>From fbe41650dcf8c7adc45bea49c6937bff70f74316 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 20 Aug 2009 15:35:55 +0200 Subject: [PATCH] extended the documentation of LDAP backend Added man pages sections about user and group attribute mapping. Added an example configuration to access an AD server. --- server/examples/sssd.conf | 26 ++++++ server/man/sssd-ldap.5.xml | 189 +++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 211 insertions(+), 4 deletions(-) diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf index d57bed7..90e0c8d 100644 --- a/server/examples/sssd.conf +++ b/server/examples/sssd.conf @@ -88,3 +88,29 @@ description = Domains served by SSSD ; #if a backend is particularly slow you can raise this timeout here ; timeout = 60 + +# Example LDAP domain where the LDAP server is an Active Directory server. + +; [domains/AD] +; description = LDAP domain with AD server +; enumerate = 0 +; minId = 1000 +; +; provider = ldap +; auth-module = ldap +; ldapUri = ldap://your.ad.server.com +; userSearchBase = cn=users,dc=example,dc=com +; groupSearchBase = cn=users,dc=example,dc=com +; defaultBindDn = cn=Administrator,cn=Users,dc=example,dc=com +; defaultAuthtokType = password +; defaultAuthtok = YOUR_PASSWORD +; userObjectClass = person +; userName = msSFU30Name +; userUidNumber = msSFU30UidNumber +; userGidNumber = msSFU30GidNumber +; userHomeDirectory = msSFU30HomeDirectory +; userShell = msSFU30LoginShell +; userPrincipal = userPrincipalName +; groupObjectClass = group +; groupName = msSFU30Name +; groupGidNumber = msSFU30GidNumber diff --git a/server/man/sssd-ldap.5.xml b/server/man/sssd-ldap.5.xml index 385a299..db9b7ad 100644 --- a/server/man/sssd-ldap.5.xml +++ b/server/man/sssd-ldap.5.xml @@ -103,7 +103,19 @@ - userNameAttribute (string) + userObjectClass (string) + + + The object class of a user entry in LDAP. + + + Default: posixAccount + + + + + + userName (string) The LDAP attribute that corresponds to @@ -116,13 +128,182 @@ - userObjectClass (string) + userUidNumber (string) - The object class of a user entry in LDAP. + The LDAP attribute that corresponds to + user's id. - Default: posixAccount + Default: uidNumber + + + + + + userGidNumber (string) + + + The LDAP attribute that corresponds to + user's primary group id. + + + Default: gidNumber + + + + + + userGecos (string) + + + The LDAP attribute that corresponds to + user's gecos field. + + + Default: gecos + + + + + + userHomeDirectory (string) + + + The LDAP attribute that contains the name of the + home directory of a user. + + + Default: homeDirectory + + + + + + userShell (string) + + + The LDAP attribute that contains the path of the + user's default shell. + + + Default: loginShell + + + + + + userUUID (string) + + + The LDAP attribute that contains the UUID/GUID of + a LDAP user object. + + + Default: nsUniqueId + + + + + + userPrincipal (string) + + + The LDAP attribute that contains the Kerberos + User Principle Name (UPN) of the user. + + + Default: krbPrincipalName + + + + + + userFullname (string) + + + The LDAP attribute that corresponds to + full name of the user. + + + Default: cn + + + + + + userMemberOf (string) + + + The LDAP attribute that list the user's + groupmenberships. + + + Default: memberOf + + + + + + groupObjectClass (string) + + + The object class of a group entry in LDAP. + + + Default: posixGroup + + + + + + groupName (string) + + + The LDAP attribute that corresponds to + the group name. + + + Default: cn + + + + + + groupGidNumber (string) + + + The LDAP attribute that corresponds to + group's id. + + + Default: gidNumber + + + + + + groupMember (string) + + + The LDAP attribute that contains the names of + the members of the group. + + + Default: memberuid + + + + + + groupUUID (string) + + + The LDAP attribute that contains the UUID/GUID of + a LDAP group object. + + + Default: nsUniqueId -- 1.6.2.5