SSSD-LDAP-ATTRIBUT(5) NAME sssd-ldap-attributes - LDAP SSSD: ' ' LDAP SSSD sssd-ldap(5). LDAP SSSD sssd-ldap(5). ldap_user_object_class () ' LDAP. : posixAccount ldap_user_name () LDAP, . : uid (rfc2307, rfc2307bis IPA), sAMAccountName (AD) ldap_user_uid_number () LDAP, . : uidNumber ldap_user_gid_number () LDAP, . : gidNumber ldap_user_primary_group () Active Directory . , , "ldap" ' . : unset (LDAP), primaryGroupID (AD) ldap_user_gecos () LDAP, gecos . : gecos ldap_user_home_directory () LDAP, . : homeDirectory (LDAP IPA), unixHomeDirectory (AD) ldap_user_shell () LDAP, . : loginShell ldap_user_uuid () LDAP, UUID/GUID ' LDAP. : , objectGUID AD ipaUniqueID IPA ldap_user_objectsid () LDAP, objectSID ' LDAP. , ActiveDirectory. : objectSid ActiveDirectory, . ldap_user_modify_timestamp () LDAP, '. : modifyTimestamp ldap_user_shadow_last_change () ldap_pwd_policy=shadow LDAP, shadow(5) ( ). : shadowLastChange ldap_user_shadow_min () ldap_pwd_policy=shadow LDAP, shadow(5) ( ). : shadowMin ldap_user_shadow_max () ldap_pwd_policy=shadow LDAP, shadow(5) ( ). : shadowMax ldap_user_shadow_warning () ldap_pwd_policy=shadow LDAP, shadow(5) ( ). : shadowWarning ldap_user_shadow_inactive () ldap_pwd_policy=shadow LDAP, shadow(5) ( ). : shadowInactive ldap_user_shadow_expire () ldap_pwd_policy=shadow ldap_account_expire_policy=shadow LDAP, shadow(5) ( ). : shadowExpire ldap_user_krb_last_pwd_change () ldap_pwd_policy=mit_kerberos, LDAP, kerberos. : krbLastPwdChange ldap_user_krb_password_expiration () ldap_pwd_policy=mit_kerberos, LDAP, . : krbPasswordExpiration ldap_user_ad_account_expires () ldap_account_expire_policy=ad, LDAP, . : accountExpires ldap_user_ad_user_account_control () ldap_account_expire_policy=ad, LDAP, . : userAccountControl ldap_ns_account_lock () ldap_account_expire_policy=rhds , , . : nsAccountLock ldap_user_nds_login_disabled () ldap_account_expire_policy=nds, , . : loginDisabled ldap_user_nds_login_expiration_time () ldap_account_expire_policy=nds, , . : loginDisabled ldap_user_nds_login_allowed_time_map () ldap_account_expire_policy=nds, , . : loginAllowedTimeMap ldap_user_principal () LDAP, Kerberos User Principal Name (UPN) . : krbPrincipalName ldap_user_extra_attrs () LDAP, SSSD . LDAP, SSSD LDAP. LDAP, . SSSD , SSSD LDAP. , , SSSD, <>. SSSD , - . : ldap_user_extra_attrs = telephoneNumber <> LDAP <> . ldap_user_extra_attrs = phone:telephoneNumber <> LDAP <> . : not set ldap_user_ssh_public_key () LDAP, SSH . : sshPublicKey ldap_user_fullname () LDAP, . : cn ldap_user_member_of () LDAP , . : memberOf ldap_user_authorized_service () access_provider=ldap ldap_access_order=authorized_service, SSSD authorizedService LDAP . (!svc). SSSD (svc) allow_all (*). , , ldap_access_order "authorized_service", ldap_user_authorized_service. ( Fedora-29+ RHEL-8) PAM "systemd-user" . "systemd-user" . : authorizedService ldap_user_authorized_host () access_provider=ldap ldap_access_order=host, SSSD host LDAP . (!host). SSSD (host) allow_all (*). , , ldap_access_order "host", ldap_user_authorized_host. : host ldap_user_authorized_rhost () access_provider=ldap ldap_access_order=rhost, SSSD rhost LDAP . . (!rhost). SSSD (rhost) allow_all (*). , , ldap_access_order "rhost", ldap_user_authorized_rhost. : rhost ldap_user_certificate () LDAP, X509 . : userCertificate;binary ldap_user_email () LDAP, . : ' , SSSD . , , . : mail ldap_group_object_class () ' LDAP. : posixGroup ldap_group_name () The LDAP attribute that corresponds to the group name. In an environment with nested groups, this value must be an LDAP attribute which has a unique name for every group. This requirement includes non-POSIX groups in the tree of nested groups. : cn (rfc2307, rfc2307bis IPA), sAMAccountName (AD) ldap_group_gid_number () LDAP, . : gidNumber ldap_group_member () LDAP, . : memberuid (rfc2307) / member (rfc2307bis) ldap_group_uuid () LDAP, UUID/GUID ' LDAP. : , objectGUID AD ipaUniqueID IPA ldap_group_objectsid () LDAP, objectSID ' LDAP. , ActiveDirectory. : objectSid ActiveDirectory, . ldap_group_modify_timestamp () LDAP, '. : modifyTimestamp ldap_group_type () LDAP, , , , . AD , () . : groupType AD, ldap_group_external_member () LDAP, , . IPA. : ipaExternalMember IPA, . ldap_netgroup_object_class () ' (netgroup) LDAP. IPA ipa_netgroup_object_class. : nisNetgroup ldap_netgroup_name () LDAP, (netgroup). IPA ipa_netgroup_name. : cn ldap_netgroup_member () LDAP, (netgroup). IPA ipa_netgroup_member. : memberNisNetgroup ldap_netgroup_triple () LDAP, (, , ). IPA. : nisNetgroupTriple ldap_netgroup_modify_timestamp () LDAP, '. IPA. : modifyTimestamp ldap_host_object_class () ' LDAP. : ipService ldap_host_name () LDAP, . : cn ldap_host_fqdn () LDAP, . : fqdn ldap_host_serverhostname () LDAP, . : serverHostname ldap_host_member_of () LDAP , . : memberOf ldap_host_ssh_public_key () LDAP, SSH . : sshPublicKey ldap_host_uuid () LDAP, UUID/GUID ' LDAP. : not set ldap_service_object_class () ' LDAP. : ipService ldap_service_name () LDAP, . : cn ldap_service_port () LDAP, , . : ipServicePort ldap_service_proto () LDAP, , . : ipServiceProtocol SUDO ldap_sudorule_object_class () ' sudo LDAP. : sudoRole ldap_sudorule_name () LDAP, sudo. : cn ldap_sudorule_command () LDAP, . : sudoCommand ldap_sudorule_host () LDAP, ( IP- , IP- , ) : sudoHost ldap_sudorule_user () LDAP, ( UID, ) : sudoUser ldap_sudorule_option () LDAP, sudo. : sudoOption ldap_sudorule_runasuser () LDAP, , . : sudoRunAsUser ldap_sudorule_runasgroup () LDAP, GID, . : sudoRunAsGroup ldap_sudorule_notbefore () LDAP, sudo. : sudoNotBefore ldap_sudorule_notafter () LDAP, sudo. : sudoNotAfter ldap_sudorule_order () LDAP, . : sudoOrder AUTOFS ldap_autofs_map_object_class () ' LDAP. : nisMap (rfc2307, autofs_provider=ad), automountMap ldap_autofs_map_name () LDAP. : nisMapName (rfc2307, autofs_provider=ad), automountMapName ldap_autofs_entry_object_class () ' LDAP. . : nisObject (rfc2307, autofs_provider=ad), automount ldap_autofs_entry_key () LDAP. . : cn (rfc2307, autofs_provider=ad), automountKey ldap_autofs_entry_value () LDAP. . : nisMapEntry (rfc2307, autofs_provider=ad), automountInformation IP ldap_iphost_object_class () ' iphost LDAP. : ipHost ldap_iphost_name () LDAP, IP . : cn ldap_iphost_number () LDAP, IP . : ipHostNumber IP ldap_ipnetwork_object_class () ' ipnetwork LDAP. : ipNetwork ldap_ipnetwork_name () LDAP, IP . : cn ldap_ipnetwork_number () LDAP, IP. : ipNetworkNumber sssd(8), sssd.conf(5), sssd-ldap(5), sssd-ldap-attributes(5), sssd- krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd- sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8). sss_rpcidmapd(5) AUTHORS SSSD -- https://pagure.io/SSSD/sssd/ SSSD 04/09/2024 SSSD-LDAP-ATTRIBUT(5)