SSSD-LDAP-ATTRIBUT(5) NAME sssd-ldap-attributes - LDAP SSSD: LDAP SSSD sssd-ldap(5). LDAP SSSD sssd-ldap(5). ldap_user_object_class () LDAP. : posixAccount ldap_user_name () LDAP, . : uid (rfc2307, rfc2307bis IPA), sAMAccountName (AD) ldap_user_uid_number () LDAP, . : uidNumber ldap_user_gid_number () LDAP, . : gidNumber ldap_user_primary_group () Active Directory ID. , , "ldap" ID. : (LDAP), primaryGroupID (AD) ldap_user_gecos () LDAP, gecos . : gecos ldap_user_home_directory () LDAP, . : homeDirectory (LDAP IPA), unixHomeDirectory (AD) ldap_user_shell () LDAP, . : loginShell ldap_user_uuid () LDAP, UUID/GUID LDAP. : , objectGUID AD ipaUniqueID IPA ldap_user_objectsid () LDAP, objectSID LDAP. Active Directory. : objectSid Active Directory, . ldap_user_modify_timestamp () LDAP, . : modifyTimestamp ldap_user_shadow_last_change () ldap_pwd_policy=shadow, LDAP, shadow(5) ( ). : shadowLastChange ldap_user_shadow_min () ldap_pwd_policy=shadow, LDAP, shadow(5) ( ). : shadowMin ldap_user_shadow_max () ldap_pwd_policy=shadow, LDAP, shadow(5) ( ). : shadowMax ldap_user_shadow_warning () ldap_pwd_policy=shadow, LDAP, shadow(5) ( ). : shadowWarning ldap_user_shadow_inactive () ldap_pwd_policy=shadow, LDAP, shadow(5) ( ). : shadowInactive ldap_user_shadow_expire () ldap_pwd_policy=shadow ldap_account_expire_policy=shadow, LDAP, shadow(5) ( ). : shadowExpire ldap_user_krb_last_pwd_change () ldap_pwd_policy=mit_kerberos, LDAP, kerberos. : krbLastPwdChange ldap_user_krb_password_expiration () ldap_pwd_policy=mit_kerberos, LDAP, . : krbPasswordExpiration ldap_user_ad_account_expires () ldap_account_expire_policy=ad, LDAP, . : accountExpires ldap_user_ad_user_account_control () ldap_account_expire_policy=ad, LDAP, . : userAccountControl ldap_ns_account_lock () ldap_account_expire_policy=rhds , , . : nsAccountLock ldap_user_nds_login_disabled () ldap_account_expire_policy=nds, , . : loginDisabled ldap_user_nds_login_expiration_time () ldap_account_expire_policy=nds, , . : loginDisabled ldap_user_nds_login_allowed_time_map () ldap_account_expire_policy=nds, , . : loginAllowedTimeMap ldap_user_principal () LDAP, - Kerberos (UPN) . : krbPrincipalName ldap_user_extra_attrs () LDAP, SSSD . LDAP, SSSD LDAP. LDAP, . , SSSD LDAP, SSSD. , SSSD ( , "name"). SSSD , - . : ldap_user_extra_attrs = telephoneNumber "telephoneNumber" LDAP "telephoneNumber". ldap_user_extra_attrs = phone:telephoneNumber "telephoneNumber" LDAP "phone". : ldap_user_ssh_public_key () LDAP, SSH . : sshPublicKey ldap_user_fullname () LDAP, . : cn ldap_user_member_of () LDAP , . : memberOf ldap_user_authorized_service () access_provider=ldap ldap_access_order=authorized_service, SSSD authorizedService LDAP . (!svc). SSSD (svc), -- , allow_all (*). , ldap_access_order "authorized_service", ldap_user_authorized_service. (, Fedora-29+ RHEL-8) PAM "systemd-user" . , , "systemd-user" . : authorizedService ldap_user_authorized_host () access_provider=ldap ldap_access_order=host, SSSD host LDAP . (!host). SSSD (host), -- , allow_all (*). , ldap_access_order "host", ldap_user_authorized_host. : host ldap_user_authorized_rhost () access_provider=ldap ldap_access_order=rhost, SSSD rhost LDAP . . (!rhost). SSSD (rhost), -- , allow_all (*). , ldap_access_order "rhost", ldap_user_authorized_rhost. : rhost ldap_user_certificate () LDAP, X509 . : userCertificate;binary ldap_user_email () LDAP, . Note: If an email address of a user conflicts with an email address or fully qualified name of another user, then SSSD will not be able to serve those users