-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/25/2010 09:36 AM, Jan Zelený wrote:
The main difference between these two schema types is
how group memberships are recorded in the server.
I would personally prefer not to delete the above sentence altogether, just rephrase it. Sorry for nitpicking, but I know that the schema differences have been a cause of confusion among users, so I think we should keep the documentation as descriptive as possible.
<varlistentry>
<term>ldap_user_modify_timestamp (string)</term>
<listitem>
<para>
The LDAP attribute that contains timestamp of the
last modification of the parental object.
This would better be answered by a native English speaker, but "parental object" does not sound right to me, is just "parent object" better?
Also, In description of most of the added ldap_user_* attributes, I think that "this parameter" would sound better than just "this".
<varlistentry>
<term>entry_cache_timeout (integer)</term>
<listitem>
<para>
This represents how long the record (either user or
group) will be valid in cache after it is loaded.
Every record has the same timeout. The value is in
seconds.
</para>
<para>
Default: 5400 (1.5 hours)
This option is already described in sssd.conf since it is used by the proxy backend, too.
<varlistentry>
<term>account_cache_expiration (integer)</term>
<listitem>
<para>
Specifies how many days have to pass without user
logged in before he can be deleted from cache
during cleanup. Zero disables account cleanup.
</para>
<para>
Default: 0
</para>
</listitem>
</varlistentry>
<varlistentry>
I'm wondering whether this should be considered a generic option, similar to entry_cache_timeout and documented in sssd.conf. I think any future back ends might implement a cleanup task, too, controlled by the same parameter, even though LDAP is the only implemented ID provider so far.
Otherwise, looks good to me. Good work!
Jakub