SSSD-LDAP(5)
>>>>>>> >>>>>> >> >>>>>>>
NAME
sssd-ldap - >>>>>> >>>>>>> >>>>>
LDAP SSSD
>>>>
>> >>> >>>>>>>> >>>>>>>>>
>>>>>>> >>>>>>>>>>>>
>>>>>>> LDAP >>> sssd(8). >>>
>>>>>>>>> >>>>>> >>>
>>>>>>>>> >>>>>>>>>>>>,
>>>>>>>>>> >> >>>>>>>
<<>>>>>> >>>>>>> >>>>>>>>
>>>>>>>>> sssd.conf(5).
>> >>>>>> >>>>>>>>>>> SSSD >>
>>>>>>>>>>>> >>>>>>>>>
>>>>>>> LDAP.
LDAP back end supports id, auth, access and chpass providers. If you
want to authenticate against an LDAP server either TLS/SSL or LDAPS is
required. sssd does not support authentication over an unencrypted
channel. Even if the LDAP server is used only as an identity provider,
an encrypted channel is strongly recommended. Please refer to
"ldap_access_filter" config option for more information about using
LDAP as an access provider.
>>>>>>>>> >>>>>>>>>>>>
>>> >>>>>>>> >>>>>>>>>
>>>>>>>>>>>>, >>>
>>>>>>>>>> >>>>>>> SSSD,
>>>>> >>>>>>>>>> >
>>>>>>> LDAP. >>>>>>>>>> >>
>>>>>>> <<>>>>>>> >>>>>>>>>
>>>>>>>> >>>>>>>>>> sssd.conf(5),
>>> >>>>>>>>> >>>>>>.
>>>>>>>>, >> >>>>>>>>
>>>>'>>>> >> LDAP SSSD >>>>>>> >>
>>>>>>>> >>>>>>>>>> >>>>
sssd-ldap-attributes(5).
ldap_uri, ldap_backup_uri (>>>>>)
>>>>>>>> >>>>>> >>>>>
>>>>>>>> LDAP,
>>>>>>>>>>>>> >>>>>>, >
>>>>> SSSD >>>
>>>>>>>>>>>>> >'>>>>>>>
> >>>>>>> >>>>>>>>>>.
>>>>>>>>>> >> >>>>>>>
<<>>>>>>>>, >>> >>>>>>>>>
>>>>>> >>> >>>>>>>>>>>
>> >>>>>>>> >>>>>>> >>
>>>>>>>>> >>>>>>>. >>>>
>> >>>>>>>, >>>>
>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>>.
>>>>>>>>>> >>>>>>>>>
>>>>> >>>>>> > >>>>>>>
<<>>>>> >>>>>>>.
>>>>>> >>>>>> >>>
>>>>>>>>>>> >>>>>>>, >>
>>>>>>>>>>>> RFC 2732:
ldap[s]://<>>>>>>[:>>>>]
> >>>>> >>>>>>> IPv6 <>>>>>>
>>> >>>> >>>>>>> >
>>>>>>>>>> >>>>>>, []
>>>>>>>: ldap://[fc00::126:25]:389
ldap_chpass_uri, ldap_chpass_backup_uri (>>>>>)
>>>>>>>> >>>>>> >>>>>
>>>>>>>> LDAP,
>>>>>>>>>>>>> >>>>>>, >
>>>>> SSSD >>>
>>>>>>>>>>>>> >'>>>>>>>
> >>>>>>> >>>>>>>>>> >>>
>>>>> >>>>>>
>>>>>>>>>>>. >>>>>>>>>>
>> >>>>>>> <<>>>>>>>>, >>>
>>>>>>>>> >>>>>> >>>
>>>>>>>>>>> >> >>>>>>>>
>>>>>>> >> >>>>>>>>>
>>>>>>>.
>>> >>>>, >>> >>>>>>>>>>
>>>>>>>>>> >>>>>, >>>>
>>>>>>>>>> >>>>>>>>
>>>>>>>>> ldap_chpass_dns_service_name.
>>>>>> >>>>>>>>: >>>>>>>,
>>>>> >>>>>>>>>>>>>>>>
ldap_uri.
ldap_search_base (>>>>>)
>>>>>> >>>>>> >>>>>
>>>>>>, >>> >>>>
>>>>>>>>>>>>>>> >>>
>>>>>>>>> >>> >>> >>>>>
>>>>>>>>>>> LDAP.
>>>>>>>>> > SSSD 1.7.0, > SSSD
>>>>>>>>>>> >>>>>>>>>
>>>>>>>>>> >>>>>>>>>
>>>>> >>> >>>>>> >>
>>>>>>>>> >>>>>
>>>>>>>>>>>>
>>>>>>>>>>>:
>>>>>>_>>>>>>[?>>>>>>>>?[>>>>>>][?>>>>>>_>>>>>>?>>>>>>>>?[>>>>>>]]*]
>>>>>>>>>> >>>> >>>>
>>>> >> >>>>>>>, <>
(>>>>>>), <> (>>>>>>>
>>>>>>) >>> <>
(>>>>>>>>>).
>>>>>>>> >>> >>>>
>>>>>>>>> >>>>>
>>>>>>>>>>>> LDAP,
>>>>>>>>>> >>
>>>>>>>>>>>>
http://www.ietf.org/rfc/rfc2254.txt
>>>>>>>>:
ldap_search_base = dc=example,dc=com
(>>>>>>>>>>>> >>) ldap_search_base =
dc=example,dc=com?subtree?
ldap_search_base =
cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree?
>>>>>>>>>>: >>>>>>>>>
>>>>>>>>>> >>>>>>>>>
>>>>> >>>>>> >
>>>>>>>>>> >> >>'>>>> >
>>>>>>>>>> >>>>>>>
(>>>>>>>>> >>>> >
>>>>>>>>> >>>>>> > >>>>
>>>>>> >>>>>>> >>>>>>) >>
>>>>>>>>>>>. >>>>
>>>>>>>>>> >>>>>>
>>>>>>>>> >>
>>>>>>>>>>>>>>>>
>>>>>>>>>>> >>
>>>>>>>>>>> >>>>'>>>>>>.
>>>>>> >>>>>>>>: >>>>
>>>>>>>> >> >>>>>>>>>>>,
>>>> >>>>>>>>>>>
>>>>>>>> >>>>>>>>
defaultNamingContext >>> namingContexts > RootDSE
>>>>>>> LDAP. >>>> >>>>>>
defaultNamingContext >> >>>>> >>> >>>
>>>>> >>> >>>>>>>
>>>>>>>>, >>>>
>>>>>>>>>>> namingContexts. >>>
>>>>>> >>>>>>> >>>>>>>>,
>>> >>>>>>> namingContexts >>>
>>>>> >>>>>>>> DN >>>>
>>>>>> >>>>>>> LDAP.
>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>> >>
>>>>>>>>>>>.
ldap_schema (>>>>>)
>>>>>>>> >>> >>>>>, >>
>>>>>>>>>>>>>>>> >>
>>>>>>> LDAP >>>>>>>>>>>.
>>>>>>>>>> >> >>>>>>>>
>>>>>, >>>>>> >>>>>
>>>>>>>>>, >>>>>>>>> >
>>>>>>>, >>>>>> >>>>
>>>>>>>. >>>>>> >>>>>>>
>>>>>>>>> >>>>> >>>>
>>>> >>>>>>.
> >>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>>>>>
>>>>>>>> >>>>> >>>>:
o rfc2307
o rfc2307bis
o IPA
o AD
>>>>>>>> >>>>>>>>>>>
>>> >>>> >>>>>> >>>> >
>>>>>> >>>>>> >>>>> >>>>
>>>>>> > >>>>>> >>
>>>>>>>. >>>>>>>>>> >>
rfc2307, >>>>>> >>>>>>>>>
>>>> >>>>>>>>>>>>>>> >>
>>>>>>>>>>>>> >
>>>>>>>> memberUid. >>>>>>>>>>
>> rfc2307bis > IPA, >>>>>>
>>>>>>>>> >>>>
>>>>>>>>>>>>>>> >>
>>>>>> >>>>>> (DN) >
>>>>>>>>>>>> > >>>>>>>>
member. >>>>>>>>>> >> >>>>
>>>>> AD, >>>>>>>>>>>>>>
>>>>>>>>>>>>> >>
>>>>>>>>>> Active Directory 2008r2.
>>>>>> >>>>>>>>: rfc2307
ldap_pwmodify_mode (>>>>>)
>>>>>>>> >>>, >>> >>>>
>>>>>>>>> >>> >>>>>
>>>>>> >>>>>>>>>>>.
> >>>>>>>> >>>>>>
>>>>>>>>>>> >>> >>>>>>:
o exop -- >>>>>>>>> >>> >>
>>>>> >>>>>> (RFC 3062)
o ldap_modify -- >>>>>>>>>>>>
>>>>>>>> >>>> >> userPassword
(>> >>>>>>>>>>>>).
>>>>>>>>>>: >>>>>>>>
>>>> >>>>>>>>>>> >>>>
>'>>>>>>> >>> >>>>>>>>>
>>>>>>>>> >>>>>> >>>>>>
>>>>'>>>>>>>> >> >>>>>>>
>>> >>>>> >>>>>>>>>>>,
>>> >>>>> >>>>>>>> >>>>>
>>>> >>>>> >>>>>>. >>>>
>'>>>>>>> >>>>>>>>
>>>>>>>>>>, >>>> >>>>
>>>>>>>>>>> >>> >>>>>
>>>>>>, >>>> >
>>>>>>>>>>> >>> >>>>
>>>>>> >> >>>>>>
>>>>>>>> userPassword.
>>>>>> >>>>>>>>: exop
ldap_default_bind_dn (>>>>>)
>>>>>> >>>>> >>>>>>
>>>>'>>>>, >>> >>>>
>>>>>>>>>>>>>>> >>>
>>>>>>>>> >>> LDAP.
ldap_default_authtok_type (>>>>>)
>>> >>>>>>>>>>>>> >>>
>>>>>>> >>>>> >>>>>>>
>>>>'>>>>.
> >>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>>>>>
>>>> >>>>>>>>>>:
password
obfuscated_password
>>>>>> >>>>>>>>: password
>>> >>>>>>>>> >>>>>>,
>>>>>>>>>>> >>
>>>>>>>>> >>>>>>>>>>
>>>> sss_obfuscate(8).
ldap_default_authtok (>>>>>)
>>>>>>> >>>>>>>>>>>>>
>>>>>>> >>>>> >>>>>>>
>>>>'>>>>.
ldap_force_upper_case_realm (>>>>>>
>>>>>>>>)
>>>>> > >>>>>>>>
>>>>>>>>>, >>>>>>>>> Active
Directory, >>>>>> >>>>>>>>
>>>>>>> >>>>>>> >>>>>> UPN
>>>> >>>>>> >>>>>>>>
(>>>>>>>> >>>>>>>>
>>>>>>>>), >> >>>>
>>>>>>>>> >> >>>>>>>>
>>>>>> >>>>>>>>>>>>>.
>>>>>>>>>> >>>>>>>>>
>>>>>>>> >>>>>
>>>>>>>>>, >>>> >>
>>>>>>> >>>>>>>>>>>>>>>
>>>>> >>>>>>> >
>>>>>>>>> >>>>>>>>.
>>>>>> >>>>>>>>: false
ldap_enumeration_refresh_timeout (>>>> >>>>>)
>>>>>>>> >>>>>>>>>
>>>>>>, >>>>>>>> >>>> SSSD
>>> >>>>>>>>> >>
>>>>>>>>> >>>>> >>>>
>>>>>>>>>>> >>>>>>>.
>>> >>>>>>>> >>>>> >>>>
>>>> >>>>>>>>>>> >>>
>>>>>>>> >>>>>>>>> >>>
>>>>>>>>>>> >>
>>>>>>>>> subdomain_inherit.
>>>>>> >>>>>>>>: 300
ldap_purge_cache_timeout (>>>> >>>>>)
>>>>>>>> >>>>>>>
>>>>>>> > >>>>
>>>>>>>>>> >>>>>>>
(>>>>>>> >>>> >>>
>>>>>>>>> >>
>>>>>>>>>>>>, >>> >>>>>>
>> >>>>>>> >> >>>>>>>) >>
>>>>>>>>> >>> >>>>>>> >
>>>>> >>>>>>>> >>>>>.
>>>>>>>>>>>> >>>>>>>>>
>>>>>>>> >>>>>
>>>>>>>>> >>>>>>> >>> >
>>>>>>>> >>>>. >>>>
>>>>>, >>>>>>>>, >> >>>>
>>>>>>>>> >>>>>>>>>, >>>
> >>>>>>>> > >>>>>>>>>> >
>>>>> >>>>>>>>> >>>>>>>,
>>>>>>>>> >> >>>>>>>, >>
>> >>>>> >>>>>>>>.
