1522
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1523
#: sssd-ldap.5.xml:85
1524
msgid "ldap_chpass_uri (string)"
1527
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1528
#: sssd-ldap.5.xml:88
1530
"Specifies the list of URIs of the LDAP servers to which SSSD should connect "
1531
"in the order of preference to change the password of a user. Refer to the "
1532
"<quote>FAILOVER</quote> section for more information on failover and server "
1536
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1537
#: sssd-ldap.5.xml:95
1538
msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
1541
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1542
#: sssd-ldap.5.xml:99
1543
msgid "Default: empty, i.e. ldap_uri is used."
1546
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1547
#: sssd-ldap.5.xml:105
1548
msgid "ldap_search_base (string)"
1551
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1552
#: sssd-ldap.5.xml:108
1553
msgid "The default base DN to use for performing LDAP user operations."
1556
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1557
#: sssd-ldap.5.xml:112
1559
"Default: If not set the value of the defaultNamingContext or namingContexts "
1560
"attribute from the RootDSE of the LDAP server is used. If "
1561
"defaultNamingContext does not exists or has an empty value namingContexts is "
1562
"used. The namingContexts attribute must have a single value with the DN of "
1563
"the search base of the LDAP server to make this work. Multiple values are "
1564
"are not supported."
1567
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1568
#: sssd-ldap.5.xml:126
1569
msgid "ldap_schema (string)"
1572
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1573
#: sssd-ldap.5.xml:129
1575
"Specifies the Schema Type in use on the target LDAP server. Depending on "
1576
"the selected schema, the default attribute names retrieved from the servers "
1577
"may vary. The way that some attributes are handled may also differ. Three "
1578
"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
1579
"difference between these schema types is how group memberships are recorded "
1580
"in the server. With rfc2307, group members are listed by name in the "
1581
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
1582
"members are listed by DN and stored in the <emphasis>member</emphasis> "
1586
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1587
#: sssd-ldap.5.xml:148
1588
msgid "Default: rfc2307"
1591
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1592
#: sssd-ldap.5.xml:154
1593
msgid "ldap_default_bind_dn (string)"
1596
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1597
#: sssd-ldap.5.xml:157
1598
msgid "The default bind DN to use for performing LDAP operations."
1601
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1602
#: sssd-ldap.5.xml:164
1603
msgid "ldap_default_authtok_type (string)"
1606
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1607
#: sssd-ldap.5.xml:167
1608
msgid "The type of the authentication token of the default bind DN."
1611
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1612
#: sssd-ldap.5.xml:171
1613
msgid "The two mechanisms currently supported are:"
1616
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1617
#: sssd-ldap.5.xml:174
1621
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1622
#: sssd-ldap.5.xml:177
1623
msgid "obfuscated_password"
1626
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1627
#: sssd-ldap.5.xml:180
1628
msgid "default: password"
1631
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1632
#: sssd-ldap.5.xml:186
1633
msgid "ldap_default_authtok (string)"
1636
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1637
#: sssd-ldap.5.xml:189
1639
"The authentication token of the default bind DN. Only clear text passwords "
1640
"are currently supported."
1643
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1644
#: sssd-ldap.5.xml:196
1645
msgid "ldap_user_object_class (string)"
1648
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1649
#: sssd-ldap.5.xml:199
1650
msgid "The object class of a user entry in LDAP."
1653
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1654
#: sssd-ldap.5.xml:202
1655
msgid "Default: posixAccount"
1658
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1659
#: sssd-ldap.5.xml:208
1660
msgid "ldap_user_name (string)"
1663
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1664
#: sssd-ldap.5.xml:211
1665
msgid "The LDAP attribute that corresponds to the user's login name."
1668
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1669
#: sssd-ldap.5.xml:215
1670
msgid "Default: uid"
1673
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1674
#: sssd-ldap.5.xml:221
1675
msgid "ldap_user_uid_number (string)"
1678
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1679
#: sssd-ldap.5.xml:224
1680
msgid "The LDAP attribute that corresponds to the user's id."
1683
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1684
#: sssd-ldap.5.xml:228
1685
msgid "Default: uidNumber"
1688
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1689
#: sssd-ldap.5.xml:234
1690
msgid "ldap_user_gid_number (string)"
1693
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1694
#: sssd-ldap.5.xml:237
1695
msgid "The LDAP attribute that corresponds to the user's primary group id."
1698
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1699
#: sssd-ldap.5.xml:241 sssd-ldap.5.xml:637
1700
msgid "Default: gidNumber"
1703
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1704
#: sssd-ldap.5.xml:247
1705
msgid "ldap_user_gecos (string)"
1708
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1709
#: sssd-ldap.5.xml:250
1710
msgid "The LDAP attribute that corresponds to the user's gecos field."
1713
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1714
#: sssd-ldap.5.xml:254
1715
msgid "Default: gecos"
1718
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1719
#: sssd-ldap.5.xml:260
1720
msgid "ldap_user_home_directory (string)"
1723
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1724
#: sssd-ldap.5.xml:263
1725
msgid "The LDAP attribute that contains the name of the user's home directory."
1728
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1729
#: sssd-ldap.5.xml:267
1730
msgid "Default: homeDirectory"
1733
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1734
#: sssd-ldap.5.xml:273
1735
msgid "ldap_user_shell (string)"
1738
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1739
#: sssd-ldap.5.xml:276
1740
msgid "The LDAP attribute that contains the path to the user's default shell."
1743
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1744
#: sssd-ldap.5.xml:280
1745
msgid "Default: loginShell"
1748
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1749
#: sssd-ldap.5.xml:286
1750
msgid "ldap_user_uuid (string)"
1753
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1754
#: sssd-ldap.5.xml:289
1755
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
1758
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1759
#: sssd-ldap.5.xml:293 sssd-ldap.5.xml:663 sssd-ldap.5.xml:756
1760
msgid "Default: nsUniqueId"
1763
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1764
#: sssd-ldap.5.xml:299
1765
msgid "ldap_user_modify_timestamp (string)"
1768
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1769
#: sssd-ldap.5.xml:302 sssd-ldap.5.xml:672 sssd-ldap.5.xml:765
1771
"The LDAP attribute that contains timestamp of the last modification of the "
1775
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1776
#: sssd-ldap.5.xml:306 sssd-ldap.5.xml:676 sssd-ldap.5.xml:769
1777
msgid "Default: modifyTimestamp"
1780
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1781
#: sssd-ldap.5.xml:312
1782
msgid "ldap_user_shadow_last_change (string)"
1785
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1786
#: sssd-ldap.5.xml:315
1788
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
1789
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
1790
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
1791
"the last password change)."
1794
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1795
#: sssd-ldap.5.xml:325
1796
msgid "Default: shadowLastChange"
1799
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1800
#: sssd-ldap.5.xml:331
1801
msgid "ldap_user_shadow_min (string)"
1804
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1805
#: sssd-ldap.5.xml:334
1807
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
1808
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
1809
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
1813
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1814
#: sssd-ldap.5.xml:343
1815
msgid "Default: shadowMin"
1818
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1819
#: sssd-ldap.5.xml:349
1820
msgid "ldap_user_shadow_max (string)"
1823
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1824
#: sssd-ldap.5.xml:352
1826
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
1827
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
1828
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
1832
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1833
#: sssd-ldap.5.xml:361
1834
msgid "Default: shadowMax"
1837
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1838
#: sssd-ldap.5.xml:367
1839
msgid "ldap_user_shadow_warning (string)"
1842
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1843
#: sssd-ldap.5.xml:370
1845
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
1846
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
1847
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
1848
"(password warning period)."
1851
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1852
#: sssd-ldap.5.xml:380
1853
msgid "Default: shadowWarning"
1856
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1857
#: sssd-ldap.5.xml:386
1858
msgid "ldap_user_shadow_inactive (string)"
1861
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1862
#: sssd-ldap.5.xml:389
1864
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
1865
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
1866
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
1867
"(password inactivity period)."
1870
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1871
#: sssd-ldap.5.xml:399
1872
msgid "Default: shadowInactive"
1875
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1876
#: sssd-ldap.5.xml:405
1877
msgid "ldap_user_shadow_expire (string)"
1880
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1881
#: sssd-ldap.5.xml:408
1883
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
1884
"parameter contains the name of an LDAP attribute corresponding to its "
1885
"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
1886
"manvolnum> </citerefentry> counterpart (account expiration date)."
1889
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1890
#: sssd-ldap.5.xml:418
1891
msgid "Default: shadowExpire"
1894
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1895
#: sssd-ldap.5.xml:424
1896
msgid "ldap_user_krb_last_pwd_change (string)"
1899
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1900
#: sssd-ldap.5.xml:427
1902
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
1903
"an LDAP attribute storing the date and time of last password change in "
1907
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1908
#: sssd-ldap.5.xml:433
1909
msgid "Default: krbLastPwdChange"
1912
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1913
#: sssd-ldap.5.xml:439
1914
msgid "ldap_user_krb_password_expiration (string)"
1917
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1918
#: sssd-ldap.5.xml:442
1920
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
1921
"an LDAP attribute storing the date and time when current password expires."
1924
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1925
#: sssd-ldap.5.xml:448
1926
msgid "Default: krbPasswordExpiration"
1929
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1930
#: sssd-ldap.5.xml:454
1931
msgid "ldap_user_ad_account_expires (string)"
1934
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1935
#: sssd-ldap.5.xml:457
1937
"When using ldap_account_expire_policy=ad, this parameter contains the name "
1938
"of an LDAP attribute storing the expiration time of the account."