properly. This option allows users to login by (1) username, and (2) e-mail address. If for some reason several users need to share the same email address then set this option to a nonexistent attribute name in order to disable user lookup/login by email. : mail ldap_group_object_class () LDAP. : posixGroup ldap_group_name () The LDAP attribute that corresponds to the group name. In an environment with nested groups, this value must be an LDAP attribute which has a unique name for every group. This requirement includes non-POSIX groups in the tree of nested groups. : cn (rfc2307, rfc2307bis IPA), sAMAccountName (AD) ldap_group_gid_number () LDAP, . : gidNumber ldap_group_member () LDAP, . : memberuid (rfc2307) / member (rfc2307bis) ldap_group_uuid () LDAP, UUID/GUID LDAP. : , objectGUID AD ipaUniqueID IPA ldap_group_objectsid () LDAP, objectSID LDAP. Active Directory. : objectSid Active Directory, . ldap_group_modify_timestamp () LDAP, . : modifyTimestamp ldap_group_type () LDAP, , , , , . AD , , , . : groupType AD, ldap_group_external_member () LDAP, , . IPA. : ipaExternalMember IPA, . ldap_netgroup_object_class () LDAP. IPA ipa_netgroup_object_class. : nisNetgroup ldap_netgroup_name () LDAP, . IPA ipa_netgroup_name. : cn ldap_netgroup_member () LDAP, . IPA ipa_netgroup_member. : memberNisNetgroup ldap_netgroup_triple () LDAP, (, , ) . IPA. : nisNetgroupTriple ldap_netgroup_modify_timestamp () LDAP, . IPA. : modifyTimestamp ldap_host_object_class () LDAP. : ipService ldap_host_name () LDAP, . : cn ldap_host_fqdn () LDAP, . : fqdn ldap_host_serverhostname () LDAP, . : serverHostname ldap_host_member_of () LDAP , . : memberOf ldap_host_ssh_public_key () LDAP, SSH . : sshPublicKey ldap_host_uuid () LDAP, UUID/GUID LDAP. : ldap_service_object_class () LDAP. : ipService ldap_service_name () LDAP, . : cn ldap_service_port () LDAP, , . : ipServicePort ldap_service_proto () LDAP, , . : ipServiceProtocol SUDO ldap_sudorule_object_class () sudo LDAP. : sudoRole ldap_sudorule_name () LDAP, sudo. : cn ldap_sudorule_command () LDAP, . : sudoCommand ldap_sudorule_host () LDAP, ( IP- , IP- ) : sudoHost ldap_sudorule_user () LDAP, ( UID, ) : sudoUser ldap_sudorule_option () LDAP, SUDO. : sudoOption ldap_sudorule_runasuser () LDAP, , . : sudoRunAsUser ldap_sudorule_runasgroup () LDAP, GID , . : sudoRunAsGroup ldap_sudorule_notbefore () LDAP, SUDO. : sudoNotBefore ldap_sudorule_notafter () LDAP, sudo. : sudoNotAfter ldap_sudorule_order () LDAP, . : sudoOrder AUTOFS ldap_autofs_map_object_class () LDAP. : nisMap (rfc2307, autofs_provider=ad), -- automountMap ldap_autofs_map_name () LDAP. : nisMapName (rfc2307, autofs_provider=ad), -- automountMapName ldap_autofs_entry_object_class () LDAP. . : nisObject (rfc2307, autofs_provider=ad), -- automount ldap_autofs_entry_key () LDAP. . : cn (rfc2307, autofs_provider=ad), -- automountKey ldap_autofs_entry_value () LDAP. . : nisMapEntry (rfc2307, autofs_provider=ad), -- automountInformation IP- ldap_iphost_object_class () IP- LDAP. : ipHost ldap_iphost_name () LDAP, IP- . : cn ldap_iphost_number () LDAP, IP-. : ipHostNumber IP- ldap_ipnetwork_object_class () IP- LDAP. : ipNetwork ldap_ipnetwork_name () LDAP, IP- . : cn ldap_ipnetwork_number () LDAP, IP-. : ipNetworkNumber . sssd(8), sssd.conf(5), sssd-ldap(5), sssd-ldap-attributes(5), sssd- krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd- sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8). sss_rpcidmapd(5) AUTHORS (<<>>) SSSD -- https://github.com/SSSD/sssd/ SSSD 05/17/2024 SSSD-LDAP-ATTRIBUT(5)