>>>>>>, >>> > >>>>>>>>,
>>>> >>>>>>>>>
>>>>>>>>>, >>>>>>>>>>>
>>>>> 3 >>>>>>.
>>> >>>>>>>> >>>>> >>>>
>>>> >>>>>>>>>>> >>>
>>>>>>>> >>>>>>>>> >>>
>>>>>>>>>>> >>
>>>>>>>>> subdomain_inherit.
>>>>>> >>>>>>>>: 0
(>>>>>>>>)
ldap_group_nesting_level (>>>> >>>>>)
>>>> ldap_schema >>>>>>>>>>> >
>>>>>>>> >>>>>>> >>>>>, >
>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>
>>>> (>>>>>>>>> RFC2307bis), >>>
>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>
>>>>>>>>>>>, >>>
>>>>>>>>>>>>>>> SSSD.
>>>>>>>> >>>>>
>>>>>>>>> >>>>
>>>>>>>>>>>>>, >>>>
>>>>>>>>>>> >>>>> RFC2307.
>>>>>>>>>>: >> >>>>>>>>>
>>>>> >>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>> >>>
>>>>>>> >>> >>>
>>>>->>>>> >>>>>>. >>>>,
>>>> >>>> >>>>>>>>> >
>>>>> >> >>>>>>> >>>>>>
>>>>>>>>>>>, >>>> >>> >>>
>>>>>>>>>> >>>>>>>
>>>>>>>>>>> >>>>>>>
>>>>> >>>>>>
>>>>>>>>>>>. >>>> >>>>,
>>>>>>>>>> >>>>>> >>>>>
>>>> >>>>>> >>>>>>>>>
>>>>> >>>>>>>>>>>
>>>>>>>>>>> >>>>>>, >>>>
>>>>>> >>>> >>>>>>
>>>>>>>>> >>>>>>>>.
>>>> >>>>>>>>> ldap_group_nesting_level
> 0, >>>>>>>> >>>>>
>>>>>>> >>
>>>>>>>>>>>>>>>. >>>>,
>>>> >'>>>>>>>
>>>>>>>>>>> > Active-Directory Server 2008
>> >>>>>>>> >>>>>>>> >
>>>>>>>>>>>>> "id_provider=ad",
>>>> >>>>> >>>>>>>>
>>>>>>>>>>>> >>>>
>>>>>>>>>>>>> >>>>>>>
(Token-Groups) >>>>>>>>>>>>> >>>
>>>>>>>>> ldap_use_tokengroups
>>>>>>>> false > >>>>>
>>>>>>>>> >>>>>>>>>>> >
>>>>>>.
>>>>>> >>>>>>>>: 2
ldap_use_tokengroups
>> >>>>>>>>> >>>>>
>>>>>>>>> >>>>>
>>>>>>>>> >>> >>>>>>>>
>>>>>>>>>>>> >>>>>>>>
Token-Groups >>> >>> >>>>>>>>>
initgroup >>> >>>>>>>>>>>> Active
Directory Server 2008 >> >>>>>>>
>>>>>>.
>>> >>>>>>>> >>>>> >>>>
>>>> >>>>>>>>>>> >>>
>>>>>>>> >>>>>>>>> >>>
>>>>>>>>>>> >>
>>>>>>>>> subdomain_inherit.
>>>>>> >>>>>>>>: True >>> AD >
IPA, >>>>>> False.
ldap_host_search_base (>>>>>)
>>>>>>'>>>>>>>.
>>>>>>>>>>> >>>>>>>>
>>>>> >> >>>>>> >>>>>>
>>'>>>>> >>>>>>.
>>>>>>>>>>> > >>>>>>>>
>>>> <>, >>>
>>>>>>>>> >>>>>> >>>
>>>>>>>>>>>> >>>>>>>>>
>>>>> >>>>>>.
>>>>>> >>>>>>>>:
>>>>>>>> ldap_search_base
ldap_service_search_base (>>>>>)
>>>>>>>>>> >>>>>>>> DN,
>>>>>>> >>>>>> > >>>>>>
LDAP >>> >>>>>>>>> >>>>>>>
LDAP >>> >>>>> >>>>>>>>>.
>>>>>>>>>:
search_base[?scope?[filter][?search_base?scope?[filter]]*]
>>>>>>>>>> >>>> >>>>
>>>> >> >>>>>>>, <>
(>>>>>>), <> (>>>>>>>
>>>>>>) >>> <>
(>>>>>>>>>). >>>>>>>>>>>
>>>> >>>>>>>>>>
>>>>>>>> > >>>>>>> 4.5.1.2
>>>>>>>>> http://tools.ietf.org/html/rfc4511
>>>>>>>> >>> >>>>
>>>>>>>>> >>>>>
>>>>>>>>>>>> LDAP,
>>>>>>>>>> >>
>>>>>>>>>>>>
http://www.ietf.org/rfc/rfc2254.txt
>>>>>>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>>>>>>>>>> >>>>>
>>>>>> > >>>>>>>
>>>>>>>>> <>.
>>>>>> >>>>>>>>:
>>>>>>>> ldap_search_base
>>>> >>>>>, >>>>>>>>, >>
>>>>>>>>> >>>>>>>>>>
>>>>>>> >>> >>>>>>> >>>
>>>>>>> >> >>>>>>> Active Directory
>> >>>>>>>>>>>. >> >>>>
>>>>>>>>> >> >>>>>>>>>
>>>>>>> >>>>>>>>>
>>>>>>>>>>> > >>>>>>>>>
>>>>>>> > >>>>
>>>>>>>>>> >>>>>>>>>
>>>>>>>>> (Range Retrieval).
ldap_iphost_search_base (>>>>>)
>>>>>>>>>> >>>>>>>> DN,
>>>>>>> >>>>>> > >>>>>>
LDAP >>> >>>>>>>>> >>>>>>>
LDAP >>> >>>>> >>>>>>>>>.
>>>>>>>>>:
search_base[?scope?[filter][?search_base?scope?[filter]]*]
>>>>>>>>>> >>>> >>>>
>>>> >> >>>>>>>, <>
(>>>>>>), <> (>>>>>>>
>>>>>>) >>> <>
(>>>>>>>>>). >>>>>>>>>>>
>>>> >>>>>>>>>>
>>>>>>>> > >>>>>>> 4.5.1.2
>>>>>>>>> http://tools.ietf.org/html/rfc4511
>>>>>>>> >>> >>>>
>>>>>>>>> >>>>>
>>>>>>>>>>>> LDAP,
>>>>>>>>>> >>
>>>>>>>>>>>>
http://www.ietf.org/rfc/rfc2254.txt
>>>>>>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>>>>>>>>>> >>>>>
>>>>>> > >>>>>>>
>>>>>>>>> <>.
>>>>>> >>>>>>>>:
>>>>>>>> ldap_search_base
>>>> >>>>>, >>>>>>>>, >>
>>>>>>>>> >>>>>>>>>>
>>>>>>> >>> >>>>>>> >>>
>>>>>>> >> >>>>>>> Active Directory
>> >>>>>>>>>>>. >> >>>>
>>>>>>>>> >> >>>>>>>>>
>>>>>>> >>>>>>>>>
>>>>>>>>>>> > >>>>>>>>>
>>>>>>> > >>>>
>>>>>>>>>> >>>>>>>>>
>>>>>>>>> (Range Retrieval).
ldap_ipnetwork_search_base (>>>>>)
>>>>>>>>>> >>>>>>>> DN,
>>>>>>> >>>>>> > >>>>>>
LDAP >>> >>>>>>>>> >>>>>>>
LDAP >>> >>>>> >>>>>>>>>.
>>>>>>>>>:
search_base[?scope?[filter][?search_base?scope?[filter]]*]
>>>>>>>>>> >>>> >>>>
>>>> >> >>>>>>>, <>
(>>>>>>), <> (>>>>>>>
>>>>>>) >>> <>
(>>>>>>>>>). >>>>>>>>>>>
>>>> >>>>>>>>>>
>>>>>>>> > >>>>>>> 4.5.1.2
>>>>>>>>> http://tools.ietf.org/html/rfc4511
>>>>>>>> >>> >>>>
>>>>>>>>> >>>>>
>>>>>>>>>>>> LDAP,
>>>>>>>>>> >>
>>>>>>>>>>>>
http://www.ietf.org/rfc/rfc2254.txt
>>>>>>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>>>>>>>>>> >>>>>
>>>>>> > >>>>>>>
>>>>>>>>> <>.
>>>>>> >>>>>>>>:
>>>>>>>> ldap_search_base
>>>> >>>>>, >>>>>>>>, >>
>>>>>>>>> >>>>>>>>>>
>>>>>>> >>> >>>>>>> >>>
>>>>>>> >> >>>>>>> Active Directory
>> >>>>>>>>>>>. >> >>>>
>>>>>>>>> >> >>>>>>>>>
>>>>>>> >>>>>>>>>
>>>>>>>>>>> > >>>>>>>>>
>>>>>>> > >>>>
>>>>>>>>>> >>>>>>>>>
>>>>>>>>> (Range Retrieval).
ldap_search_timeout (>>>> >>>>>)
>>>>>>>> >>> >>>>>>>>>>
>> >>>> (> >>>>>>>>) >>>
>>>>>>>>> >>>>>>> ldap,
>>>> >>> >>>>> >>>>
>>>>>>>>> > >>>>>>>>>>>
>>>>>>>>> >>>>> (>
>>>>>>>>> >>
>>>>>>>>>>> >>>>>>
>>>>>>)
>>>>>>>>>>: >>>>>> >>>>>
>>>>>>>>> >>>> >>>>>>> >
>>>>>>>>> >>>>>>> SSSD.
>>>>>>>>, >>>> >>>>
>>>>>> >>>>>>>> >>
>>>>>>>>>>>>> >>>>>
>>>>>>>>>> >>> >>>>>>>
>>>>> >>>>>>>.
>>> >>>>>>>> >>>>> >>>>
>>>> >>>>>>>>>>> >>>
>>>>>>>> >>>>>>>>> >>>
>>>>>>>>>>> >>
>>>>>>>>> subdomain_inherit.
>>>>>> >>>>>>>>: 6
ldap_enumeration_search_timeout (>>>> >>>>>)
>>>>>>>> >>> >>>>>>>>>>
>> >>>> (> >>>>>>>>) >>>
>>>>>>>>> >>>>>>>
>>>>>>> >>>>>>>>>>>> >>
>>>> > ldap, >>>> >>> >>>>>
>>>> >>>>>>>>> >
>>>>>>>>>>> >>>>>>>>>
>>>>> (> >>>>>>>>> >>
>>>>>>>>>>> >>>>>>
>>>>>>)
>>> >>>>>>>> >>>>> >>>>
>>>> >>>>>>>>>>> >>>
>>>>>>>> >>>>>>>>> >>>
>>>>>>>>>>> >>
>>>>>>>>> subdomain_inherit.
>>>>>> >>>>>>>>: 60
ldap_network_timeout (>>>> >>>>>)
>>>>>>>> >>> >>>>>>>>>>
(> >>>>>>>>), >>>>>
>>>>>>>>>> >>>>> poll(2)/select(2)
> >>>>>>>>> connect(2)
>>>>>>>>>>>> >> >>>>>
>>>>>>>>>>>>>.
>>> >>>>>>>> >>>>> >>>>
>>>> >>>>>>>>>>> >>>
>>>>>>>> >>>>>>>>> >>>
>>>>>>>>>>> >>
>>>>>>>>> subdomain_inherit.
>>>>>> >>>>>>>>: 6
ldap_opt_timeout (>>>> >>>>>)
>>>>>>>> >>> >>>>>>>>>>
(> >>>>>>>>), >>>>>
>>>>>>>>>> >>>>>
>>>>>>> >> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>
LDAP >>>> >>>>>>>>>, >>>> >>
>>>> >>>>>>>> >>>>>>>>>.
>>>>> >>>>> >>>>>
>>>>>>>>>> >>> >>>
>>>>>> >>>>>> > KDC >
>>>>>>> >>>>'>>>> SASL,
>>>>> >>>>>>>>>> >> >>> >
>>>>'>>>>>>>> LDAP,
>>>>>>>>>> >>>>>>>> >>
>>>>> >>>>>> >> >>> StartTLS.
>>> >>>>>>>> >>>>> >>>>
>>>> >>>>>>>>>>> >>>
>>>>>>>> >>>>>>>>> >>>
>>>>>>>>>>> >>
>>>>>>>>> subdomain_inherit.
>>>>>> >>>>>>>>: 8
ldap_connection_expire_timeout (>>>> >>>>>>>>)
>>>>>>>> >>> >>>>>>>>>>
(> >>>>>>>>), >>>>>>>>
>>>>>
>>>>>>>>>>>>>>>>>>
>'>>>>>>> > >>>>>>>> LDAP. >>
>>>>>>>>>> >>>>> >>>>
>>>> >>>>>>>> >>>>>>
>>>>>>>> >>>>>>>>>>
>'>>>>>>>. > >>>>
>>>>>>>>>>>> >>>>>>>>>>
>> SASL/GSSAPI >>>> >>>>>>>>>>>
>>>>> >> >>>>> >>>>>>>>
(>> >>>>>>>> >>> >>>>>>>>
>>>>>> >>> TGT).