1941
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1942
#: sssd-ldap.5.xml:462
1943
msgid "Default: accountExpires"
1946
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1947
#: sssd-ldap.5.xml:468
1948
msgid "ldap_user_ad_user_account_control (string)"
1951
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1952
#: sssd-ldap.5.xml:471
1954
"When using ldap_account_expire_policy=ad, this parameter contains the name "
1955
"of an LDAP attribute storing the user account control bit field."
1958
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1959
#: sssd-ldap.5.xml:476
1960
msgid "Default: userAccountControl"
1963
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1964
#: sssd-ldap.5.xml:482
1965
msgid "ldap_ns_account_lock (string)"
1968
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1969
#: sssd-ldap.5.xml:485
1971
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
1972
"determines if access is allowed or not."
1975
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1976
#: sssd-ldap.5.xml:490
1977
msgid "Default: nsAccountLock"
1980
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1981
#: sssd-ldap.5.xml:496
1982
msgid "ldap_user_principal (string)"
1985
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1986
#: sssd-ldap.5.xml:499
1988
"The LDAP attribute that contains the user's Kerberos User Principal Name "
1992
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
1993
#: sssd-ldap.5.xml:503
1994
msgid "Default: krbPrincipalName"
1997
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
1998
#: sssd-ldap.5.xml:509
1999
msgid "ldap_force_upper_case_realm (boolean)"
2002
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2003
#: sssd-ldap.5.xml:512
2005
"Some directory servers, for example Active Directory, might deliver the "
2006
"realm part of the UPN in lower case, which might cause the authentication to "
2007
"fail. Set this option to a non-zero value if you want to use an upper-case "
2011
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2012
#: sssd-ldap.5.xml:519 sssd-ldap.5.xml:990 sssd-ipa.5.xml:115 sssd.8.xml:64
2013
#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:266
2014
msgid "Default: false"
2017
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2018
#: sssd-ldap.5.xml:525
2019
msgid "ldap_enumeration_refresh_timeout (integer)"
2022
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2023
#: sssd-ldap.5.xml:528
2025
"The LDAP attribute that contains how many seconds SSSD has to wait before "
2026
"refreshing its cache of enumerated records."
2029
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2030
#: sssd-ldap.5.xml:533
2031
msgid "Default: 300"
2034
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2035
#: sssd-ldap.5.xml:539
2036
msgid "ldap_purge_cache_timeout"
2039
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2040
#: sssd-ldap.5.xml:542
2042
"Determine how often to check the cache for inactive entries (such as groups "
2043
"with no members and users who have never logged in) and remove them to save "
2047
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2048
#: sssd-ldap.5.xml:548
2049
msgid "Setting this option to zero will disable the cache cleanup operation."
2052
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2053
#: sssd-ldap.5.xml:552
2054
msgid "Default: 10800 (12 hours)"
2057
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2058
#: sssd-ldap.5.xml:558
2059
msgid "ldap_user_fullname (string)"
2062
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2063
#: sssd-ldap.5.xml:561
2064
msgid "The LDAP attribute that corresponds to the user's full name."
2067
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2068
#: sssd-ldap.5.xml:565 sssd-ldap.5.xml:624 sssd-ldap.5.xml:717
2072
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2073
#: sssd-ldap.5.xml:571
2074
msgid "ldap_user_member_of (string)"
2077
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2078
#: sssd-ldap.5.xml:574
2079
msgid "The LDAP attribute that lists the user's group memberships."
2082
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2083
#: sssd-ldap.5.xml:578
2084
msgid "Default: memberOf"
2087
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2088
#: sssd-ldap.5.xml:584
2089
msgid "ldap_user_authorized_service (string)"
2092
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2093
#: sssd-ldap.5.xml:587
2095
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
2096
"use the presence of the authorizedService attribute in the user's LDAP entry "
2097
"to determine access privilege."
2100
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2101
#: sssd-ldap.5.xml:594
2103
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
2104
"explicit allow (svc) and finally for allow_all (*)."
2107
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2108
#: sssd-ldap.5.xml:599
2109
msgid "Default: authorizedService"
2112
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2113
#: sssd-ldap.5.xml:605
2114
msgid "ldap_group_object_class (string)"
2117
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2118
#: sssd-ldap.5.xml:608
2119
msgid "The object class of a group entry in LDAP."
2122
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2123
#: sssd-ldap.5.xml:611
2124
msgid "Default: posixGroup"
2127
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2128
#: sssd-ldap.5.xml:617
2129
msgid "ldap_group_name (string)"
2132
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2133
#: sssd-ldap.5.xml:620
2134
msgid "The LDAP attribute that corresponds to the group name."
2137
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2138
#: sssd-ldap.5.xml:630
2139
msgid "ldap_group_gid_number (string)"
2142
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2143
#: sssd-ldap.5.xml:633
2144
msgid "The LDAP attribute that corresponds to the group's id."
2147
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2148
#: sssd-ldap.5.xml:643
2149
msgid "ldap_group_member (string)"
2152
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2153
#: sssd-ldap.5.xml:646
2154
msgid "The LDAP attribute that contains the names of the group's members."
2157
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2158
#: sssd-ldap.5.xml:650
2159
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
2162
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2163
#: sssd-ldap.5.xml:656
2164
msgid "ldap_group_uuid (string)"
2167
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2168
#: sssd-ldap.5.xml:659
2169
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
2172
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2173
#: sssd-ldap.5.xml:669
2174
msgid "ldap_group_modify_timestamp (string)"
2177
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2178
#: sssd-ldap.5.xml:682
2179
msgid "ldap_group_nesting_level (integer)"
2182
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2183
#: sssd-ldap.5.xml:685
2185
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
2186
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
2187
"follow. This option has no effect on the RFC2307 schema."
2190
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2191
#: sssd-ldap.5.xml:692
2195
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2196
#: sssd-ldap.5.xml:698
2197
msgid "ldap_netgroup_object_class (string)"
2200
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2201
#: sssd-ldap.5.xml:701
2202
msgid "The object class of a netgroup entry in LDAP."
2205
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2206
#: sssd-ldap.5.xml:704
2207
msgid "Default: nisNetgroup"
2210
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2211
#: sssd-ldap.5.xml:710
2212
msgid "ldap_netgroup_name (string)"
2215
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2216
#: sssd-ldap.5.xml:713
2217
msgid "The LDAP attribute that corresponds to the netgroup name."
2220
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2221
#: sssd-ldap.5.xml:723
2222
msgid "ldap_netgroup_member (string)"
2225
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2226
#: sssd-ldap.5.xml:726
2227
msgid "The LDAP attribute that contains the names of the netgroup's members."
2230
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2231
#: sssd-ldap.5.xml:730
2232
msgid "Default: memberNisNetgroup"
2235
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2236
#: sssd-ldap.5.xml:736
2237
msgid "ldap_netgroup_triple (string)"
2240
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2241
#: sssd-ldap.5.xml:739
2243
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
2246
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2247
#: sssd-ldap.5.xml:743
2248
msgid "Default: nisNetgroupTriple"
2251
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2252
#: sssd-ldap.5.xml:749
2253
msgid "ldap_netgroup_uuid (string)"
2256
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2257
#: sssd-ldap.5.xml:752
2259
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
2262
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2263
#: sssd-ldap.5.xml:762
2264
msgid "ldap_netgroup_modify_timestamp (string)"
2267
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2268
#: sssd-ldap.5.xml:775
2269
msgid "ldap_search_timeout (integer)"
2272
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2273
#: sssd-ldap.5.xml:778
2275
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
2276
"before they are cancelled and cached results are returned (and offline mode "
2280
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2281
#: sssd-ldap.5.xml:784
2283
"Note: this option is subject to change in future versions of the SSSD. It "
2284
"will likely be replaced at some point by a series of timeouts for specific "
2288
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2289
#: sssd-ldap.5.xml:790 sssd-ldap.5.xml:832 sssd-ldap.5.xml:847
2293
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2294
#: sssd-ldap.5.xml:796
2295
msgid "ldap_enumeration_search_timeout (integer)"
2298
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2299
#: sssd-ldap.5.xml:799
2301
"Specifies the timeout (in seconds) that ldap searches for user and group "
2302
"enumerations are allowed to run before they are cancelled and cached results "
2303
"are returned (and offline mode is entered)"
2306
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2307
#: sssd-ldap.5.xml:806
2311
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2312
#: sssd-ldap.5.xml:812
2313
msgid "ldap_network_timeout (integer)"
2316
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2317
#: sssd-ldap.5.xml:815
2319
"Specifies the timeout (in seconds) after which the <citerefentry> "
2320
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
2321
"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
2322
"manvolnum> </citerefentry> following a <citerefentry> "
2323
"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
2324
"citerefentry> returns in case of no activity."
2327
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2328
#: sssd-ldap.5.xml:838
2329
msgid "ldap_opt_timeout (integer)"
2332
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2333
#: sssd-ldap.5.xml:841
2335
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
2336
"will abort if no response is received. Also controls the timeout when "
2337
"communicating with the KDC in case of SASL bind."
2340
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2341
#: sssd-ldap.5.xml:853
2342
msgid "ldap_page_size (integer)"
2345
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2346
#: sssd-ldap.5.xml:856
2348
"Specify the number of records to retrieve from LDAP in a single request. "
2349
"Some LDAP servers enforce a maximum limit per-request."