>>>> >'>>>>>>> >
>>>>>>>>>>> (>>>>> >>> >
>>>>> >> >>>>>>>>>>>
>>>>>>>) >>>>>>>> ldap_opt_timeout
>>>>>> >>>>>>>>>>
>>>>>> >>>, >>>> >>>>
>>>>>>>>>> >>>>>>>>>,
>>> >>>>> >>>>> >> >>>
>>>>>>>>>>>, >>>
>'>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>
>>>>>>>>>> >>>> >>>>>>
>>>. >>>>>>> >>>>>, >>
>>>>>>>, >> >'>>>>>>>
>>>>>> >>>>>>>>>>>>>>>
>>>>>>> > >>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>, >>>>
ldap_connection_expire_timeout <= ldap_opt_timout
>>> >>> >>>>>>>>>> >>>>
>>>> >>>>>>>>>
>>>>>>>>>> >>>>>>>>>,
>>> >>>>>>> >>>>>>>>>>
ldap_connection_expire_offset
>>> >>>>>>>> >>>>> >>>>
>>>> >>>>>>>>>>> >>>
>>>>>>>> >>>>>>>>> >>>
>>>>>>>>>>> >>
>>>>>>>>> subdomain_inherit.
>>>>>> >>>>>>>>: 900 (15
>>>>>>)
ldap_connection_expire_offset (>>>> >>>>>)
>>>>>>>>>> >>>> >>> 0 >>
>>>>>>>>>>>>> >>>>>>>>,
>>>> >>>> >>>>>> >>
ldap_connection_expire_timeout.
>>> >>>>>>>> >>>>> >>>>
>>>> >>>>>>>>>>> >>>
>>>>>>>> >>>>>>>>> >>>
>>>>>>>>>>> >>
>>>>>>>>> subdomain_inherit.
>>>>>> >>>>>>>>: 0
ldap_connection_idle_timeout (>>>> >>>>>>>>)
>>>>>>>> >>> >>>>>>>>>>
(> >>>>>>>>), >>>>>>>>
>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>> >'>>>>>>> >
>>>>>>>> LDAP. >>>>
>'>>>>>>> >>>>>>>>>>>>
>>>>>>>>>>> >>>>> >>>
>>>, >'>>>>>>> >>>>
>>>>>>>>>.
>> >>>>>> >>>>>>>> >>>
>>> >>>>>>>>>>,
>>>>>>>>>>> >>>>>>>> 0.
>>> >>>>>>>> >>>>> >>>>
>>>> >>>>>>>>>>> >>>
>>>>>>>> >>>>>>>>> >>>
>>>>>>>>>>> >>
>>>>>>>>> subdomain_inherit.
>>>>>> >>>>>>>>: 900 (15
>>>>>>)
ldap_page_size (>>>> >>>>>)
>>>>>>>>> >>>>>>>>>
>>>>>>>, >>> >>>>
>>>>>>>> > LDAP > >>>>>>>>>
>> >>>> >>>>>. >> >>>>>>
>>>>>>>> LDAP >>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>> >> >>>> >>>>>.
>>>>>> >>>>>>>>: 1000
ldap_disable_paging (>>>>>> >>>>>>>>)
>>>>>>> >>>>>>>>
>>>>>>>> LDAP. >>>
>>>>>>>>>> >>>>
>>>>>>>>>>>>, >>>>
>>>>>> LDAP >>>>>>>>>> >>>
>>>>>>>>> >>>>>>>>
>>>>>>>> LDAP > >>>>>> RootDSE,
>>> >> >>>>>>>>> >>
>>>>>>>>> >>> >>>> >>
>>>>>> >>>>>>>> >>>>>.
>>>>>>>: >>>>>>> OpenLDAP >
>>>>>>> >>>>>>>>
>>>>>>>>, >>>>>>>>>>>>
>> >>>>>>>, >>> >>
>>>>>>>>>>,
>>>>>>>>>>>> >>>
>>>>>>>>> > RootDSE, >>> >>>>
>>>>>>>>>> >> >>>>>
>>>>>>>>>>>>.
>>>>>>>: 389 DS >>> >>>>,
>>>'>>>>> > >>>, >> >>>>>>
>>>>>>>>>>>> >>>> >>>>
>>>>>> >>>>>>>>
>>>>>>>> >>> >>>>>>
>'>>>>>>>. > >>>>
>>>>>>>> >>>>>>>>>>>>
>> >>>> >>>>>>>>> >>
>>>>>>> > >>>>>>>>>
>>>>>>>.
>>>>>> >>>>>>>>: False
ldap_disable_range_retrieval (>>>>>>
>>>>>>>>)
>>>>>>>> >>>>>>>>>
>>>>>>>>> Active Directory.
> Active Directory >> >>>>>>>>>
>>>>>>> MaxValRange (>>>>>>
>>>>>>>> 1500 >>>>>>>)
>>>>>>>>>>> >>>>>>>>>
>>>>>>>, >>> >>>> >>>>
>>>>>>>> >>> >>> >>>>>>.
>>>> > >>>>>> >>>>>
>>>>>>>>> >>>>>>
>>>>>>> >>>>>>>>>, >>
>>>>>>>>> >>>> >>>>>>>>
>>>>>>>>>> >>> AD
>>>>>>>>>> >>>>>>>>>. >>
>>>>>>>>> >>>>>
>>>>>>>>> >>>>>
>>>>>>>> >>>>>>>
>>>>>>>>>> >>>>>>>>>,
>>>> >>>>>> >>>>> >>>>
>>>>>>>>>>>> >> >>>>, >
>>>> >>>>> >>>>>>>>>.
>>>>>> >>>>>>>>: False
ldap_sasl_minssf (>>>> >>>>>>>>)
>>> >>> >>>>>> >>>>>> >
>>>>>>>> LDAP >> >>>>>>>>>
SASL >>>>>>>> >>>>>>>>>>>
>>>>>> >>>>>>>,
>>>>>>>>> >>>
>>>>>>>>>>>> >'>>>>>>>.
>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>
OpenLDAP.
>>>>>> >>>>>>>>: >>>>>>
>>> >>>>>>> >>>>>>>>
(>>>>>>>>, >>>>>>>>>>>> >
ldap.conf)
ldap_sasl_maxssf (>>>> >>>>>)
>>> >>> >>>>>> >>>>>> >
>>>>>>>> LDAP >> >>>>>>>>>
SASL >>>>>>>> >>>>>>>>>>>>
>>>>>> >>>>>>>,
>>>>>>>>> >>>
>>>>>>>>>>>> >'>>>>>>>.
>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>
OpenLDAP.
>>>>>> >>>>>>>>: >>>>>>
>>> >>>>>>> >>>>>>>>
(>>>>>>>>, >>>>>>>>>>>> >
ldap.conf)
ldap_deref_threshold (>>>> >>>>>)
>>>>>> >>>>>>>>>
>>>>>>>>> >>>>>, >>>>>>>
>>>> >>> >> >>>>>>>>> >
>>>>>>>>>>> >>>> >>>
>>>>>>> >>>>>>>>>>
>>>>>> > >>>>>>>>>>>>>>.
>>>> >>>>>>>>>> >>>>>>>
>>>> >>>>> >> >>>>>>>
>>>>>>>>>, >>>>> >>> >>>
>>>>>>>>>>>>>>>>
>>>>>>.
>> >>>>>> >>>>>>>>
>>>>>>>> >>>>>> >>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> >>>>>>>> 0.
>>>> >>>>>, >>>>>>>>, >> >
>>>> SSSD, >>>>>>> >>>>>>
>>>>>>> >>>>> HBAC IPA, >
>>>>>>>>>>, >>>
>>>>>>>>>>> >>>> >
>>>>>>>>>>>>> >>>>>>>>
>>>> >>>>>>>>>>>>>, >>>>
>>>>>> >>>> >>>>>>>>>
>>>>>>>>>>>> >>
>>>>>>>> >> >>>>>>>>>
>>>>>>>>>>>> > >>>
>>>>>>>> >>>>, >>>> >>
>>>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>
> >>>>>>>>> >>>
>>>>>>>>>
>>>>>>>>>>>>>>> >
>>'>>>> rootDSE.
>>>>> > >>>>>>>>>>>>>> --
>> >>>>>>>>> >>>>
>>>>>>> >>>>>>>>> >>>>>
>> >>>>> >>>>>>>> LDAP. >
>>>>>> >>>>>>>> LDAP >>>>
>>>> >>>>>>>>>>> >>>>>
>>>>>>> >>>>>>>>>>>>>. >
>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>>>>>
>>>>>>>> 389/RHDS, OpenLDAP >> Active
Directory.
>>>>>>>>>>: >>>> > >>>>>
> >>>>> >>>>>>
>>>>>>>>>>>> >>>>>>
>>>>>>, >>>>>>>>>>
>>>>>>>>> >>>>>>>>
>>>>>>>>>>>>> >>>>
>>>>>>>>, >>>>>>>>> >>>
>>>>>>>>>>>> >>>>>
>>>>>>>>>.
>>>>>> >>>>>>>>: 10
ldap_ignore_unreadable_references (>>>>>>
>>>>>>>>)
>>>>>>>>>> >>>>>>>>>>
>> >>>>>>> >>>>>> LDAP, >>
>>> >>>>>>>>>>> >>>>>>>
>>>>>>>> >>>>>. >>>> >>>
>>>>> >>>>>>>>>
>>>>>>>>>>> >>>>>>>>
<>, >>>> >>>>>>>>>
>>>>>>>>>>>> >>>
>>>>>>>, > >>>
>>>>>>>>>>> >>>>>>>>,
>>>>>>> >>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> >> >>>>>>>
>>>>>>.
>>> >>>>>>>> >>>> >>>>
>>>>>>>>, >>>>
>>>>>>>>>>> >>>>>>>
>>>>> AD, > >>>>>>>>> >>>>>
>>>>'>>>>>, >>>> sssd
>>>>>>>>>>>> >>>
>>>>>>>>>>>> >'>>>>>>>
>> AD, >> >>> >>>>>>> >>
>>>>>>> >>>>>> >>>
>>>>>>>>> LDAP > >>>>>>>>>
>>>>>>>.
>>>>>> >>>>>>>>: False
ldap_tls_reqcert (>>>>>)
>>>>>>>> >>>>>>>
>>>>>>>>>, >>> >>>>
>>>>>>>> >>>
>>>>>>>>>>>> >>>>>>>> >
>>>>>> TLS, >>>> >>>>
>>>>>>>>> >>>>
>>>>>>>>>>. >>>> >>>>
>>>>>>>>> >>>> > >>>>>
>>>>>>>:
never = >>>>>> >> >>>>>>>>>>>
>>>>>> > >> >>>>>>>>>>>>
>>>>>> >>>>>>>>>>>>
>>>>>>>.
allow = >>>>>>>>> >>>>> >>>>
>>>>>>>>>>> >>>>>>>.
>>>> >>>>>>>>>> >> >>>>
>>>>>>, >>>>>>>>>> >>>>>
> >>>>>>>>>> >>>>>>. >>>>
>>>> >>>>>> >>>>>>>>>>
>>>>>>>>>>, >>>>>>>>>> >
>>>>>>>>>> >>>>> >
>>>>>>>>>> >>>>>>.
try = >>>>>>>>> >>>>> >>>>
>>>>>>>>>>> >>>>>>>.
>>>> >>>>>>>>>> >> >>>>
>>>>>>, >>>>>>>>>> >>>>>
> >>>>>>>>>> >>>>>>. >>>>
>>>> >>>>>> >>>>>>>>>>
>>>>>>>>>>, >>>>>>>
>>>>>>>>> >>>>>.
demand = >>>>>>>>> >>>>> >>>>
>>>>>>>>>>> >>>>>>>.
>>>> >>>>>>>>>> >> >>>>
>>>>>> >>> >>>> >>>>>>
>>>>>>>>>> >>>>>>>>>>,
>>>>>>> >>>>>>>>> >>>>>.
hard = >> >>>>, >> > "demand"
>>>>>> >>>>>>>>: hard
ldap_tls_cacert (>>>>>)
>>>>>>>> >>>>, >>>>
>>>>>>> >>>>>>>>>>> >>>
>>>> >>>>> >>>>>>>>>>>>,
>>> >>>>>>>>>>>>> sssd.
>>>>>> >>>>>>>>:
>>>>>>>>>>>>>>> >>>>>>
>>>>>>>>> OpenLDAP, >>
>>>>>>>>>>>> > /etc/openldap/ldap.conf
ldap_tls_cacertdir (>>>>>)
>>>>>>>> >>>> >>
>>>>>>>>, >> > >>>>>>>
>>>>>> >>>>>>>>>
>>>>>>>>>>> >>>>>
>>>>>>>>>>>> (CA). >>>>>>>>
>>>>>>> >>>>>> > >>>>
>>>>>>>>>>>> >
>>>>>>>>>> <<.0>>. >>>
>>>>>>>>> >>>>>>>>>>>
>>>> >>>>> >>>>>>>>>>>>
cacertdir_rehash, >>>> >> >>>>>>>> >
>>>>>>>>>.
>>>>>> >>>>>>>>:
>>>>>>>>>>>>>>> >>>>>>
>>>>>>>>> OpenLDAP, >>
>>>>>>>>>>>> > /etc/openldap/ldap.conf
ldap_tls_cert (>>>>>)
>>>>>>>> >>>>, >>>>
>>>>>>> >>>>>>>>>> >>>
>>>>> >>>>>>>.
>>>>>> >>>>>>>>: not set
ldap_tls_key (>>>>>)
>>>>>>>> >>>>, > >>>>>
>>>>>>>>> >>>> >>>>>>>.
>>>>>> >>>>>>>>: not set
ldap_tls_cipher_suite (>>>>>)
>>>>>>>> >>>>>>>>>
>>>>>>>>> >>>>>>> >>>
>>>>>>>>>>. >>>>>> >
>>>>>>>> >>>>>> >>>>
>>>>>>>>>>>>>> >>>>>>. >
>>>>>>>> >>>>>
>>>>>>>>>>>> >>
>>>>>>>> >>>>>>>>> >>
ldap.conf(5).
>>>>>> >>>>>>>>:
>>>>>>>>>>>>>>> >>>>>>
>>>>>>>>> OpenLDAP, >>
>>>>>>>>>>>> > /etc/openldap/ldap.conf
ldap_id_use_start_tls (>>>>>> >>>>>>>>)
Specifies that the id_provider connection must also use tls to
protect the channel. true is strongly recommended for security
reasons.
>>>>>> >>>>>>>>: false
ldap_id_mapping (>>>>>> >>>>>>>>)
>>>>>>>>, >> SSSD >>>
>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>> > >>>>> >>
>>>>>> >>>>>>>>> ldap_user_objectsid
>> ldap_group_objectsid, >>>>>>>
>>>>>>>>> ldap_user_uid_number >>
ldap_group_gid_number.
> >>>>>>>> >>>>>> > >>>
>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>> >>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> objectSID >
ActiveDirectory.
>>>>>> >>>>>>>>: false
ldap_min_id, ldap_max_id (>>>> >>>>>)
>> >>>>>>> >>>
>>>>'>>>>>>>>
>>>>>>>>>>>>>>> >>
>>>>>> SID, >>>
>>>>>>>>>>>>>>>>, >>>>
>>>>>>>> ldap_id_mapping >>>
>>>>>>>> true, >>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>>>> >>>
ldap_user_uid_number > ldap_group_gid_number >
>>>>>>>>>>>. >
>>>>>>>>>>>>> >
>>>>>>>>>>> >>
>>>>>>>>>> >>>>>>>> >>
>>>> >>>>>>>>> >>
>>>>>>>>>>
>>>>>>>>>>>>>>>. >>>
>>>>>>>> >>>>>>>>>>,
>>>>> >>>>>>>>>>
>>>>>>>> ldap_min_id > ldap_max_id >>>
>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>>>>>>, >>>
>>>> >>>>>>>>>
>>>>>>>>>>>>> > >>>>>>>.
>>>>> >>>>> >>>>>>>>>
>>>>>> >>>>>>>> >>>>
>>>>>>>>> >>>
>>>>'>>>>>>>>
>>>>>>>>>>>>>>>.
>>>>>> >>>>>>>>: >>
>>>>>>>>>>> (>>>>>>
>>>>>>>>> >>>>>>>>>>> >
>>>>>>>> 0)
ldap_sasl_mech (>>>>>)
>>>>>>>> >>>>>>>> SASL,
>>>> >>>>
>>>>>>>>>>>>>>>. >
>>>>>>>> >>>>>>
>>>>>>>>>> >
>>>>>>>>>>> >>>>>>>>>
>>>> >>>>>>>>>> GSSAPI >>
GSS-SPNEGO.
>>>> > >>>>>> >>>>>>>
>>>>>>>>>>> >>>>>>>>>
>>>>>>>>>>, >>>>>>>> >>>
>>>>>>>>>> ldap_sasl_mech >>>>
>>>>>>>>>>> >>>>>>>>>>>
>>> >>>>>>. >>>> >>>
>>>>>>> >>>>>>>>>
>>>>>>>> >>>> >>>>>>>>,
>>>> >>>>> >>>>>>>>>>>>
>>>>>>>>>>>>> ldap_sasl_mech >>>
>>>>> >>>>>>>>> >>>>>>.
>>>>>>>>>>> >>>> >>>>>
>>>>>> > >>>>>>> >>>>
>>>>>>>>> >>>>>>> >
>>>>>>>>>> > sssd.conf(5).
>>>>>> >>>>>>>>: not set
ldap_sasl_authid (>>>>>)
>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>>>>>> SASL, >>>>
>>>> >>>>>>>>>>>>. >>>>
>>>>>>>>>>>>>>>> GSSAPI/GSS-SPNEGO,
>>> >>>>>>>>>>>>>>> >
>>>>>>>>>>>> >>>> Kerberos,
>>> >>>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>> >>>
>>>>>>> >> >>>>>>>>. >>>
>>>>>>>> >>>> >>>>>>>
>>> >>>>> >>>>>>>>>>>>
>>>> (>>>>>>>>> host/myhost@EXAMPLE.COM)
>>> >>>>>> >>>>>
>>>>>>>>>>>>>> >>>>>>
(>>>>>>>>> host/myhost). >>>>>>,
>>>>>>>> >> >>>>>>>>>>>
> >>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>> >>>>>>:
hostname@REALM
netbiosname$@REALM
host/hostname@REALM
*$@REALM
host/*@REALM
host/*
>>>> >>>>> > >>> >> >>>>
>>>>>>>>, >>>> >>>>>>>>>
>>>>>> >>>>>>>>>>>>>
>>>>> > >>>>>>> >>>>>>.
>>>>>> >>>>>>>>:
>>>>>/>>>>>_>>>>>@>>>>>>>
ldap_sasl_realm (>>>>>)
>>>>>>>> >>>>>>> SASL, >>>
>>>> >>>>>>>>>>>>>>>.
>>>> >> >>>>>>> >>>>>>>>,
>>>>>>> >>>>>>>>> >>>>>
>>>>>>>>> > >>>>>>>>
krb5_realm. >>>> ldap_sasl_authid >>>>>
>>>>>>> >>>>> >>>>>>>,
>>> >>>>>>>> >>>>
>>>>>>>>>>>>>.
>>>>>> >>>>>>>>:
>>>>>>>> krb5_realm.
ldap_sasl_canonicalize (>>>>>> >>>>>>>>)
>>>> >>>>>>>>>>>
>>>>>>>> true (1), >>>>>>>>>>
LDAP >>>>>>>>>> >>>>>>>>>
>>>>> > >>>>>
>>>>>>>>>>> >>>> >>>>>>
> >>>>>>>>> >>>>> >>> >>>
>>>>'>>>> >> SASL.
>>>>>> >>>>>>>>: false;
ldap_krb5_keytab (>>>>>)
>>>>>>>> >>>>>>> >>>>>>,
>>> >>>>
>>>>>>>>>>>>>>> >>>>> >
SASL/GSSAPI/GSS-SPNEGO.
>>> >>>>>>>> >>>>> >>>>
>>>> >>>>>>>>>>> >>>
>>>>>>>> >>>>>>>>> >>>
>>>>>>>>>>> >>
>>>>>>>>> subdomain_inherit.
>>>>>> >>>>>>>>:
>>>>>>>> >>>>>>> >>>>>>,
>>>>>>>> /etc/krb5.keytab
ldap_krb5_init_creds (>>>>>> >>>>>>>>)
>>>>>>>>, >> id_provider >>>
>>>>>>>>>>>>>>
>>>>>>>>>>>> >>>> Kerberos (TGT).
>> >>> >>>> >>>>>>>>,
>>>> >>>>
>>>>>>>>>>>>>>>> SASL >
>>>>>>> >>>>>>>> GSSAPI >>>
GSS-SPNEGO.
>>>>>> >>>>>>>>: true
ldap_krb5_ticket_lifetime (>>>> >>>>>)
>>>>>>>> >>>>> >>> (>
>>>>>>>>) TGT, >>>>
>>>>>>>>>>>>>>>> GSSAPI >>>
GSS-SPNEGO.
>>> >>>>>>>> >>>>> >>>>
>>>> >>>>>>>>>>> >>>
>>>>>>>> >>>>>>>>> >>>
>>>>>>>>>>> >>
>>>>>>>>> subdomain_inherit.
>>>>>> >>>>>>>>: 86400 (24
>>>>>>)
krb5_server, krb5_backup_server (>>>>>)
>>>>>>>> >>>>>> IP->>>>>
>>> >>>> >>>>>>,
>>>>>>>>>>>>> >>>>>>,
>>>>>>>> Kerberos, > >>>>> SSSD
>>> >>>>>>>>>>>>>
>'>>>>>>>. >>>>>> >>>
>>>> >>>>>>>>>>>> >>
>>>>>>>>>>>. >>>>>>>>>>
>>> >>>>>>>>>>>> >>
>>>>>>>>> >>>>>>> >>>>>
>>>>>>>>> > >>>>>>>
<<>>>>>>>>. >> >>>>> >>>
>>>> >>>>>> >>>> >>>>
>>>>>> >>>>> >>>>> (>>>>>
>>>>>>> >>>> >>>>>>>
>>>>>>>>>). >>>> >>>>>>>>
>>>>>> >>>>>>> >>>>>>>>,
>>>> >>>>>>>>>
>>>>>>>>> >>>>>.
>>>>>>>>>> >>>
>>>>>>>>> >>>>> >>>>>
>>>>>>>>> > >>>>>>>
<<>>>>> >>>>>>>.
>>> >>> >>>>>>>>>>>>
>>>>>>>>> >>>>> >>>
>>>>>>>> KDC >>> kpasswd SSSD
>>>>>>>> >>>>>>>>>>>
>>>>>> >>>>>> DNS, > >>>>
>>>>>>>>>>>> >>>>>>>> _udp.
>>>>>>>>>>>> >>>>>>>>>
_tcp >>>>>>>>>>>>, >>>>
>>>> >>>>> >>>>>>> >>
>>>>>>>> >>>>>>.
> >>>>>>>>>> >>>>>>>> SSSD
>>> >>>>>>>> >>> >>>>>
<>. > >>>>>>>> >>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>> >>>>
>>>>>>>>>> >>>>>, >>>
>>>>>>>>>>>> >>>>>
>>>>>>> >> >>>>>>>>>>>>
<> > >>>>>>
>>>>>>>>>>>.
krb5_realm (>>>>>)
>>>>>>> >>>>>>> Kerberos (>>>
>>>>>>>>>>>>> >>
SASL/GSSAPI/GSS-SPNEGO).
>>>>>> >>>>>>>>: >>>>>>
>>>>>>>> >>>>>>>, >>>.
/etc/krb5.conf
krb5_canonicalize (>>>>>> >>>>>>>>)
>>>>>>>>, >> >>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> >>>>>
>>>>> > >>>>>>>>> >>>>>
>>> >>> >>>>>>>>>>>>
>'>>>>>>> > >>>>>>>> LDAP. >>
>>>>>>>>>> >>>>>>>>>>>
> >>>>>> MIT Kerberos >= 1.7
>>>>>> >>>>>>>>: false
krb5_use_kdcinfo (>>>>>> >>>>>>>>)
>>>>>>>>, >> >>>> SSSD
>>>>>>>>> >>>>>>>>>>>
Kerberos, >>> >>>>>>> > >>>
>>>>>>>> KDC >>>>
>>>>>>>>>>>>>>>. >>>>>>,
>>> >>>>>>>>> >>>>>>>>>.
>>>> >> >>>>>>>> >>>>,
>>> >>>> >>>>>>>>>>>
>>>>>>>>>> Kerberos >>
>>>>>>>>> >>>>>
>>>>>>>>>>> krb5.conf(5).
>>>. >>>>>>>> >>>>>>>>>>
(man) sssd_krb5_locator_plugin(8), >>>
>>>>>>>>> >>>>>> >>>
>>>>>>> >>>>>>.