2352
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2353
#: sssd-ldap.5.xml:861
2355
#| msgid "Default: 3"
2356
msgid "Default: 1000"
2357
msgstr "Predeterminado: 3"
2359
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2360
#: sssd-ldap.5.xml:867
2361
msgid "ldap_tls_reqcert (string)"
2364
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2365
#: sssd-ldap.5.xml:870
2367
"Specifies what checks to perform on server certificates in a TLS session, if "
2368
"any. It can be specified as one of the following values:"
2371
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2372
#: sssd-ldap.5.xml:876
2374
"<emphasis>never</emphasis> = The client will not request or check any server "
2378
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2379
#: sssd-ldap.5.xml:880
2381
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
2382
"certificate is provided, the session proceeds normally. If a bad certificate "
2383
"is provided, it will be ignored and the session proceeds normally."
2386
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2387
#: sssd-ldap.5.xml:887
2389
"<emphasis>try</emphasis> = The server certificate is requested. If no "
2390
"certificate is provided, the session proceeds normally. If a bad certificate "
2391
"is provided, the session is immediately terminated."
2394
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2395
#: sssd-ldap.5.xml:893
2397
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
2398
"certificate is provided, or a bad certificate is provided, the session is "
2399
"immediately terminated."
2402
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2403
#: sssd-ldap.5.xml:899
2404
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
2407
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2408
#: sssd-ldap.5.xml:903
2409
msgid "Default: hard"
2412
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2413
#: sssd-ldap.5.xml:909
2414
msgid "ldap_tls_cacert (string)"
2417
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2418
#: sssd-ldap.5.xml:912
2420
"Specifies the file that contains certificates for all of the Certificate "
2421
"Authorities that <command>sssd</command> will recognize."
2424
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2425
#: sssd-ldap.5.xml:917 sssd-ldap.5.xml:935 sssd-ldap.5.xml:976
2427
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
2431
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2432
#: sssd-ldap.5.xml:924
2433
msgid "ldap_tls_cacertdir (string)"
2436
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2437
#: sssd-ldap.5.xml:927
2439
"Specifies the path of a directory that contains Certificate Authority "
2440
"certificates in separate individual files. Typically the file names need to "
2441
"be the hash of the certificate followed by '.0'. If available, "
2442
"<command>cacertdir_rehash</command> can be used to create the correct names."
2445
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2446
#: sssd-ldap.5.xml:942
2447
msgid "ldap_tls_cert (string)"
2450
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2451
#: sssd-ldap.5.xml:945
2452
msgid "Specifies the file that contains the certificate for the client's key."
2455
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2456
#: sssd-ldap.5.xml:949 sssd-ldap.5.xml:961 sssd-krb5.5.xml:356
2457
msgid "Default: not set"
2460
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2461
#: sssd-ldap.5.xml:955
2462
msgid "ldap_tls_key (string)"
2465
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2466
#: sssd-ldap.5.xml:958
2467
msgid "Specifies the file that contains the client's key."
2470
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2471
#: sssd-ldap.5.xml:967
2472
msgid "ldap_tls_cipher_suite (string)"
2475
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2476
#: sssd-ldap.5.xml:970
2478
"Specifies acceptable cipher suites. Typically this is a colon sperated "
2479
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
2480
"<manvolnum>5</manvolnum></citerefentry> for format."
2483
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2484
#: sssd-ldap.5.xml:983
2485
msgid "ldap_id_use_start_tls (boolean)"
2488
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2489
#: sssd-ldap.5.xml:986
2491
"Specifies that the id_provider connection must also use <systemitem class="
2492
"\"protocol\">tls</systemitem> to protect the channel."
2495
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2496
#: sssd-ldap.5.xml:996
2497
msgid "ldap_sasl_mech (string)"
2500
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2501
#: sssd-ldap.5.xml:999
2503
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
2507
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2508
#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1131
2509
msgid "Default: none"
2512
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2513
#: sssd-ldap.5.xml:1009
2514
msgid "ldap_sasl_authid (string)"
2517
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2518
#: sssd-ldap.5.xml:1012
2520
"Specify the SASL authorization id to use. When GSSAPI is used, this "
2521
"represents the Kerberos principal used for authentication to the directory."
2524
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2525
#: sssd-ldap.5.xml:1017
2526
msgid "Default: host/machine.fqdn@REALM"
2529
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2530
#: sssd-ldap.5.xml:1023
2531
msgid "ldap_krb5_keytab (string)"
2534
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2535
#: sssd-ldap.5.xml:1026
2536
msgid "Specify the keytab to use when using SASL/GSSAPI."
2539
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2540
#: sssd-ldap.5.xml:1029
2541
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
2544
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2545
#: sssd-ldap.5.xml:1035
2546
msgid "ldap_krb5_init_creds (boolean)"
2549
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2550
#: sssd-ldap.5.xml:1038
2552
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
2553
"action is performed only if SASL is used and the mechanism selected is "
2557
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2558
#: sssd-ldap.5.xml:1050
2559
msgid "ldap_krb5_ticket_lifetime (integer)"
2562
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2563
#: sssd-ldap.5.xml:1053
2564
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
2567
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2568
#: sssd-ldap.5.xml:1057
2569
msgid "Default: 86400 (24 hours)"
2572
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2573
#: sssd-ldap.5.xml:1063 sssd-krb5.5.xml:74
2574
msgid "krb5_server (string)"
2577
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2578
#: sssd-ldap.5.xml:1066 sssd-krb5.5.xml:77
2580
"Specifies the list of IP addresses or hostnames of the Kerberos servers to "
2581
"which SSSD should connect in the order of preference. For more information "
2582
"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
2583
"An optional port number (preceded by a colon) may be appended to the "
2584
"addresses or hostnames. If empty, service discovery is enabled - for more "
2585
"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
2588
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2589
#: sssd-ldap.5.xml:1078 sssd-krb5.5.xml:89
2591
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
2592
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
2596
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2597
#: sssd-ldap.5.xml:1083 sssd-krb5.5.xml:94
2599
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
2600
"While the legacy name is recognized for the time being, users are advised to "
2601
"migrate their config files to use <quote>krb5_server</quote> instead."
2604
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2605
#: sssd-ldap.5.xml:1092 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
2606
msgid "krb5_realm (string)"
2609
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2610
#: sssd-ldap.5.xml:1095
2611
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
2614
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2615
#: sssd-ldap.5.xml:1098
2616
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
2619
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2620
#: sssd-ldap.5.xml:1104
2621
msgid "ldap_pwd_policy (string)"
2624
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2625
#: sssd-ldap.5.xml:1107
2627
"Select the policy to evaluate the password expiration on the client side. "
2628
"The following values are allowed:"
2631
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2632
#: sssd-ldap.5.xml:1112
2634
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
2635
"cannot disable server-side password policies."
2638
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2639
#: sssd-ldap.5.xml:1117
2641
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
2642
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
2643
"evaluate if the password has expired. Note that the current version of sssd "
2644
"cannot update this attribute during a password change."
2647
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2648
#: sssd-ldap.5.xml:1125
2650
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
2651
"to determine if the password has expired. Use chpass_provider=krb5 to update "
2652
"these attributes when the password is changed."
2655
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2656
#: sssd-ldap.5.xml:1137
2657
msgid "ldap_referrals (boolean)"
2660
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2661
#: sssd-ldap.5.xml:1140
2662
msgid "Specifies whether automatic referral chasing should be enabled."
2665
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2666
#: sssd-ldap.5.xml:1144
2668
"Please note that sssd only supports referral chasing when it is compiled "
2669
"with OpenLDAP version 2.4.13 or higher."
2672
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2673
#: sssd-ldap.5.xml:1155
2674
msgid "ldap_dns_service_name (string)"
2677
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2678
#: sssd-ldap.5.xml:1158
2679
msgid "Specifies the service name to use when service discovery is enabled."
2682
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2683
#: sssd-ldap.5.xml:1162
2684
msgid "Default: ldap"
2687
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2688
#: sssd-ldap.5.xml:1168
2689
msgid "ldap_chpass_dns_service_name (string)"
2692
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2693
#: sssd-ldap.5.xml:1171
2695
"Specifies the service name to use to find an LDAP server which allows "
2696
"password changes when service discovery is enabled."
2699
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2700
#: sssd-ldap.5.xml:1176
2701
msgid "Default: not set, i.e. service discovery is disabled"
2704
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2705
#: sssd-ldap.5.xml:1182
2706
msgid "ldap_access_filter (string)"
2709
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2710
#: sssd-ldap.5.xml:1185
2712
"If using access_provider = ldap, this option is mandatory. It specifies an "
2713
"LDAP search filter criteria that must be met for the user to be granted "
2714
"access on this host. If access_provider = ldap and this option is not set, "
2715
"it will result in all users being denied access. Use access_provider = allow "
2716
"to change this default behavior."
2719
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2720
#: sssd-ldap.5.xml:1195
2724
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
2725
#: sssd-ldap.5.xml:1198
2728
"access_provider = ldap\n"
2729
"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
2733
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2734
#: sssd-ldap.5.xml:1202
2736
"This example means that access to this host is restricted to members of the "
2737
"\"allowedusers\" group in ldap."
2740
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2741
#: sssd-ldap.5.xml:1207
2743
"Offline caching for this feature is limited to determining whether the "
2744
"user's last online login was granted access permission. If they were granted "
2745
"access during their last login, they will continue to be granted access "
2746
"while offline and vice-versa."
2749
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2750
#: sssd-ldap.5.xml:1215 sssd-ldap.5.xml:1256
2751
msgid "Default: Empty"
2754
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2755
#: sssd-ldap.5.xml:1221
2756
msgid "ldap_account_expire_policy (string)"
2759
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2760
#: sssd-ldap.5.xml:1224
2762
"With this option a client side evaluation of access control attributes can "
2766
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2767
#: sssd-ldap.5.xml:1228
2769
"Please note that it is always recommended to use server side access control, "
2770
"i.e. the LDAP server should deny the bind request with a suitable error code "
2771
"even if the password is correct."
2774
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2775
#: sssd-ldap.5.xml:1235
2776
msgid "The following values are allowed:"
2779
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2780
#: sssd-ldap.5.xml:1238
2782
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
2783
"determine if the account is expired."
2786
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2787
#: sssd-ldap.5.xml:1243
2789
"<emphasis>ad</emphasis>: use the value of the 32bit field "
2790
"ldap_user_ad_user_account_control and allow access if the second bit is not "
2791
"set. If the attribute is missing access is granted. Also the expiration time "
2792
"of the account is checked."
2795
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2796
#: sssd-ldap.5.xml:1250
2798
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
2799
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
2803
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2804
#: sssd-ldap.5.xml:1262
2805
msgid "ldap_access_order (string)"
2808
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2809
#: sssd-ldap.5.xml:1265
2810
msgid "Comma separated list of access control options. Allowed values are:"
2813
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2814
#: sssd-ldap.5.xml:1269
2815
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
2818
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2819
#: sssd-ldap.5.xml:1272
2820
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
2823
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2824
#: sssd-ldap.5.xml:1276
2826
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
2827
"to determine access"
2830
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2831
#: sssd-ldap.5.xml:1281
2832
msgid "Default: filter"
2835
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2836
#: sssd-ldap.5.xml:1284
2838
"Please note that it is a configuration error if a value is used more than "
2842
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2843
#: sssd-ldap.5.xml:1291
2844
msgid "ldap_deref (string)"
2847
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2848
#: sssd-ldap.5.xml:1294
2850
"Specifies how alias dereferencing is done when performing a search. The "
2851
"following options are allowed:"
2854
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2855
#: sssd-ldap.5.xml:1299
2856
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
2859
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2860
#: sssd-ldap.5.xml:1303
2862
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
2863
"the base object, but not in locating the base object of the search."
2866
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2867
#: sssd-ldap.5.xml:1308
2869
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
2870
"the base object of the search."
2873
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2874
#: sssd-ldap.5.xml:1313
2876
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
2877
"in locating the base object of the search."
2880
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2881
#: sssd-ldap.5.xml:1318
2883
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
2887
#. type: Content of: <reference><refentry><refsect1><para>
2888
#: sssd-ldap.5.xml:51
2890
"All of the common configuration options that apply to SSSD domains also "
2891
"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
2892
"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
2893
"manvolnum> </citerefentry> manual page for full details. <placeholder type="
2894
"\"variablelist\" id=\"0\"/>"
2897
#. type: Content of: <reference><refentry><refsect1><title>
2898
#: sssd-ldap.5.xml:1330
2899
msgid "ADVANCED OPTIONS"
2902
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2903
#: sssd-ldap.5.xml:1337
2904
msgid "ldap_netgroup_search_base (string)"
2907
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2908
#: sssd-ldap.5.xml:1340
2910
"An optional base DN to restrict netgroup searches to a specific subtree."
2913
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2914
#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1358 sssd-ldap.5.xml:1372
2915
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
2918
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2919
#: sssd-ldap.5.xml:1351
2920
msgid "ldap_user_search_base (string)"
2923
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2924
#: sssd-ldap.5.xml:1354
2925
msgid "An optional base DN to restrict user searches to a specific subtree."
2928
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2929
#: sssd-ldap.5.xml:1365
2930
msgid "ldap_group_search_base (string)"
2933
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2934
#: sssd-ldap.5.xml:1368
2935
msgid "An optional base DN to restrict group searches to a specific subtree."
2938
#. type: Content of: <reference><refentry><refsect1><para>
2939
#: sssd-ldap.5.xml:1332
2941
"These options are supported by LDAP domains, but they should be used with "
2942
"caution. Please include them in your configuration only if you know what you "
2943
"are doing. <placeholder type=\"variablelist\" id=\"0\"/>"
2946
#. type: Content of: <reference><refentry><refsect1><para>
2947
#: sssd-ldap.5.xml:1388
2949
"The following example assumes that SSSD is correctly configured and LDAP is "
2950
"set to one of the domains in the <replaceable>[domains]</replaceable> "
2954
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
2955
#: sssd-ldap.5.xml:1394
2959
" id_provider = ldap\n"
2960
" auth_provider = ldap\n"
2961
" ldap_uri = ldap://ldap.mydomain.org\n"
2962
" ldap_search_base = dc=mydomain,dc=org\n"
2963
" ldap_tls_reqcert = demand\n"
2964
" cache_credentials = true\n"
2965
" enumerate = true\n"
2968
#. type: Content of: <reference><refentry><refsect1><para>
2969
#: sssd-ldap.5.xml:1393 sssd-simple.5.xml:134 sssd-ipa.5.xml:196
2970
#: sssd-krb5.5.xml:414
2971
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
2974
#. type: Content of: <reference><refentry><refsect1><title>
2975
#: sssd-ldap.5.xml:1407 sssd_krb5_locator_plugin.8.xml:61
2979
#. type: Content of: <reference><refentry><refsect1><para>
2980
#: sssd-ldap.5.xml:1409
2982
"The descriptions of some of the configuration options in this manual page "
2983
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
2984
"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
2988
#. type: Content of: <reference><refentry><refsect1><para>
2989
#: sssd-ldap.5.xml:1420
2991
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
2992
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
2993
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
2994
"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
2997
#. type: Content of: <refentryinfo>
2998
#: pam_sss.8.xml:8 include/upstream.xml:2
3000
"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
3001
"fedorahosted.org/sssd</orgname>"
3004
#. type: Content of: <reference><refentry><refnamediv><refname>
3005
#: pam_sss.8.xml:13 pam_sss.8.xml:18
3009
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
3011
msgid "PAM module for SSSD"
3014
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
3017
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>forward_pass</"
3018
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
3019
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
3020
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
3024
#. type: Content of: <reference><refentry><refsect1><para>
3027
"<command>pam_sss.so</command> is the PAM interface to the System Security "
3028
"Services daemon (SSSD). Errors and results are logged through <command>syslog"
3029
"(3)</command> with the LOG_AUTHPRIV facility."
3032
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3034
msgid "<option>forward_pass</option>"
3037
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3040
"If <option>forward_pass</option> is set the entered password is put on the "
3041
"stack for other PAM modules to use."
3044
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3046
msgid "<option>use_first_pass</option>"
3049
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3052
"The argument use_first_pass forces the module to use a previous stacked "
3053
"modules password and will never prompt the user - if no password is "
3054
"available or the password is not appropriate, the user will be denied access."
3057
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3059
msgid "<option>use_authtok</option>"
3062
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3065
"When password changing enforce the module to set the new password to the one "
3066
"provided by a previously stacked password module."
3069
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3071
msgid "<option>retry=N</option>"
3074
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3077
"If specified the user is asked another N times for a password if "
3078
"authentication fails. Default is 0."
3081
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3084
"Please note that this option might not work as expected if the application "
3085
"calling PAM handles the user dialog on its own. A typical example is "
3086
"<command>sshd</command> with <option>PasswordAuthentication</option>."
3089
#. type: Content of: <reference><refentry><refsect1><title>
3091
msgid "MODULE TYPES PROVIDED"
3094
#. type: Content of: <reference><refentry><refsect1><para>
3095
#: pam_sss.8.xml:100
3097
"All module types (<option>account</option>, <option>auth</option>, "
3098
"<option>password</option> and <option>session</option>) are provided."
3101
#. type: Content of: <reference><refentry><refsect1><title>
3102
#: pam_sss.8.xml:106
3106
#. type: Content of: <reference><refentry><refsect1><para>
3107
#: pam_sss.8.xml:107
3109
"If a password reset by root fails, because the corresponding SSSD provider "
3110
"does not support password resets, an individual message can be displayed. "
3111
"This message can e.g. contain instructions about how to reset a password."
3114
#. type: Content of: <reference><refentry><refsect1><para>
3115
#: pam_sss.8.xml:112
3117
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
3118
"filename> where LOC stands for a locale string returned by <citerefentry> "
3119
"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
3120
"citerefentry>. If there is no matching file the content of "
3121
"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
3122
"the owner of the files and only root may have read and write permissions "
3123
"while all other users must have only read permisssions."
3126
#. type: Content of: <reference><refentry><refsect1><para>
3127
#: pam_sss.8.xml:122
3129
"These files are searched in the directory <filename>/etc/sssd/customize/"
3130
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
3134
#. type: Content of: <reference><refentry><refsect1><para>
3135
#: pam_sss.8.xml:130
3137
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
3138
"manvolnum> </citerefentry>"
3141
#. type: Content of: <reference><refentry><refnamediv><refname>
3142
#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
3143
msgid "sssd_krb5_locator_plugin"
3146
#. type: Content of: <reference><refentry><refsect1><para>
3147
#: sssd_krb5_locator_plugin.8.xml:22
3149
"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
3150
"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
3151
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
3152
"libraries what Realm and which KDC to use. Typically this is done in "
3153
"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
3154
"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
3155
"To simplyfy the configuration the Realm and the KDC can be defined in "
3156
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
3157
"manvolnum> </citerefentry> as described in <citerefentry> "
3158
"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
3162
#. type: Content of: <reference><refentry><refsect1><para>
3163
#: sssd_krb5_locator_plugin.8.xml:48
3165
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
3166
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
3167
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
3168
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
3169
"libraries it reads and evaluates these variable and returns them to the "
3173
#. type: Content of: <reference><refentry><refsect1><para>
3174
#: sssd_krb5_locator_plugin.8.xml:63
3176
"Not all Kerberos implementations support the use of plugins. If "
3177
"<command>sssd_krb5_locator_plugin</command> is not available on your system "
3178
"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
3181
#. type: Content of: <reference><refentry><refsect1><para>
3182
#: sssd_krb5_locator_plugin.8.xml:69
3184
"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
3185
"debug messages will be sent to stderr."