>>>>>> >>>>>>>>: true
ldap_pwd_policy (>>>>>)
>>>>>>>> >>>>>> >>>>>>
>>>>>> >>> >>>>>> >> >>>>
>>>>>>>. >>>>>
>>>>>>>>>>>>>>> >>>>
>>>>>>>>:
none -- >> >>>>>>>>>>>>>>>
>>>>>>>>> >> >>>>
>>>>>>>. > >>>>
>>>>>>>>>>>> >>>>>
>>>>>>>> >>>>>>>>> >>
>>>> >>>>>>> >>>>>>>> >>
>>>>.
shadow -- >>>>>>>>>>>>>>>
>>>>>>>> > >>>>> shadow(5) >>>
>>>>>>>>>> >>>>, >>
>>>>>> > >>>>>>.
mit_kerberos -- >>>>>>>>>>>>>>>
>>>>>>>> MIT Kerberos >>>
>>>>>>>>>> >>>>>>>>>>
>>>>>> >>> >>>>>>. > >>>>
>>>>> >>>>>>
>>>>>>>>>>>>> chpass_provider=krb5
>>> >>>>>>>>> >>>
>>>>>>>>>.
>>>>>> >>>>>>>>: none
>>>>>>>>>>: >>>> >>>>>>>
>>>>>>>>>> > >>>>>>>>
>>>>>>>>>>> >> >>>>
>>>>>>>, >> >>>>>>> >>>>>
>>>>>>>>> >>> >>>>>>>>>,
>>>>>>>>>>>>> >>
>>>>>>>>> >>>>>
>>>>>>>>>.
ldap_referrals (>>>>>> >>>>>>>>)
>>>>>>>>, >> >>> >>>>
>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>
>>>>>>.
>>>>>>>>, >> sssd >>>>>>>>>
>>>>>>>>>> >>>>>>>>>,
>>>> >>>> >>>>>>>
>>>>>>> > >>>>>>> OpenLDAP 2.4.13
>>> >>>>>>> >>>>>>>.
>>>>>>> >>
>>>>>>>>>>>>> >>>>
>>>>>>>>> >> >>>>>>>
>>>>> >>>>>>>>> >
>>>>>>>>>>>, >> >>>>
>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>. >>>>>>>>> >>>>>>
>>>>>>>>>> >>>> >>>> Microsoft
Active Directory. >>>> > >>>>>>
>>>>>>>>>> >>>>>>>>>>>
>> > >>>>'>>>>>>>>,
>>>>>>>>>>>> >>> >>>>>
>>>>>>>>> >>>>>>>> <>
>>>> >>>>>> >>>>>>>>>>>
>>>>>>. >>>>,
>>>>>>>>>>>> >>> >>>>>
>>>>>>>>> >>>>>>>> false
>>>>>>>>>>>>> > >>>>>>>,
>>>> >>>>>>> >>>>> LDAP SSSD
>>>>>>>>>>>>>>>> >>>>>
>> >>>>>>> >>>>>>> Microsoft Active
Directory. >>>>>> >>>> SSSD >>>>>
>>>>>>>>>> >>
>>>>>>>>>>> >> >>>>>> AD DC,
>>>>>>>>> >>>>
>>>>>>>>>>
>>>>>>>>>>>>.
>>>>>> >>>>>>>>: true
ldap_dns_service_name (>>>>>)
>>>>>>>> >>>>> >>>>>>,
>>> >>>> >>>>>>>>>>> >
>>>> >>>>>>>>
>>>>>>>>>> >>>>>.
>>>>>> >>>>>>>>: ldap
ldap_chpass_dns_service_name (>>>>>)
>>>>>>>> >>>>> >>>>>>,
>>> >>>> >>>>>>>>>>> >>>
>>>>>> >>>>>>> LDAP, >>>>
>>>>>>>>>> >>>>>
>>>>>>>, > >>>> >>>>>>>>
>>>>>>>>>> >>>>>.
>>>>>> >>>>>>>>: >>
>>>>>>>>>>>, >>>>> >>>>>
>>>>> >>>>>>>>
ldap_chpass_update_last_change (>>>>>>
>>>>>>>>)
>>>>>>>>, >> >>>>
>>>>>>>>>> >>>>>>>
ldap_user_shadow_last_change >>>>>> >>>>
>>>>>>>>> >>>> > >>>>
>>>>>>>>> >>> >> >>>>>
>>>>>>.
>>>>>>>>>>>> >>>>>>>>>>
>>> >>>>>>>> >>>>> >>>>>,
>>>> >>>>>>>>>>> "ldap_pwd_policy =
shadow", >>> >>>> SSSD >>>>>,
>>>>>>>>>>>> LDAP >>>>>>>
shadowLastChange >>>>>>>>>>> >>>>>
>>>>> >>>>>> >> SSSD >>>
>>>>>>> >> >>>>>>.
>>>>>> >>>>>>>>: False
ldap_access_filter (>>>>>)
>>>> >>>>>>>>>>>>>>>>
access_provider = ldap >> ldap_access_order = filter
(>>>>>> >>>>>>>>>), >>>
>>>>>>>> > >>>>'>>>>>>>.
>>> >>>>>> >>>>>>>>
>>>>>>>>>>>> LDAP, >>>> >>>
>>>>>>>>>>>> >>>>>
>>>>>>>>>>> >>> >>>>>>>
>>>>>>> >> >>>>> >>>>>.
>>>> >>>>>>>>> access_provider = ldap
>> ldap_access_order = filter, > >>>
>>>>>>>> >> >>>>>>>>>>>,
>>>>>> >>>> >>>>>>>>>>
>>>> >>>>>>>>>>>>. >>>
>>>>>>> >>>> >>>>>>
>>>>>>>>> >>>>>>>,
>>>>>>>>>>>>>
>>>>>>>>>> access_provider = permit.
>>>> >>>>>, >>>>>>>>, >>
>>> >>>>>>
>>>>>>>>>>>>>>>>>>>
>>>> >> >>>>>>
>>>>>>>>>>> LDAP, >>>>
>>>>>>>>>>>>, >>>>>>>>>
>> >>>>>>>>> >>>>>> >>>>
>> >>>>>>>>> (>>>>>>>>>,
>>>>>>> memberOf >>> >>>>>>> AD
>>>>>> >>>> >>
>>>>>>>>>>>>
>>>>>>>>>>> >>>>>>). >>>>
>>> >>>>>>>>
>>>>>>>>>>>>, >>>>>>>>>
>> >>>>>>>>> >>>>>>, >>>>
>>>>>, >>>>>>>>>>>>>
>>>>>>>>>> sssd-simple(5).
>>>>>>>:
access_provider = ldap
ldap_access_filter = (employeeType=admin)
> >>>>>>>> >>>>>> >>
>>>>> >>>>> >>>>>>>>
>>>>>>>>>>>>>, >>>
>>>>>>> employeeType
>>>>>>>>>>> > >>>>>>>>
<>.
>>>>>>>>> >>>>>>>>> >>>
>>>> >>>>>>>>>>
>>>>>>>> >>>>>>>>>>>
>>>>, >> >>>> >>>>>>
>>>>>>>>>>>>> >>> >>>
>>>>>>>>>>> >>>>>>
>>>>>> >> >>>>>>> >
>>>>>> >>>>> >>>>>>>.
>>>> >>> >>> >>>>>>>>>
>>>>>> >>>>>> >>>> >>>>>
>>>> >>>>>>, >>>>>>>
>>>>>>>>>>>>>> >>>>>>>>
>>>>> >>>>>>> >
>>>>>>>>>>> >>>>>>. >>>>
> >>>>> >>>> >> >>>>
>>>>>>, > >>>>>>>>>>>
>>>>>> >> >>>>> >> >>>>
>>>>>>.
>>>>>> >>>>>>>>:
>>>>>>>> >>>>>
ldap_account_expire_policy (>>>>>)
>> >>>>>>>>> >>>>>
>>>>>>>>> >>>> >>>>
>>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>>
>>>>>>>> >> >>>> >>>>>>>.
>>>> >>>>>, >>>>>>>>, >>
>>>>>> >>>>>
>>>>>>>>>>>>>>>
>>>>>>>>> >>>>>>>> >>
>>>> >>>>>>>, >>>>>
>>>>>> LDAP >>> >>>>>>>>>>
> >>>>>>> >>>>
>>>>'>>>>>>>> >
>>>>>>>>>>> >>>>>
>>>>>>>, >>>>>> >>>>
>>>>>>> >>>>>>>>>>
>>>>>>.
>>>>> >>>>>>>>>>>>>>>
>>>> >>>>>>>>:
shadow: >> >>>>>>>> ldap_user_shadow_expire
>>>>>>>>> >>>>>>>>>, >>
>>>>>>>>> >>>>> >>>
>>>>>>>>>> >>>>>>.
ad: >>>>>>>>>>>>
>>>>>>>>> 32->>>>>>>>
>>>> ldap_user_ad_user_account_control >
>>>>>>>>> >>>>>>, >>>>
>>>>>> >>> >>> >>>>>>>
>>>>>>>>. >>>> >>>>>>> >>
>>>> >>>>>>>>, >>>>>>
>>>> >>>>>>>>>. >>>>>
>>>> >>>>>>>>>>, >> >>
>>>>>>>>> >>>>> >>>
>>>>>>>>>> >>>>>>.
rhds, ipa, 389ds: >>>>>>>>>>>>>>>
>>> >>>>>>>>> >>>>>>>
>>>>>>>> ldap_ns_account_lock.
nds: >>> >>>>>>>>> >>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>> ldap_user_nds_login_allowed_time_map,
ldap_user_nds_login_disabled >
ldap_user_nds_login_expiration_time. >>>> >>
>>>> >>>>>>>> >>>>>>> >
>>> >>>>>>>>>, >>>>>>
>>>>>>.
>>>> >>>>>, >>>>>>>>, >>
>>>>>>>> >>>>>>>>>>>>
ldap_access_order >>> >>>>>>>> "expire",
>>> >>>>> >>>>
>>>>>>>>>>>>>
>>>>>>>>>> ldap_account_expire_policy.
>>>>>> >>>>>>>>:
>>>>>>>> >>>>>
ldap_access_order (>>>>>)
>>>>>> >>>>>>>>>>>>>
>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>>>>>.
>>>>>>> >>>>>>>> >>>>>>:
filter: >>>>>>>>>>>>>>>
ldap_access_filter
lockout: >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>
>>>>>>>. >>>>
>>>>>>>>>>>, >>>
>>>>>>>> >>>>>>>>>
>>>>>>, >>>> >>>>>
>>>>>>> ldap <> >
>>>> >>>>>>>>> > <<000001010000Z>>.
>>>> >>>>>, >>>>>>>>>>>
>> >>>>>>>>>>>>> >>
>>>>>>>>> ldap_pwdlockout_dn.
>>>>>>>>, >> >>>
>>>>>>>>>>>>>> >>>>
>>>>>>>>>> >>>>
>>>>>>>>>> <>.
>>>> >>>>>, >>>>>>>>, >>
>>> >>>>>>>> >>> >>>>>>
>>>>>>>>> >> >>>>>>>>
<>, >>>> >>>> >>>>
>>>>>>>> > >>>>>>>>>
>>>>>>>>.
ppolicy: >>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>
>>>>>>>. >>>>
>>>>>>>>>>>, >>>>>>>>>
>>>>>> > >>>>>>>
>>>>>>>>> >>>>>>>> ldap
<> >>>>>>> <<000001010000Z>>
>>> >>>>>>, >> >>>>>>>>>>
>>>>>>> >>>> > >>>>>>>>.
>>>>>>>> >>>>>>>>
<> >>>
>>>>>>>>>>>>> >> <>, >>
>>>>>>>> >>>>>>> >>>> UTC.
>>>>>>>>> >>>>> >>>>>>>
>>>>>> > >>>>>>>> >>>>>>
>> >>>>>>>>>>>, >>>>
>>>>>>>>>>>>
>>>>>>>>>>>> >> >>>>>
>>>>>>>>>>>> >>>
>>>>>>>> >>>>>>>, >>>>
>>>>>>>>>>>
>>>>>>>>>>>>>> >>>>>>
>> >>>>>>>. >>>>>>>>>>>
>>>> >>>>> >>>>>> >
>>>>>>> >>>> >>>>>>>>>
ldap_pwdlockout_dn. >>>> >>>>>,
>>>>>>>>, >> >>>
>>>>>>>>>>>>>> >>>>>
>>>>>>>>> >>>>
>>>>>>>>>> >>>>>>>>
<>.
expire: >>>>>>>>>>>>>>>
ldap_account_expire_policy
pwd_expire_policy_reject, pwd_expire_policy_warn,
pwd_expire_policy_renew: >> >>>>>>>>>
>>>>>>>, >>>>
>>>>>>>>>>>> >>>>>>>>
>>>>>>>>>>>> >>>>
>>>>>>> >>>>>>>>>>
>>>>>> >>> >>>>>>, > >
>>>>>>>>, >>>>
>>>>>>>>>>>>> >>>>>>>>>
>> >>>>>>>>> >>> >>>>>>>
>>>>>>>, >>>>>>>>> >>
>>>>>> SSH.
The difference between these options is the action taken if user
password is expired:
o pwd_expire_policy_reject - user is denied to log in,
o pwd_expire_policy_warn - user is still able to log in,
o pwd_expire_policy_renew - user is prompted to change their
password immediately.