3188
#. type: Content of: <reference><refentry><refsect1><para>
3189
#: sssd_krb5_locator_plugin.8.xml:77
3191
"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
3192
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
3193
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
3194
"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
3197
#. type: Content of: <reference><refentry><refnamediv><refname>
3198
#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
3202
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
3203
#: sssd-simple.5.xml:17
3204
msgid "the configuration file for SSSD's 'simple' access-control provider"
3207
#. type: Content of: <reference><refentry><refsect1><para>
3208
#: sssd-simple.5.xml:24
3210
"This manual page describes the configuration of the simple access-control "
3211
"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
3212
"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
3213
"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
3214
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
3215
"citerefentry> manual page."
3218
#. type: Content of: <reference><refentry><refsect1><para>
3219
#: sssd-simple.5.xml:38
3221
"The simple access provider grants or denies access based on an access or "
3222
"deny list of user or group names. The following rules apply:"
3225
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
3226
#: sssd-simple.5.xml:43
3227
msgid "If all lists are empty, access is granted"
3230
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
3231
#: sssd-simple.5.xml:47
3233
"If any list is provided, the order of evaluation is allow,deny. This means "
3234
"that any matching deny rule will supersede any matched allow rule."
3237
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
3238
#: sssd-simple.5.xml:54
3240
"If either or both \"allow\" lists are provided, all users are denied unless "
3241
"they appear in the list."
3244
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
3245
#: sssd-simple.5.xml:60
3247
"If only \"deny\" lists are provided, all users are granted access unless "
3248
"they appear in the list."
3251
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
3252
#: sssd-simple.5.xml:78
3253
msgid "simple_allow_users (string)"
3256
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3257
#: sssd-simple.5.xml:81
3258
msgid "Comma separated list of users who are allowed to log in."
3261
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
3262
#: sssd-simple.5.xml:88
3263
msgid "simple_deny_users (string)"
3266
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3267
#: sssd-simple.5.xml:91
3268
msgid "Comma separated list of users who are explicitly denied access."
3271
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
3272
#: sssd-simple.5.xml:97
3273
msgid "simple_allow_groups (string)"
3276
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3277
#: sssd-simple.5.xml:100
3279
"Comma separated list of groups that are allowed to log in. This applies only "
3280
"to groups within this SSSD domain. Local groups are not evaluated."
3283
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
3284
#: sssd-simple.5.xml:108
3285
msgid "simple_deny_groups (string)"
3288
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3289
#: sssd-simple.5.xml:111
3291
"Comma separated list of groups that are explicitly denied access. This "
3292
"applies only to groups within this SSSD domain. Local groups are not "
3296
#. type: Content of: <reference><refentry><refsect1><para>
3297
#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
3299
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
3300
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
3301
"citerefentry> manual page for details on the configuration of an SSSD "
3302
"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
3305
#. type: Content of: <reference><refentry><refsect1><para>
3306
#: sssd-simple.5.xml:120
3308
"Please note that it is an configuration error if both, simple_allow_users "
3309
"and simple_deny_users, are defined."
3312
#. type: Content of: <reference><refentry><refsect1><para>
3313
#: sssd-simple.5.xml:128
3315
"The following example assumes that SSSD is correctly configured and example."
3316
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
3317
"This examples shows only the simple access provider-specific options."
3320
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
3321
#: sssd-simple.5.xml:135
3324
" [domain/example.com]\n"
3325
" access_provider = simple\n"
3326
" simple_allow_users = user1, user2\n"
3329
#. type: Content of: <reference><refentry><refsect1><para>
3330
#: sssd-simple.5.xml:145
3332
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
3333
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
3334
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
3337
#. type: Content of: <reference><refentry><refnamediv><refname>
3338
#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
3342
#. type: Content of: <reference><refentry><refsect1><para>
3343
#: sssd-ipa.5.xml:23
3345
"This manual page describes the configuration of the IPA provider for "
3346
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
3347
"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
3348
"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
3349
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
3352
#. type: Content of: <reference><refentry><refsect1><para>
3353
#: sssd-ipa.5.xml:36
3355
"The IPA provider is a back end used to connect to an IPA server. (Refer to "
3356
"the freeipa.org web site for information about IPA servers.) This provider "
3357
"requires that the machine be joined to the IPA domain; configuration is "
3358
"almost entirely self-discovered and obtained directly from the server."
3361
#. type: Content of: <reference><refentry><refsect1><para>
3362
#: sssd-ipa.5.xml:43
3364
"The IPA provider accepts the same options used by the <citerefentry> "
3365
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
3366
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
3367
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
3368
"provider. However, it is neither necessary nor recommended to set these "
3369
"options. IPA provider can also be used as an access and chpass provider. As "
3370
"an access provider it uses HBAC (host-based access control) rules. Please "
3371
"refer to freeipa.org for more information about HBAC. No configuration of "
3372
"access provider is required on the client side."
3375
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
3376
#: sssd-ipa.5.xml:69
3377
msgid "ipa_domain (string)"
3380
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3381
#: sssd-ipa.5.xml:72
3383
"Specifies the name of the IPA domain. This is optional. If not provided, "
3384
"the configuration domain name is used."
3387
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
3388
#: sssd-ipa.5.xml:80
3389
msgid "ipa_server (string)"
3392
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3393
#: sssd-ipa.5.xml:83
3395
"The list of IP addresses or hostnames of the IPA servers to which SSSD "
3396
"should connect in the order of preference. For more information on failover "
3397
"and server redundancy, see the <quote>FAILOVER</quote> section. This is "
3398
"optional if autodiscovery is enabled. For more information on service "
3399
"discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
3402
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
3403
#: sssd-ipa.5.xml:96
3404
msgid "ipa_hostname (string)"
3407
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3408
#: sssd-ipa.5.xml:99
3410
"Optional. May be set on machines where the hostname(5) does not reflect the "
3411
"fully qualified name used in the IPA domain to identify this host."
3414
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
3415
#: sssd-ipa.5.xml:107
3416
msgid "ipa_dyndns_update (boolean)"
3419
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3420
#: sssd-ipa.5.xml:110
3422
"Optional. This option tells SSSD to automatically update the DNS server "
3423
"built into FreeIPA v2 with the IP address of this client."
3426
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
3427
#: sssd-ipa.5.xml:121
3428
msgid "ipa_dyndns_iface (string)"
3431
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3432
#: sssd-ipa.5.xml:124
3434
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
3435
"interface whose IP address should be used for dynamic DNS updates."
3438
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3439
#: sssd-ipa.5.xml:129
3440
msgid "Default: Use the IP address of the IPA LDAP connection"
3443
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
3444
#: sssd-ipa.5.xml:135
3445
msgid "ipa_hbac_search_base (string)"
3448
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3449
#: sssd-ipa.5.xml:138
3450
msgid "Optional. Use the given string as search base for HBAC related objects."
3453
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3454
#: sssd-ipa.5.xml:142
3455
msgid "Default: Use base DN"
3458
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
3459
#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
3460
msgid "krb5_validate (boolean)"
3463
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3464
#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
3466
"Verify with the help of krb5_keytab that the TGT obtained has not been "
3470
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3471
#: sssd-ipa.5.xml:158
3473
"Note that this default differs from the traditional Kerberos provider back "
3477
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3478
#: sssd-ipa.5.xml:168
3480
"The name of the Kerberos realm. This is optional and defaults to the value "
3481
"of <quote>ipa_domain</quote>."
3484
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3485
#: sssd-ipa.5.xml:172
3487
"The name of the Kerberos realm has a special meaning in IPA - it is "
3488
"converted into the base DN to use for performing LDAP operations."
3491
#. type: Content of: <reference><refentry><refsect1><para>
3492
#: sssd-ipa.5.xml:190
3494
"The following example assumes that SSSD is correctly configured and example."
3495
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
3496
"This examples shows only the ipa provider-specific options."
3499
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
3500
#: sssd-ipa.5.xml:197
3503
" [domain/example.com]\n"
3504
" id_provider = ipa\n"
3505
" ipa_server = ipaserver.example.com\n"
3506
" ipa_hostname = myhost.example.com\n"
3509
#. type: Content of: <reference><refentry><refsect1><para>
3510
#: sssd-ipa.5.xml:208
3512
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
3513
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
3514
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
3515
"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
3516
"citerefentry>, <citerefentry> <refentrytitle>sssd</"
3517
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
3520
#. type: Content of: <reference><refentry><refnamediv><refname>
3521
#: sssd.8.xml:10 sssd.8.xml:15
3525
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
3527
msgid "System Security Services Daemon"
3530
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
3533
"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
3534
"replaceable> </arg>"
3537
#. type: Content of: <reference><refentry><refsect1><para>
3540
"<command>SSSD</command> provides a set of daemons to manage access to remote "
3541
"directories and authentication mechanisms. It provides an NSS and PAM "
3542
"interface toward the system and a pluggable backend system to connect to "
3543
"multiple different account sources as well as D-Bus interface. It is also "
3544
"the basis to provide client auditing and policy services for projects like "
3545
"FreeIPA. It provides a more robust database to store local users as well as "
3546
"extended user data."
3549
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3552
"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
3556
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3559
"Debug level to run the daemon with. 0 is the default as well as the lowest "
3560
"allowed value, 10 is the most verbose mode. This setting overrides the "
3561
"settings from config file. This parameter implies <option>-i</option>."
3564
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3566
msgid "<option>-f</option>,<option>--debug-to-files</option>"
3569
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3572
"Send the debug output to files instead of stderr. By default, the log files "
3573
"are stored in <filename>/var/log/sssd</filename> and there are separate log "
3574
"files for every SSSD service and domain."
3577
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3579
msgid "<option>-D</option>,<option>--daemon</option>"
3582
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3584
msgid "Become a daemon after starting up."
3587
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3589
msgid "<option>-i</option>,<option>--interactive</option>"
3592
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3594
msgid "Run in the foreground, don't become a daemon."
3597
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3599
msgid "<option>-c</option>,<option>--config</option>"
3602
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3605
"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
3606
"conf</filename>. For reference on the config file syntax and options, "
3607
"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
3608
"<manvolnum>5</manvolnum> </citerefentry> manual page."
3611
#. type: Content of: <reference><refentry><refsect1><title>
3616
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3618
msgid "SIGTERM/SIGINT"
3621
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3624
"Informs the SSSD to gracefully terminate all of its child processes and then "
3625
"shut down the monitor."
3628
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3633
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3636
"Tells the SSSD to stop writing to its current debug file descriptors and to "
3637
"close and reopen them. This is meant to facilitate log rolling with programs "
3641
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3646
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3649
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
3650
"useful for testing purposes."
3653
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3658
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3661
"Tells the SSSD to go online immediately. This is mostly useful for testing "
3665
#. type: Content of: <reference><refentry><refsect1><para>
3668
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
3669
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
3670
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
3671
"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
3672
"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
3673
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
3674
"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
3675
"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
3676
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
3677
"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
3681
#. type: Content of: <reference><refentry><refnamediv><refname>
3682
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
3683
msgid "sss_obfuscate"
3686
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
3687
#: sss_obfuscate.8.xml:16
3688
msgid "obfuscate a clear text password"
3691
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
3692
#: sss_obfuscate.8.xml:21
3694
"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
3695
"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
3696
"replaceable></arg>"
3699
#. type: Content of: <reference><refentry><refsect1><para>
3700
#: sss_obfuscate.8.xml:32
3702
"<command>sss_obfuscate</command> converts a given password into human-"
3703
"unreadable format and places it into appropriate domain section of the SSSD "
3707
#. type: Content of: <reference><refentry><refsect1><para>
3708
#: sss_obfuscate.8.xml:37
3710
"The cleartext password is read from standard input or entered "
3711
"interactively. The obfuscated password is put into "
3712
"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
3713
"<quote>ldap_default_authtok_type</quote> parameter is set to "
3714
"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
3715
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
3716
"citerefentry> for more details on these parameters."
3719
#. type: Content of: <reference><refentry><refsect1><para>
3720
#: sss_obfuscate.8.xml:49
3722
"Please note that obfuscating the password provides <emphasis>no real "
3723
"security benefit</emphasis> as it is still possible for an attacker to "
3724
"reverse-engineer the password back. Using better authentication mechanisms "
3725
"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
3729
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3730
#: sss_obfuscate.8.xml:63
3731
msgid "<option>-s</option>,<option>--stdin</option>"
3734
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3735
#: sss_obfuscate.8.xml:67
3736
msgid "The password to obfuscate will be read from standard input."
3739
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3740
#: sss_obfuscate.8.xml:74
3742
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
3746
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3747
#: sss_obfuscate.8.xml:79
3749
"The SSSD domain to use the password in. The default name is <quote>default</"
3753
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3754
#: sss_obfuscate.8.xml:86
3756
"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
3759
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3760
#: sss_obfuscate.8.xml:91
3761
msgid "Read the config file specified by the positional parameter."
3764
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3765
#: sss_obfuscate.8.xml:95
3766
msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
3769
#. type: Content of: <reference><refentry><refsect1><para>
3770
#: sss_obfuscate.8.xml:105
3772
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
3773
"manvolnum> </citerefentry>"
3776
#. type: Content of: <reference><refentry><refnamediv><refname>
3777
#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
3781
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
3782
#: sss_useradd.8.xml:16
3783
msgid "create a new user"
3786
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
3787
#: sss_useradd.8.xml:21
3789
"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
3790
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
3794
#. type: Content of: <reference><refentry><refsect1><para>
3795
#: sss_useradd.8.xml:32
3797
"<command>sss_useradd</command> creates a new user account using the values "
3798
"specified on the command line plus the default values from the system."
3801
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3802
#: sss_useradd.8.xml:43
3804
"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
3807
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3808
#: sss_useradd.8.xml:48
3810
"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
3811
"not given, it is chosen automatically."
3814
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3815
#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
3817
"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
3821
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3822
#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
3824
"Any text string describing the user. Often used as the field for the user's "
3828
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3829
#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
3831
"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
3835
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3836
#: sss_useradd.8.xml:72
3838
"The home directory of the user account. The default is to append the "
3839
"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
3840
"that as the home directory. The base that is prepended before "
3841
"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
3842
"baseDirectory</quote> setting in sssd.conf."
3845
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3846
#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
3848
"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
3851
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3852
#: sss_useradd.8.xml:87
3854
"The user's login shell. The default is currently <filename>/bin/bash</"
3855
"filename>. The default can be changed with <quote>user_defaults/"
3856
"defaultShell</quote> setting in sssd.conf."
3859
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3860
#: sss_useradd.8.xml:96
3862
"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
3866
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3867
#: sss_useradd.8.xml:101
3868
msgid "A list of existing groups this user is also a member of."
3871
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3872
#: sss_useradd.8.xml:107
3873
msgid "<option>-m</option>,<option>--create-home</option>"
3876
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3877
#: sss_useradd.8.xml:111
3879
"Create the user's home directory if it does not exist. The files and "
3880
"directories contained in the skeleton directory (which can be defined with "
3881
"the -k option or in the config file) will be copied to the home directory."
3884
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3885
#: sss_useradd.8.xml:121
3886
msgid "<option>-M</option>,<option>--no-create-home</option>"
3889
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3890
#: sss_useradd.8.xml:125
3892
"Do not create the user's home directory. Overrides configuration settings."
3895
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3896
#: sss_useradd.8.xml:132
3898
"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
3902
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3903
#: sss_useradd.8.xml:137
3905
"The skeleton directory, which contains files and directories to be copied in "
3906
"the user's home directory, when the home directory is created by "
3907
"<command>sss_useradd</command>."
3910
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3911
#: sss_useradd.8.xml:143
3913
"This option is only valid if the <option>-m</option> (or <option>--create-"
3914
"home</option>) option is specified, or creation of home directories is set "
3915
"to TRUE in the configuration."
3918
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
3919
#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
3921
"<option>-Z</option>,<option>--selinux-user</option> "
3922
"<replaceable>SELINUX_USER</replaceable>"
3925
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
3926
#: sss_useradd.8.xml:157
3928
"The SELinux user for the user's login. If not specified, the system default "
3932
#. type: Content of: <reference><refentry><refsect1><para>
3933
#: sss_useradd.8.xml:169
3935
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
3936
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
3937
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
3938
"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
3939
"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
3940
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
3941
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
3942
"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
3943
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
3946
#. type: Content of: <reference><refentry><refnamediv><refname>
3947
#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
3951
#. type: Content of: <reference><refentry><refsect1><para>
3952
#: sssd-krb5.5.xml:23
3954
"This manual page describes the configuration of the Kerberos 5 "
3955
"authentication backend for <citerefentry> <refentrytitle>sssd</"
3956
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed "
3957
"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
3958
"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
3959
"manvolnum> </citerefentry> manual page"
3962
#. type: Content of: <reference><refentry><refsect1><para>
3963
#: sssd-krb5.5.xml:36
3965
"The Kerberos 5 authentication backend contains auth and chpass providers. It "
3966
"must be paired with identity provider in order to function properly (for "
3967
"example, id_provider = ldap). Some information required by the Kerberos 5 "
3968
"authentication backend must be provided by the identity provider, such as "
3969
"the user's Kerberos Principal Name (UPN). The configuration of the identity "
3970
"provider should have an entry to specify the UPN. Please refer to the man "
3971
"page for the applicable identity provider for details on how to configure "
3975
#. type: Content of: <reference><refentry><refsect1><para>
3976
#: sssd-krb5.5.xml:47
3978
"This backend also provides access control based on the .k5login file in the "
3979
"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
3980
"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
3981
"Please note that an empty .k5login file will deny all access to this user. "
3982
"To activate this feature use 'access_provider = krb5' in your sssd "
3986
#. type: Content of: <reference><refentry><refsect1><para>
3987
#: sssd-krb5.5.xml:55
3989
"In the case where the UPN is not available in the identity backend "
3990
"<command>sssd</command> will construct a UPN using the format "
3991
"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
3994
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3995
#: sssd-krb5.5.xml:106
3997
"The name of the Kerberos realm. This option is required and must be "
4001
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
4002
#: sssd-krb5.5.xml:113
4003
msgid "krb5_kpasswd (string)"
4006
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4007
#: sssd-krb5.5.xml:116
4009
"If the change password service is not running on the KDC alternative servers "
4010
"can be defined here. An optional port number (preceded by a colon) may be "
4011
"appended to the addresses or hostnames."