>>>> >>>>>, >>>>>>>>, >>
>>> >>>>, >>> >>> >>>>>
>>>> >>>>>>>>>>>>, >>>>
>>>>>>>>>> <>.
>>>> >>>>, >>>>
>>>>>>>>>> >>>
>>>>>>>>> <>
>>>>>>>>>> >>>>>>>
>>>>>>>>>> >> >>>>>>>>.
authorized_service: >>>>>>>>>>>>>>>
>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>
>>>>>>> authorizedService
host: >> >>>>>>>>> >>>>>
>>>>>>>> >>>>> >>>>>
>>>>>>>>> >>>>> >>>>>>>
rhost: >>>>>>>>>>>>>>>
>>>>>>> rhost >>>
>>>>>>>>>> >>>>, >>
>>>>>> >>>>>>>>>> >>>>>
>>>>>>
>>>> >>>>>, >>>>>>>>, >>
>>>>>>>> >>>> rhost > pam
>>>>>>>>>>>>>>
>>>>>>>>>. >>>>>
>>>>>>>>>>, >> >>>>>>>>
>>>>>>>> pam, >>>> >>>
>>>>>>> >>> >>>>>>>
>>>>>>>>> >>>>>>>>.
>>>>>> >>>>>>>>: filter
>>>>>>>>, >> >>>>>>>>
>>>>>>>>>> >>> >>>>>>>,
>>>> >>>> >>>>>>>> >>>>
>>>>>>>>>>> >>>>>>>>
>>>>>.
ldap_pwdlockout_dn (>>>>>)
>> >>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>> DN
>>>>>> >>>>>>
>>>>>>>>>> >> >>>>>>>>
>> >>>>>>> LDAP. >>>> >>>>>,
>>>>>>>>, >> >>, >> >>>>>
>>>>>>>>> >> >>>> > sssd.conf, >
>>>>>>> >>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>
>>>>>>> >>>>>>>> >>
>>>>>>>> >>>>>>>,
>>>>>>>> >>>>>>>> ppolicy >>
>>>>>>> LDAP >> >>>>> >>>>
>>>>>>>>>> >>>>>>>>
>>>>>.
>>>>>>>: cn=ppolicy,ou=policies,dc=example,dc=com
>>>>>> >>>>>>>>:
cn=ppolicy,ou=policies,$ldap_search_base
ldap_deref (>>>>>)
>>>>>>>> >>>>>>
>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>> >>> >>>
>>>>>>>>> >>>>>>.
>>>>>>> >>>> >>>>>>>>:
never: >>>>>> >> >>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>.
searching: >>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> > >>>>>
>>>>>>>>> >>'>>>>, > >> >>
>>>>>> >>>>>>>>>> >>>>>
>>>>>>>>> >>'>>>> >>>>>>.
finding: >>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> >>>> >>>
>>> >>>>>>>>>> >>>>>
>>>>>>>>> >>'>>>> >>>>>>.
always: >>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> >> >>> >>>
>>>>>>, >>> > >>> >>>
>>>>>>>>>> >>>>>
>>>>>>>>> >>'>>>> >>>>>>.
>>>>>> >>>>>>>>: >>
>>>>>>>>>>> (>>>>>>>
>>>>>>>>>>>> LDAP >>>>>>>
>> >>>>>>>>> never)
ldap_rfc2307_fallback_to_local_users (>>>>>>
>>>>>>>>)
>>>>> >>>>> >>>>>>>>>
>>>>>>>>> >>>>>>>>>>>>
>> >>>>>>>>> >>>>> LDAP >>>
>>>>>>>>, > >>>>
>>>>>>>>>>>>>>>> >>>>>
RFC2307.
> >>>>>> >>>>>>>>>>>, >>
>>>>>>>>>>>>>>>> >>>>>
RFC2307, >>>>>>>>>
>>>>>>>>>>>> >>>>>
>>>>>>> >>>>>>>>>> >>>>
LDAP >>>>>>>>>> >>>> >>>
>>>>>>>>>>>> >>
>>>>>>>> memberUid.
>>>>>>>>>>>> >>>>>>
>>>> >>>>
>>>>>>>>>>>>>>>, >>>>
>>>> >>>>>>>> >>>>>>>
>>>>>>>>> >>>>>>>>, >>>>
SSSD >> >>>>>>>>> >>>>
>>>>>>> >>>>>>
>>>>>>>>>>>>, >>>> <<>>
>>>>>>>>>>, > >>>>>>>>>
>>>>> >>>> >>>>>> >
>>>>>>, >>>>> nsswitch >>>>>>>
>>>>>>>> >>>> >>>>
>>>>>>>>>>>> >>
>>>>>>>>> >>>>>>> getpw*()
>>> initgroups().
> >>>> >>>>>>>>>>>>
>>>>> >>>>>>>>>
>>>>>>>> >>>>>>>>>>>>
>> >>>>>>>>> >>>>>>>> >>
>>>>>>>>> >>>>>>>>>>>>
> >>>>> >> >>>, >>
>>>>>>>> >>>>>>> initgroups()
>>>>>>>>>>>>>>> >>>>>>
>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>>> >>>>>>> LDAP.
>>>>>> >>>>>>>>: false
wildcard_limit (>>>> >>>>>)
>>>>>>>> >>>>>> >>>> >>>
>>>>>>>>> >>>>>>>, >>>
>>>>>>>>>>>>>>>> >>>
>>> >>>>>> >
>>>>>>>>>>>>>
>>>>>>>>->>>>>>>>>>.
> >>>>>>>> >>>>>> >>>>>
>> >>>>>>>>>>>>>
>>>>>>>>->>>>>>>>>>
>>>>>>>>>>> >>>> >>>
>>>>>>>>>>> InfoPipe.
>>>>>> >>>>>>>>: 1000 (>>>>>
>>>>>> >>>>>> >>>>>>>>)
ldap_library_debug_level (>>>> >>>>>)
>>>>>> >>>>>>>>>>> libldap >>
>>>>>>>> >>>>>>.
>>>>>>>>>>>>
>>>>>>>>>>>> libldap >>>>
>>>>>>>> >>>>>>>>> >>>
>>>>>>>>>> debug_level.
OpenLDAP >>>>>>>>>>>> >>>>>>
>>>>> >>> >>>>>>>>
>>>>>>>>>>> >>> >>>>>>
>>>>>>>>>>>, -1 >>>>>>>
>>>>> >>>>>>>>>
>>>>>>>>>>>>> >>>>>.
>>>>>> >>>>>>>>: 0
(>>>>>>>>>>> libldap
>>>>>>>>)
>>>>>>>>> SUDO
>>>>>>>> >>>>>>>> >>>>
>>>>>>>>>>>>>> sudo_provider
>>>>> >>>>>> >> >>>>>>>>
>>>>>>>>> (man) sssd-sudo(5).
ldap_sudo_full_refresh_interval (>>>> >>>>>)
>>>>>>>> >>>> > >>>>>>>>
>>> >>>>>>>>>>>>
>>>>>>> >>>>>>>>>>>
>>>>>> sudo SSSD >
>>>>>>>>>>>>> >>>>>>.
>>> >>> >>>>> >>>>>>>>
>>>> >>>>>>>> >>>>>>
>>>>> >>>>>>, >>
>>>>>>>>>>>> >> >>>>>>>.
>> >>>>>>>> >>>
>>>>>>>>>>>> >>>>>>>>
ldap_sudo_smart_refresh_interval
>> >>>>>> >>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>>>>>>
>>> >>>>> >>>>>>>>>
>>>>>>>> 0. >>>>,
>>>>'>>>>>> >>> >>>>
>>>>>>>>> >>> >>>>>>>>
>>> >>>>> >>>>>>>>>.
>>>>>> >>>>>>>>: 21600 (6
>>>>>)
ldap_sudo_smart_refresh_interval (>>>> >>>>>)
>>>>>>>> >>>> > >>>>>>>>
>>> >>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>
>>>>>> sudo SSSD >
>>>>>>>>>>>>> >>>>>>.
>>> >>> >>>>> >>>>>>>>
>>>> >>>>>>>> >>> >>>>
>>>>>>, USN >>>> >>>>>>>>>
>>>>>>>>> >>>>>>>>
>>>>>>> USN, >>> >>>>>> SSSD.
>>>> >>>>>>>>>
>>>>>>>>> USN >> >>>>>>> >>
>>>>>>>>>>>, >>>>
>>>>>>>>>>> >>>>
>>>>>>>> modifyTimestamp.
>>>>>>>>>>: >>>>>>>>
>>>>>>>> USN >>>>> >>>>>>>
> >>> >>>>>>>: 1) >>>>>> >
>>>>>>>>> >>>>>>>>>> sudo
(>>>> >>>>>>>> >>>>>>>>
>>>>>>>), 2) >>>>>>>>>>>>
>>>>>>>>>>>> > >>>> (>>>>
>>>>>>>> >>>>>>>>> >
>>>>>>>> >>>>>>
>>>>>>>>>>>> >>> >>>>) > 3)
>>>>>>>>> >'>>>>>>>> >>
>>>>>>>> (>>>>>>, >>>>> 15
>>>>>>, >>>. ldap_connection_expire_timeout).
>> >>>>>> >>>>>>>>
>>>>>>>> >>>>>>>>>
>>>>>>>>>>>>> >>> >>>>>
>>>>>>>>> >>>>>>>> 0.
>>>>, >>>>'>>>>>> >>>
>>>> >>>>>>>>> >>>
>>>>>>>> >>> >>>>>
>>>>>>>>>.
>>>>>> >>>>>>>>: 900 (15
>>>>>>)
ldap_sudo_random_offset (>>>> >>>>>)
>>>>>>>>>> >>>> >>> 0 >>
>>>>>>>>>>>>> >>>>>>>>,
>>>> >>>> >>>>>> >>
>>>>>>>>>> > >>>>>>>
>>>>>>>> >>>>>>>>>
>>>>>>> >>>> >>> >>>
>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>. >>>>>>>> >
>>>>>>>>.
>>>>>>>>, >> >>>
>>>>>>>>>> >>>> >>>>
>>>>> >>>>>>>>>>> >>>
>>> >>>>>>> >>>>>>> SSSD, >>
>>>>>>>> >>>>>
>>>>>>>>> >>>>>> sudo.
>>>>>>>> >>>>>>>> >>>,
>>>>>>>> >>>>> >>>>>>> sudo
> >>>>>>>>>>>> >>>
>>>>>>>>>>>>.
>> >>>>>> >>>>>>>> >>>
>>>>, >>>>>>>>>>>
>>>>>>>> 0.
>>>>>> >>>>>>>>: 0
(>>>>>>>>)
ldap_sudo_use_host_filter (>>>>>> >>>>>>>>)
>>>> >>>>>>>>> >>>>>>>>
true, SSSD >>>>>>>>>>>> >>>>
>>>>>>>, >> >>>>>>>>>>
>>>>> >>>>'>>>>> (>>
>>>>>> >>>>> >>>>> >>>
>>>>>> > >>>>>>>> IPv4 > IPv6
>> >>>> >>>>>>).
>>>>>> >>>>>>>>: true
ldap_sudo_hostnames (>>>>>)
>>>>>> >>>> >>>>>> >>>
>>>>>> >>>>>>>> >>>>,
>>>>>>>>>>>>>
>>>>>>>>>, >>>
>>>>>>>>>>>> >>>>>>
>>>>>>.
>>>> >>>>>>>> >>>>>
>>>>>>>>> > >>>>>>>>, SSSD
>>>>>>>>>>>>>>
>>>>>>>>> >>>>> >>>>> >>
>>>>> >>>>> >>>>'>>>>> >
>>>>>> > >>>>>>>>>>>>>
>>>>>>.
>>>> >>> ldap_sudo_use_host_filter
>>>>>>>>>>> >>>>>>>> false,
>>> >>>>>>>> >> >> >> >>
>>>>>>>>>>.
>>>>>> >>>>>>>>: >>
>>>>>>>
ldap_sudo_ip (>>>>>)
>>>>>> >>>>> >>>>>> >>>
>>>>> > >>>>>>>> IPv4 > IPv6
>>> >>>>>>>>>>>> >>>>>>
>>>>>>.
>>>> >>>>>>>> >>>>>
>>>>>>>>> > >>>>>>>>, SSSD
>>>>>>>>>>>>>>
>>>>>>>>> >>>>>> >
>>>>>>>>>>>>> >>>>>>.
>>>> >>> ldap_sudo_use_host_filter
>>>>>>>>>>> >>>>>>>> false,
>>> >>>>>>>> >> >> >> >>
>>>>>>>>>>.
>>>>>> >>>>>>>>: >>
>>>>>>>
ldap_sudo_include_netgroups (>>>>>>
>>>>>>>>)
>>>> >>>>>>> >>>>>>>> true,
SSSD >>>>>>>>>>>> >>>
>>>>>>>, >> >>>>>>>
>>>>>>>> >>>>> (netgroup) >
>>>>>>>> sudoHost.