4014
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4015
#: sssd-krb5.5.xml:122
4017
"For more information on failover and server redundancy, see the "
4018
"<quote>FAILOVER</quote> section. Please note that even if there are no more "
4019
"kpasswd servers to try the back end is not switch to offline if "
4020
"authentication against the KDC is still possible."
4023
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4024
#: sssd-krb5.5.xml:129
4025
msgid "Default: Use the KDC"
4028
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
4029
#: sssd-krb5.5.xml:135
4030
msgid "krb5_ccachedir (string)"
4033
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4034
#: sssd-krb5.5.xml:138
4036
"Directory to store credential caches. All the substitution sequences of "
4037
"krb5_ccname_template can be used here, too, except %d and %P. If the "
4038
"directory does not exist it will be created. If %u, %U, %p or %h are used a "
4039
"private directory belonging to the user is created. Otherwise a public "
4040
"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
4041
"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
4042
"citerefentry> for details) is created."
4045
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4046
#: sssd-krb5.5.xml:151
4047
msgid "Default: /tmp"
4050
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
4051
#: sssd-krb5.5.xml:157
4052
msgid "krb5_ccname_template (string)"
4055
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
4056
#: sssd-krb5.5.xml:166
4060
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
4061
#: sssd-krb5.5.xml:167
4065
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
4066
#: sssd-krb5.5.xml:170
4070
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
4071
#: sssd-krb5.5.xml:171
4075
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
4076
#: sssd-krb5.5.xml:174
4080
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
4081
#: sssd-krb5.5.xml:175
4082
msgid "principal name"
4085
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
4086
#: sssd-krb5.5.xml:179
4090
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
4091
#: sssd-krb5.5.xml:180
4095
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
4096
#: sssd-krb5.5.xml:183
4100
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
4101
#: sssd-krb5.5.xml:184
4102
msgid "home directory"
4105
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
4106
#: sssd-krb5.5.xml:188
4110
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
4111
#: sssd-krb5.5.xml:189
4112
msgid "value of krb5ccache_dir"
4115
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
4116
#: sssd-krb5.5.xml:194
4120
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
4121
#: sssd-krb5.5.xml:195
4122
msgid "the process ID of the sssd client"
4125
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
4126
#: sssd-krb5.5.xml:200
4130
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
4131
#: sssd-krb5.5.xml:201
4132
msgid "a literal '%'"
4135
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4136
#: sssd-krb5.5.xml:160
4138
"Location of the user's credential cache. Currently only file based "
4139
"credential caches are supported. In the template the following sequences are "
4140
"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
4141
"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
4145
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4146
#: sssd-krb5.5.xml:209
4147
msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
4150
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
4151
#: sssd-krb5.5.xml:215
4152
msgid "krb5_auth_timeout (integer)"
4155
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4156
#: sssd-krb5.5.xml:218
4158
"Timeout in seconds after an online authentication or change password request "
4159
"is aborted. If possible the authentication request is continued offline."
4162
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
4163
#: sssd-krb5.5.xml:241
4164
msgid "krb5_keytab (string)"
4167
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4168
#: sssd-krb5.5.xml:244
4170
"The location of the keytab to use when validating credentials obtained from "
4174
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4175
#: sssd-krb5.5.xml:248
4176
msgid "Default: /etc/krb5.keytab"
4179
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
4180
#: sssd-krb5.5.xml:254
4181
msgid "krb5_store_password_if_offline (boolean)"
4184
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4185
#: sssd-krb5.5.xml:257
4187
"Store the password of the user if the provider is offline and use it to "
4188
"request a TGT when the provider gets online again."
4191
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4192
#: sssd-krb5.5.xml:262
4194
"Please note that this feature currently only available on a Linux platform."
4197
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
4198
#: sssd-krb5.5.xml:272
4199
msgid "krb5_renewable_lifetime (string)"
4202
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4203
#: sssd-krb5.5.xml:275
4205
"Request a renewable ticket with a total lifetime given by an integer "
4206
"immediately followed by one of the following delimiters:"
4209
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4210
#: sssd-krb5.5.xml:280 sssd-krb5.5.xml:316
4211
msgid "<emphasis>s</emphasis> seconds"
4214
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4215
#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
4216
msgid "<emphasis>m</emphasis> minutes"
4219
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4220
#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
4221
msgid "<emphasis>h</emphasis> hours"
4224
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4225
#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
4226
msgid "<emphasis>d</emphasis> days."
4229
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4230
#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
4231
msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
4234
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4235
#: sssd-krb5.5.xml:296
4237
"Please note that it is not possible to mix units. If you want to set the "
4238
"renewable lifetime to one and a half hours please use '90m' instead of "
4242
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4243
#: sssd-krb5.5.xml:302
4244
msgid "Default: not set, i.e. the TGT is not renewable"
4247
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
4248
#: sssd-krb5.5.xml:308
4249
msgid "krb5_lifetime (string)"
4252
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4253
#: sssd-krb5.5.xml:311
4255
"Request ticket with a with a lifetime given by an integer immediately "
4256
"followed by one of the following delimiters:"
4259
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4260
#: sssd-krb5.5.xml:332
4262
"Please note that it is not possible to mix units. If you want to set the "
4263
"lifetime to one and a half hours please use '90m' instead of '1h30m'."
4266
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4267
#: sssd-krb5.5.xml:337
4269
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
4272
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
4273
#: sssd-krb5.5.xml:344
4274
msgid "krb5_renew_interval (integer)"
4277
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4278
#: sssd-krb5.5.xml:347
4280
"The time in seconds between two checks if the TGT should be renewed. TGTs "
4281
"are renewed if about half of their lifetime is exceeded."
4284
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4285
#: sssd-krb5.5.xml:352
4286
msgid "If this option is not set or 0 the automatic renewal is disabled."
4289
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
4290
#: sssd-krb5.5.xml:362
4291
msgid "krb5_use_fast (string)"
4294
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4295
#: sssd-krb5.5.xml:365
4297
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
4298
"authentication. The following options are supported:"
4301
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4302
#: sssd-krb5.5.xml:370
4304
"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
4308
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4309
#: sssd-krb5.5.xml:374
4311
"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
4315
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4316
#: sssd-krb5.5.xml:378
4318
"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
4322
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4323
#: sssd-krb5.5.xml:382
4324
msgid "Default: not set, i.e. FAST is not used."
4327
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4328
#: sssd-krb5.5.xml:385
4329
msgid "Please note that a keytab is required to use fast."
4332
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4333
#: sssd-krb5.5.xml:388
4335
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
4336
"and above. If sssd used used with an older version using this option is a "
4337
"configuration error."
4340
#. type: Content of: <reference><refentry><refsect1><para>
4341
#: sssd-krb5.5.xml:65
4343
"If the auth-module krb5 is used in a SSSD domain, the following options must "
4344
"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
4345
"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
4346
"SECTIONS</quote> for details on the configuration of a SSSD domain. "
4347
"<placeholder type=\"variablelist\" id=\"0\"/>"
4350
#. type: Content of: <reference><refentry><refsect1><para>
4351
#: sssd-krb5.5.xml:407
4353
"The following example assumes that SSSD is correctly configured and FOO is "
4354
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
4355
"example shows only configuration of Kerberos authentication, it does not "
4356
"include any identity provider."
4359
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
4360
#: sssd-krb5.5.xml:415
4364
" auth_provider = krb5\n"
4365
" krb5_server = 192.168.1.1\n"
4366
" krb5_realm = EXAMPLE.COM\n"
4369
#. type: Content of: <reference><refentry><refsect1><para>
4370
#: sssd-krb5.5.xml:426
4372
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
4373
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
4374
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
4375
"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
4378
#. type: Content of: <reference><refentry><refnamediv><refname>
4379
#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
4380
msgid "sss_groupadd"
4383
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
4384
#: sss_groupadd.8.xml:16
4385
msgid "create a new group"
4388
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
4389
#: sss_groupadd.8.xml:21
4391
"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
4392
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
4396
#. type: Content of: <reference><refentry><refsect1><para>
4397
#: sss_groupadd.8.xml:32
4399
"<command>sss_groupadd</command> creates a new group. These groups are "
4400
"compatible with POSIX groups, with the additional feature that they can "
4401
"contain other groups as members."
4404
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
4405
#: sss_groupadd.8.xml:43
4407
"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
4410
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
4411
#: sss_groupadd.8.xml:48
4413
"Set the GID of the group to the value of <replaceable>GID</replaceable>. If "
4414
"not given, it is chosen automatically."
4417
#. type: Content of: <reference><refentry><refsect1><para>
4418
#: sss_groupadd.8.xml:60
4420
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
4421
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
4422
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
4423
"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
4424
"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
4425
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
4426
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
4427
"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
4428
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
4431
#. type: Content of: <reference><refentry><refnamediv><refname>
4432
#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
4436
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
4437
#: sss_userdel.8.xml:16
4438
msgid "delete a user account"
4441
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
4442
#: sss_userdel.8.xml:21
4444
"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
4445
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
4449
#. type: Content of: <reference><refentry><refsect1><para>
4450
#: sss_userdel.8.xml:32
4452
"<command>sss_userdel</command> deletes a user identified by login name "
4453
"<replaceable>LOGIN</replaceable> from the system."
4456
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
4457
#: sss_userdel.8.xml:44
4458
msgid "<option>-r</option>,<option>--remove</option>"
4461
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
4462
#: sss_userdel.8.xml:48
4464
"Files in the user's home directory will be removed along with the home "
4465
"directory itself and the user's mail spool. Overrides the configuration."
4468
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
4469
#: sss_userdel.8.xml:56
4470
msgid "<option>-R</option>,<option>--no-remove</option>"
4473
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
4474
#: sss_userdel.8.xml:60
4476
"Files in the user's home directory will NOT be removed along with the home "
4477
"directory itself and the user's mail spool. Overrides the configuration."
4480
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
4481
#: sss_userdel.8.xml:68
4482
msgid "<option>-f</option>,<option>--force</option>"
4485
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
4486
#: sss_userdel.8.xml:72
4488
"This option forces <command>sss_userdel</command> to remove the user's home "
4489
"directory and mail spool, even if they are not owned by the specified user."
4492
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
4493
#: sss_userdel.8.xml:80
4494
msgid "<option>-k</option>,<option>--kick</option>"
4497
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
4498
#: sss_userdel.8.xml:84
4499
msgid "Before actually deleting the user, terminate all his processes."
4502
#. type: Content of: <reference><refentry><refsect1><para>
4503
#: sss_userdel.8.xml:95
4505
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
4506
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
4507
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
4508
"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
4509
"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
4510
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
4511
"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
4512
"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
4513
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
4516
#. type: Content of: <reference><refentry><refnamediv><refname>
4517
#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
4518
msgid "sss_groupdel"
4521
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
4522
#: sss_groupdel.8.xml:16
4523
msgid "delete a group"
4526
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
4527
#: sss_groupdel.8.xml:21
4529
"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
4530
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
4534
#. type: Content of: <reference><refentry><refsect1><para>
4535
#: sss_groupdel.8.xml:32
4537
"<command>sss_groupdel</command> deletes a group identified by its name "
4538
"<replaceable>GROUP</replaceable> from the system."
4541
#. type: Content of: <reference><refentry><refsect1><para>
4542
#: sss_groupdel.8.xml:48
4544
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
4545
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
4546
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
4547
"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
4548
"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
4549
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
4550
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
4551
"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
4552
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
4555
#. type: Content of: <reference><refentry><refnamediv><refname>
4556
#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
4557
msgid "sss_groupshow"
4560
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
4561
#: sss_groupshow.8.xml:16
4562
msgid "print properties of a group"
4565
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
4566
#: sss_groupshow.8.xml:21
4568
"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
4569
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
4573
#. type: Content of: <reference><refentry><refsect1><para>
4574
#: sss_groupshow.8.xml:32
4576
"<command>sss_groupshow</command> displays information about a group "
4577
"identified by its name <replaceable>GROUP</replaceable>. The information "
4578
"includes the group ID number, members of the group and the parent group."
4581
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
4582
#: sss_groupshow.8.xml:43
4583
msgid "<option>-R</option>,<option>--recursive</option>"
4586
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
4587
#: sss_groupshow.8.xml:47
4589
"Also print indirect group members in a tree-like hierarchy. Note that this "
4590
"also affects printing parent groups - without <option>R</option>, only the "
4591
"direct parent will be printed."
4594
#. type: Content of: <reference><refentry><refsect1><para>
4595
#: sss_groupshow.8.xml:60
4597
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
4598
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
4599
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
4600
"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
4601
"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
4602
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
4603
"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
4607
#. type: Content of: <reference><refentry><refnamediv><refname>
4608
#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
4612
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
4613
#: sss_usermod.8.xml:16
4614
msgid "modify a user account"
4617
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
4618
#: sss_usermod.8.xml:21
4620
"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
4621
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
4625
#. type: Content of: <reference><refentry><refsect1><para>
4626
#: sss_usermod.8.xml:32
4628
"<command>sss_usermod</command> modifies the account specified by "
4629
"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
4630
"on the command line."
4633
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
4634
#: sss_usermod.8.xml:60
4635
msgid "The home directory of the user account."
4638
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
4639
#: sss_usermod.8.xml:71
4640
msgid "The user's login shell."
4643
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
4644
#: sss_usermod.8.xml:82
4646
"Append this user to groups specified by the <replaceable>GROUPS</"
4647
"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
4648
"a comma separated list of group names."
4651
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
4652
#: sss_usermod.8.xml:96
4654
"Remove this user from groups specified by the <replaceable>GROUPS</"
4655
"replaceable> parameter."
4658
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
4659
#: sss_usermod.8.xml:103
4660
msgid "<option>-l</option>,<option>--lock</option>"
4663
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
4664
#: sss_usermod.8.xml:107
4665
msgid "Lock the user account. The user won't be able to log in."
4668
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
4669
#: sss_usermod.8.xml:114
4670
msgid "<option>-u</option>,<option>--unlock</option>"
4673
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
4674
#: sss_usermod.8.xml:118
4675
msgid "Unlock the user account."
4678
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
4679
#: sss_usermod.8.xml:129
4680
msgid "The SELinux user for the user's login."
4683
#. type: Content of: <reference><refentry><refsect1><para>
4684
#: sss_usermod.8.xml:140
4686
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
4687
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
4688
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
4689
"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
4690
"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
4691
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
4692
"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
4693
"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
4694
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
4697
#. type: Content of: <refsect1><title>
4698
#: include/service_discovery.xml:2
4699
msgid "SERVICE DISCOVERY"
4702
#. type: Content of: <refsect1><para>
4703
#: include/service_discovery.xml:4
4705
"The service discovery feature allows back ends to automatically find the "
4706
"appropriate servers to connect to using a special DNS query."
4709
#. type: Content of: <refsect1><refsect2><title>
4710
#: include/service_discovery.xml:9
4711
msgid "Configuration"
4714
#. type: Content of: <refsect1><refsect2><para>
4715
#: include/service_discovery.xml:11
4717
"If no servers are specified, the back end automatically uses service "
4718
"discovery to try to find a server. Optionally, the user may choose to use "
4719
"both fixed server addresses and service discovery by inserting a special "
4720
"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
4721
"preference is maintained. This feature is useful if, for example, the user "
4722
"prefers to use service discovery whenever possible, and fall back to a "
4723
"specific server when no servers can be discovered using DNS."
4726
#. type: Content of: <refsect1><refsect2><title>
4727
#: include/service_discovery.xml:23
4728
msgid "The domain name"
4731
#. type: Content of: <refsect1><refsect2><para>
4732
#: include/service_discovery.xml:25
4734
"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
4735
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
4736
"manvolnum> </citerefentry> manual page for more details."
4739
#. type: Content of: <refsect1><refsect2><title>
4740
#: include/service_discovery.xml:35
4741
msgid "The protocol"
4744
#. type: Content of: <refsect1><refsect2><para>
4745
#: include/service_discovery.xml:37
4747
"The queries usually specify _tcp as the protocol. Exceptions are documented "
4748
"in respective option description."
4751
#. type: Content of: <refsect1><refsect2><title>
4752
#: include/service_discovery.xml:42
4756
#. type: Content of: <refsect1><refsect2><para>
4757
#: include/service_discovery.xml:44
4759
"For more information on the service discovery mechanism, refer to RFC 2782."
4762
#. type: Content of: outside any tag (error?)
4763
#: include/upstream.xml:1
4764
msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
4767
#. type: Content of: <refsect1><title>
4768
#: include/failover.xml:2
4772
#. type: Content of: <refsect1><para>
4773
#: include/failover.xml:4
4775
"The failover feature allows back ends to automatically switch to a different "
4776
"server if the primary server fails."
4779
#. type: Content of: <refsect1><refsect2><title>
4780
#: include/failover.xml:8
4781
msgid "Failover Syntax"
4784
#. type: Content of: <refsect1><refsect2><para>
4785
#: include/failover.xml:10
4787
"The list of servers is given as a comma-separated list; any number of spaces "
4788
"is allowed around the comma. The servers are listed in order of preference. "
4789
"The list can contain any number of servers."
4792
#. type: Content of: <refsect1><refsect2><title>
4793
#: include/failover.xml:17
4794
msgid "The Failover Mechanism"
4797
#. type: Content of: <refsect1><refsect2><para>
4798
#: include/failover.xml:19
4800
"The failover mechanism distinguishes between a machine and a service. The "
4801
"back end first tries to resolve the hostname of a given machine; if this "
4802
"resolution attempt fails, the machine is considered offline. No further "
4803
"attempts are made to connect to this machine for any other service. If the "
4804
"resolution attempt succeeds, the back end tries to connect to a service on "
4805
"this machine. If the service connection attempt fails, then only this "
4806
"particular service is considered offline and the back end automatically "
4807
"switches over to the next service. The machine is still considered online "
4808
"and might still be tried for another service."
4811
#. type: Content of: <refsect1><refsect2><para>
4812
#: include/failover.xml:32
4814
"Further connection attempts are made to machines or services marked as "
4815
"offline after a specified period of time; this is currently hard coded to 30 "
4819
#. type: Content of: <refsect1><refsect2><para>
4820
#: include/failover.xml:37
4822
"If there are no more machines to try, the back end as a whole switches to "
4823
"offline mode, and then attempts to reconnect every 30 seconds."
4826
#. type: Content of: <varlistentry><term>
4827
#: include/param_help.xml:3
4828
msgid "<option>-h</option>,<option>--help</option>"
4831
#. type: Content of: <varlistentry><listitem><para>
4832
#: include/param_help.xml:7
4833
msgid "Display help message and exit."