>>>> >>> ldap_sudo_use_host_filter
>>>>>>>>>>> >>>>>>>> false,
>>> >>>>>>>> >> >> >> >>
>>>>>>>>>>.
>>>>>> >>>>>>>>: true
ldap_sudo_include_regexp (>>>>>> >>>>>>>>)
>>>> >>>>>>> >>>>>>>> true,
SSSD >>>>>>>>>>>> >>>
>>>>>>>, >> >>>>>>>
>>>>>> >>>>>> > >>>>>>>>
sudoHost.
>>>> >>> ldap_sudo_use_host_filter
>>>>>>>>>>> >>>>>>>> false,
>>> >>>>>>>> >> >> >> >>
>>>>>>>>>>.
Note
>>>>>>>>>>>>
>>>>>>>>->>>>>>>>>> >
>>>> >>>>>>>>>>>>>
>>>>>>>>> >>>>>>>>>
>>> >>>>>>> LDAP!
>>>>>> >>>>>>>>: false
>> >>> >>>>>>>> >>>>>>>>>
>>>>>>>> >>>> >>>>
>>>>>>>>>>>>> >>>>
>>>>>>>>>. >>>>>>>>> >>>>
>>>>>>>>> >>>>>>>>>,
>>>'>>>>>> > sudo, >>>>>
>>>>>> > >>>>>>> > sudoers.ldap(5).
>>>>>>>>> AUTOFS
>>>>> >>>>>> >>>>>>>>
>>>>>>>>>>, >>>>>>>>
>>>>>, >>>>>>>> >>> >>>>
>>>>> LDAP.
ldap_autofs_map_master_name (>>>>>)
>>>>> >>>>>>>> >>>>>
>>>>>>>>>>>>>
>>>>>>>>>> > LDAP.
>>>>>> >>>>>>>>: auto.master
ldap_autofs_map_object_class (>>>>>)
>>>> >>'>>>>> >>>>>>
>>>>> >>>>>>>>>>>>>
>>>>>>>>>> > LDAP.
>>>>>> >>>>>>>>: nisMap (rfc2307,
autofs_provider=ad), > >>>>> >>>>>>>>
automountMap
ldap_autofs_map_name (>>>>>)
>>>>> >>>>>> >>>>>
>>>>>>>>>>>>>
>>>>>>>>>> > LDAP.
>>>>>> >>>>>>>>: nisMapName (rfc2307,
autofs_provider=ad), > >>>>> >>>>>>>>
automountMapName
ldap_autofs_entry_object_class (>>>>>)
>>>> >>'>>>>>
>>>>>>>>>>>>>
>>>>>>>>>> LDAP. >>> >>>>>
>>>>>>>> >>>>>>>>>>
>>>>> >>>>>>>>>>.
>>>>>> >>>>>>>>: nisObject (rfc2307,
autofs_provider=ad), > >>>>> >>>>>>>>
automount
ldap_autofs_entry_key (>>>>>)
>>>> >>>>>>
>>>>>>>>>>>>>
>>>>>>>>>> LDAP. >>> >>>>>
>>>>>>>> >>>>>>>>>>
>>>>> >>>>>>>>>>.
>>>>>> >>>>>>>>: cn (rfc2307,
autofs_provider=ad), > >>>>> >>>>>>>>
automountKey
ldap_autofs_entry_value (>>>>>)
>>>> >>>>>>
>>>>>>>>>>>>>
>>>>>>>>>> LDAP. >>> >>>>>
>>>>>>>> >>>>>>>>>>
>>>>> >>>>>>>>>>.
>>>>>> >>>>>>>>: nisMapEntry (rfc2307,
autofs_provider=ad), > >>>>> >>>>>>>>
automountInformation
>>>> >>>>>, >>>>>>>>, >>
>>>>> >>>>>>>>>>>>>
>>>>>>>>>> >>>>> >>>>>>>
>>>>> >>>> >>> >>> >>>>>>>,
>>>> >>>> >> ssd.conf >>>>>>>
>>>>->>> >>>'>>>>> > autofs
>>>>>, >>>>>> >>>>
>>>>>>>>>>>>> >>>>>>
>>>>>> >>>>>>>>>>>>>
>>>>>>>>>> >>>>>
>>>>>>>>>>> SSSD.
>>>>>>>>> >>>>>>>>>
>>>>>>>>> >>> >>>>>>>>>>
>>>>>>>>>>> >>>>>>>> LDAP,
>>> >>>>>>>>>>>>> >>>>
>>>> >>>>>>>>. >>>> >>>>>,
>>>>>>>>>>>>>> >> >
>>>>>>>>>>>>>, >>>> >>>>
>>> >>>>>> >>>>>>>> >>>>>
>>>.
ldap_netgroup_search_base (>>>>>)
>>>>>>>>>> >>>>>>>> DN,
>>>>>>> >>>>>> > >>>>>>
LDAP >>> >>>>>>>>> >>>>>>>
LDAP >>> >>>>> >>>>>>>>>.
>>>>>>>>>:
search_base[?scope?[filter][?search_base?scope?[filter]]*]
>>>>>>>>>> >>>> >>>>
>>>> >> >>>>>>>, <>
(>>>>>>), <> (>>>>>>>
>>>>>>) >>> <>
(>>>>>>>>>). >>>>>>>>>>>
>>>> >>>>>>>>>>
>>>>>>>> > >>>>>>> 4.5.1.2
>>>>>>>>> http://tools.ietf.org/html/rfc4511
>>>>>>>> >>> >>>>
>>>>>>>>> >>>>>
>>>>>>>>>>>> LDAP,
>>>>>>>>>> >>
>>>>>>>>>>>>
http://www.ietf.org/rfc/rfc2254.txt
>>>>>>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>>>>>>>>>> >>>>>
>>>>>> > >>>>>>>
>>>>>>>>> <>.
>>>>>> >>>>>>>>:
>>>>>>>> ldap_search_base
>>>> >>>>>, >>>>>>>>, >>
>>>>>>>>> >>>>>>>>>>
>>>>>>> >>> >>>>>>> >>>
>>>>>>> >> >>>>>>> Active Directory
>> >>>>>>>>>>>. >> >>>>
>>>>>>>>> >> >>>>>>>>>
>>>>>>> >>>>>>>>>
>>>>>>>>>>> > >>>>>>>>>
>>>>>>> > >>>>
>>>>>>>>>> >>>>>>>>>
>>>>>>>>> (Range Retrieval).
ldap_user_search_base (>>>>>)
>>>>>>>>>> >>>>>>>> DN,
>>>>>>> >>>>>> > >>>>>>
LDAP >>> >>>>>>>>> >>>>>>>
LDAP >>> >>>>> >>>>>>>>>.
>>>>>>>>>:
search_base[?scope?[filter][?search_base?scope?[filter]]*]
>>>>>>>>>> >>>> >>>>
>>>> >> >>>>>>>, <>
(>>>>>>), <> (>>>>>>>
>>>>>>) >>> <>
(>>>>>>>>>). >>>>>>>>>>>
>>>> >>>>>>>>>>
>>>>>>>> > >>>>>>> 4.5.1.2
>>>>>>>>> http://tools.ietf.org/html/rfc4511
>>>>>>>> >>> >>>>
>>>>>>>>> >>>>>
>>>>>>>>>>>> LDAP,
>>>>>>>>>> >>
>>>>>>>>>>>>
http://www.ietf.org/rfc/rfc2254.txt
>>>>>>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>>>>>>>>>> >>>>>
>>>>>> > >>>>>>>
>>>>>>>>> <>.
>>>>>> >>>>>>>>:
>>>>>>>> ldap_search_base
>>>> >>>>>, >>>>>>>>, >>
>>>>>>>>> >>>>>>>>>>
>>>>>>> >>> >>>>>>> >>>
>>>>>>> >> >>>>>>> Active Directory
>> >>>>>>>>>>>. >> >>>>
>>>>>>>>> >> >>>>>>>>>
>>>>>>> >>>>>>>>>
>>>>>>>>>>> > >>>>>>>>>
>>>>>>> > >>>>
>>>>>>>>>> >>>>>>>>>
>>>>>>>>> (Range Retrieval).
ldap_group_search_base (>>>>>)
>>>>>>>>>> >>>>>>>> DN,
>>>>>>> >>>>>> > >>>>>>
LDAP >>> >>>>>>>>> >>>>>>>
LDAP >>> >>>>> >>>>>>>>>.
>>>>>>>>>:
search_base[?scope?[filter][?search_base?scope?[filter]]*]
>>>>>>>>>> >>>> >>>>
>>>> >> >>>>>>>, <>
(>>>>>>), <> (>>>>>>>
>>>>>>) >>> <>
(>>>>>>>>>). >>>>>>>>>>>
>>>> >>>>>>>>>>
>>>>>>>> > >>>>>>> 4.5.1.2
>>>>>>>>> http://tools.ietf.org/html/rfc4511
>>>>>>>> >>> >>>>
>>>>>>>>> >>>>>
>>>>>>>>>>>> LDAP,
>>>>>>>>>> >>
>>>>>>>>>>>>
http://www.ietf.org/rfc/rfc2254.txt
>>>>>>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>>>>>>>>>> >>>>>
>>>>>> > >>>>>>>
>>>>>>>>> <>.
>>>>>> >>>>>>>>:
>>>>>>>> ldap_search_base
>>>> >>>>>, >>>>>>>>, >>
>>>>>>>>> >>>>>>>>>>
>>>>>>> >>> >>>>>>> >>>
>>>>>>> >> >>>>>>> Active Directory
>> >>>>>>>>>>>. >> >>>>
>>>>>>>>> >> >>>>>>>>>
>>>>>>> >>>>>>>>>
>>>>>>>>>>> > >>>>>>>>>
>>>>>>> > >>>>
>>>>>>>>>> >>>>>>>>>
>>>>>>>>> (Range Retrieval).
Note
>>>> >>>>>>>>> >>>>>>>>
"ldap_use_tokengroups", >>>>>> > Active Directory
>> >>>> >>>>>>>> -- >>>
>>>>>>>>>>> >>> >>>>
>>>> >>>>>> > >>>>>>,
>>>>>> >>> >>>>'>>>> >> GID.
>>>>>>>>>>>> >>>>>>>>
>> >>>>>>>>>>, >>>> >>>>>
>>>> >>>>>>>>>>>
>>>>>>>>>>>.
ldap_sudo_search_base (>>>>>)
>>>>>>>>>> >>>>>>>> DN,
>>>>>>> >>>>>> > >>>>>>
LDAP >>> >>>>>>>>> >>>>>>>
LDAP >>> >>>>> >>>>>>>>>.
>>>>>>>>>:
search_base[?scope?[filter][?search_base?scope?[filter]]*]
>>>>>>>>>> >>>> >>>>
>>>> >> >>>>>>>, <>
(>>>>>>), <> (>>>>>>>
>>>>>>) >>> <>
(>>>>>>>>>). >>>>>>>>>>>
>>>> >>>>>>>>>>
>>>>>>>> > >>>>>>> 4.5.1.2
>>>>>>>>> http://tools.ietf.org/html/rfc4511
>>>>>>>> >>> >>>>
>>>>>>>>> >>>>>
>>>>>>>>>>>> LDAP,
>>>>>>>>>> >>
>>>>>>>>>>>>
http://www.ietf.org/rfc/rfc2254.txt
>>>>>>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>>>>>>>>>> >>>>>
>>>>>> > >>>>>>>
>>>>>>>>> <>.
>>>>>> >>>>>>>>:
>>>>>>>> ldap_search_base
>>>> >>>>>, >>>>>>>>, >>
>>>>>>>>> >>>>>>>>>>
>>>>>>> >>> >>>>>>> >>>
>>>>>>> >> >>>>>>> Active Directory
>> >>>>>>>>>>>. >> >>>>
>>>>>>>>> >> >>>>>>>>>
>>>>>>> >>>>>>>>>
>>>>>>>>>>> > >>>>>>>>>
>>>>>>> > >>>>
>>>>>>>>>> >>>>>>>>>
>>>>>>>>> (Range Retrieval).
ldap_autofs_search_base (>>>>>)
>>>>>>>>>> >>>>>>>> DN,
>>>>>>> >>>>>> > >>>>>>
LDAP >>> >>>>>>>>> >>>>>>>
LDAP >>> >>>>> >>>>>>>>>.
>>>>>>>>>:
search_base[?scope?[filter][?search_base?scope?[filter]]*]
>>>>>>>>>> >>>> >>>>
>>>> >> >>>>>>>, <>
(>>>>>>), <> (>>>>>>>
>>>>>>) >>> <>
(>>>>>>>>>). >>>>>>>>>>>
>>>> >>>>>>>>>>
>>>>>>>> > >>>>>>> 4.5.1.2
>>>>>>>>> http://tools.ietf.org/html/rfc4511
>>>>>>>> >>> >>>>
>>>>>>>>> >>>>>
>>>>>>>>>>>> LDAP,
>>>>>>>>>> >>
>>>>>>>>>>>>
http://www.ietf.org/rfc/rfc2254.txt
>>>>>>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>>>>>>>>>> >>>>>
>>>>>> > >>>>>>>
>>>>>>>>> <>.
>>>>>> >>>>>>>>:
>>>>>>>> ldap_search_base
>>>> >>>>>, >>>>>>>>, >>
>>>>>>>>> >>>>>>>>>>
>>>>>>> >>> >>>>>>> >>>
>>>>>>> >> >>>>>>> Active Directory
>> >>>>>>>>>>>. >> >>>>
>>>>>>>>> >> >>>>>>>>>
>>>>>>> >>>>>>>>>
>>>>>>>>>>> > >>>>>>>>>
>>>>>>> > >>>>
>>>>>>>>>> >>>>>>>>>
>>>>>>>>> (Range Retrieval).
>>>>>>
>>>>>>>>>> >>>>>>>>>>>>
>>>>> >>>>> >>>>>>>
>>>>>>> >>>>>>>>>>>
>>>>>>>>>>>> >> >>>>
>>>>>>>, >>>> >>>>>>
>>>>>>>>>>>> >'>>>>>>> >
>>>>>>>> >>>>>>>> >>>>>>
>>>>>>>.
>>>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>
>>>>>>>
>>>>>> >>>>>>> >>>>>>>>,
>>>>>>>>>>>>> >>>>>>. >>>
>>>>>> >>>>>
>>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>>.
>>>>>>> > >>>>>> >>>>>>>>
>>>>>>>>>. > >>>>>> >>>>
>>>> >>>>->>> >>>>>>>>>
>>>>>>> >>>>>>>>.
>>> >>>>>>> > >>>>>>>>>>
>>>>>>>>>>>> > >>>>>>>>>>
>>>>>>>>> >>>>>>>>>>
>>>>> >>> >>>>>>>>:
>>>>>>>> > >>>>>>>>>. >>>>
>>>>>>> > >>>>, >> >>>>>>>
> >>>>>>>>> >>>>>> >>>>>
>>>>> >>>>>>>>> >>
>>>>>>>> >>>>>>>, >>>>> >>
>> >>>>>>>>> >>>>>>>>
>>>>>>>>>>>, >>>> >>>> >>
>>>>>>>> >'>>>>>>>> >
>>>>>> > >>>>>>>>
>>>>>>>>. >>>> >>>>
>>>>>>> >>>>>>>>> >>>>>>,
>>>>>>>>>>>>>> >>>
>>>>>>>>>> > 31 >>>>>>>.
>>>>> >>>>>>>>>> >>>>
>>>>>>>>>> SSSD >>>>>>>>>>
>>>>>>>>>>>>>> >>>>>>>>
>>>>>>>>>> >'>>>>>>> >
>>>>>>>>> >>>>>>>>>. >>>>
>>>>>> >>>> >>>>>>>>,
>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>> >>>>
>>>>>>>> >> >>>>>>>>.
>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>
>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> >>>>>>
>>>>'>>>>> > >>>>>>.
>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>>>>>
>>>>> >>>>> >>>>>>>>>
>>>>'>>>>>. >>>> >>>>>>
>>>>>>>>>> >>>>>>>>
>>>>>>>, >>>>'>>>>
>>>>>>>>>>>>> >>>'>>>>>>>
>>> >>>>>>. >>>>>>>>>
>>>>> >>>>>>>>>>
>'>>>>>>> > >>> >>>>'>>>>>>
>>> >>>> >>>>> >>>>> >>
>>>>>>>>>>>>>>>>. >>>>
>>>>>>>> >>>>>>>>
>>>>>>>>>>, >>>>>>
>>>>>>> >>>>>> >>>>>>>>>>
>'>>>>>>> >> >>>>>>> >>
>>>>>>>>>>> >>>>'>>>>>.
>>>> >>>>>> >'>>>>>>> >>
>>>>>>> >> >>>>>>>> >>
>>>>>>, >>>>>>>>>>>>>>
>>>>>>>>>>>>> >>>>
>>>>>>, >>>>>>
>>>>>>>>>>> >>>>>>>>>>>>
>> >>>>>>>> >>>>>>.
>>>>'>>>> >>>>>>
>>>>>>>>>>>>> >'>>>>>>> >
>>>>>>>, >>>>>>> >>>>>>>>
>>>>>> >>>>>>>>>>>> >>>>>
>>>>>.
>>>>>>>> >>>>>>
>>>>>>>>>>>> >'>>>>>>> >
>>>>'>>>>>>> >>> >>>>>>>>,
>>>>>>>>>>> >> >>>>, >>
>>>>>>>>>>> >>>> >>>>>>>,
>>>> >>>>>>>> >> >>>>>>
>>>>>>>> >>>>. > >>>>>>>>
>>>>>> >>> >>>>>>>> >
>>>>>>>>> > >>>>>>>> 30
>>>>>>>>.
>>>> >>>>>> >>>>'>>>>>>
>>>> >>>>>>>>>, >>>>>>>>
>>>>>> >>>>>>> > >>>>>
>>>>>>>>>> >>>>>> >
>>>>>>>>>>>>> >>>>>>
>'>>>>>>> >>>>> 30 >>>>>>.
>>> >>>>>>>>>> >>
>>>>>>>>>>> >> >>>>>>>>>
>>>>>> >> >>>>>
>>>>>>>>>>>>>>
>>> >>>>>>>>>> >>>>>>>
>>> >'>>>>>>> >>>>>>>>>
>>>>>> >>>>>> DNS >>>
>>>>>>>>> >>>>>>, >>>>>>>
>>>>>>>>>> >>>>>>>>>>>>
>>>>> >>> >>>>>>
>>>>>>>>>>> >>>>>>>> >>>>
>>>>>> > >>>>>>>, >>>>
>>>>> >> >>>>>>>>>>>>
>>>>>>>> >>>>>>>>>>.
>>>>>>>>> >>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>>>>>>>
>>>>, > SSSD >>>>>
>>>>>>>>>>>> >>>>>>>
>>>>>>>>>>> >>>> >>>
>>>>>>>>>> >>>>>>>
>>>>>>>>>> > >>>>>>>>>>>>
>>>>>>>>>> >>>> >>
>>>>>>>>> >>>>> >>>>>>
>>>>> >>>>>>>>> >>
>>>>>>>>>>> >>>>>>. >>>>
>>>>>>>>>>>>> >>>>>> SSSD
>>>>>>>, >> >>> >>>
>>>>>>>>>> >>>>>>>
>>>>>>>>>> >>> >>>>>>>>>>
>> >'>>>>>>> >>
>>>>>>>>>>>> >>>>>>>>,
>>>>> >>>>>>> >>>>>>>>
>>>>>>>>>> >>>>
>>>>>>>>>>.
> >>>>> >>>>>>> >>>>>>>>
>>>>>> >>>>>>>>> >>>
>>>>>>>>>>> >>>>>>>>>>.
>>>> >>>>>, >>>>>>>>>>> >>
>>>>>> >>>>>>> >>
>>>>>>>>> >>>>>>>>
>>>>>>>>>> sssd.conf(5).
dns_resolver_server_timeout
>>> > >>>>>>>>>>>>,
>>>>>>>> >>>>> SSSD >>>
>>>>>>>>>> >>>>>>>>>>
>>>>>> >> >>>>>>>
>>>>>>>> DNS, >>>> >>>
>>>>>>> >> >>>>>
>>'>>>>>>> >> >>>>>>>>>.
>>>>>> >>>>>>>>: 1000
dns_resolver_op_timeout
>>> > >>>>>>>>, >>>>
>>>>>>>> >>>>>>>>>>
>>>>>>>, >>>>>>>> >>>>>
SSSD >>>>>>>>>>>>>>
>>>>>>>> >>>>>>> >>>>> DNS
(>>>>>>>>> >>>>>>>>>>
>>>>> >>>>> >>> >>>>> SRV),
>>>> >>> >>>>>>> >>
>>>>>>>>> >>>>> >>>>>
>>> >>>>>>>>>> >>>>>>
>>>>>>.
>>>>>> >>>>>>>>: 3
dns_resolver_timeout
>>>>>>>>> >>>>> >>>
>>>>>> SSSD >> >>>>>>>>>>
>>>>>>>>> >>>>>>
>>>>>>> >>>>>. >>
>>>>>>>>>>>> >>>>>
>>>>>>>>>> >>>>> >>>>>>
>>>> >>>>>>>> >>>>>>>>
>>>>>>, >>>>>>>
>>>>>>>>>> >>>>>
>>>>>>> DNS SRV >>> >>>>>
>>>>>>>>>>>> >>>>>.
>>>>>> >>>>>>>>: 6
>>> >>>>>>>>>> >> LDAP
>>>>>>>>>>>>>> >>>>> >>>
> >>>>>>>>>> >>>>>>>>>>>
>> >>>>>>> >>> >>
>>>>>>>>>>>> >'>>>>>>> >>
LDAP. >>>> >>>> >>>>>
>>>>>>>>>> >>> >>>>
>>>>>>>>>> "ldap_opt_timeout"
>>>>>>>>, >>>
>>>>>>>>>>>>>> >>>>>>>>
"dns_resolver_timeout", >>> >>>>> >>>
>>>>>>>>>>>> >>>>>>>>
"dns_resolver_op_timeout", >>> >>>
>>>>>>>>>>>> >>>>>>>>
"dns_resolver_server_timeout".
>>>>> >>>>>
>> >>>>>>>>> >>>>>>>>>>
>>>>>>>>> >>>>> >>>>>>>
>>>>>> >>>>> >>>>>
>>>>>>>>>>> >>>>>>>>>
>>>>>>>>>> >>>>>>> >>>
>>>>>>>>>>>> >'>>>>>>> >>
>>>>>> >>>>>, >>>>>>>>> >
>>>>>>>>> >> >>>>>>>>>>>
>>>>> >> DNS. >>>>>>>>> >>>>
>>>>>>>>>> >>> >>>>>>>>>
>>>>>>>> >> >>>>>>>>>>>.
>>>>>>>>>>>>
>>>> >>>>>>>> >> >>>>
>>>>>>>, >>>>>>
>>>>>>>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>> >>>
>>>>>> >>>>>>>. >>>> >>>>,
>>>>>>>>>> >>>>
>>>>>>>>>>>>>>> >
>>>>>>>>> >>>>>> >>>>>>>>
> >>>>>>>>> >>>>>. >>>
>>>>> >>>> >>>>>>>>
>>>>>>>> >>>>>>> >>>>>,
<<_srv_>>, >> >>>>>> >>>>>>>>.
>>>>>>>>> >>>>>>>>>>>> >>
>>>>>>>> >>>>>>>>. >>
>>>>>>>>>> > >>>>>>>>,
>>>>, >>>>>>>>>,
>>>>>>>>>> >>>>> >>>>>>>>
>>>>>>>>>>>> >>>>>>>>>
>>>>>, >>>> >> >>>>>>>, >
>>>>>>>>>>> >>
>>>>>>>>>>>> >>>>>>>
>>>>>>>, >>>> >> >>>>>>>>>
DNS >> >>>>>>>> >>>>>>>
>>>>>>> >>>>>>>.
>>>>> >>>>>>
> >>>>>>>>>>>>
>>>>>>>>>>> >>>>
>>>>>>>>> <> >>>>>
>>>>>>>>>>>> >> >>>>>>>>
>>>>>>>>>> (man) sssd.conf(5).
>>>>>>>>
>>>>>>>> >>>>>>>>
>>>>>>>>>>>> >>>>>>>> _tcp.
>>>>>>>>>> >>>>>>>>>>>>>
> >>>>> >>>>>>>>>>>>
>>>>>>>>>.
>>>>> >>>>>>>>>>
>>>>>>>>>> >>>>>>>>> >>>>
>>>>>>>>>> >>>>>>>>>>
>>>>> >>>>> >>>>>> > RFC 2782.
>>>>>>>>>>>> >>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>> >>>>> SSSD
>>>>> >>>>>>>>> > >>>>>>
>>>>>>> Active Directory >>> >>>>>>>
>>> >>>>>>>>>>>>>>>
>>>>>>>>>>> >>>>>>>>
>>>>>>>>>>> > >>>>>
>>>>>>>>> >>>>>>>>> POSIX >>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>> >> >>>>.
>>>>>>>>>>: >>>>
>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>>, >>>>>>>>
uidNumber >> gidNumber >>>>
>>>>>>>>>>>>>. >>>
>>>>>>>> > >>>>> >>>>>>>>
>>>>>>>>>> >>>
>>>>>>>>>>> >>>>>>>>>>>
>> >>>>>>>>>>> >>>>>>
>>>>>>>>>>. >>>> >>>
>>>>>>>> >>>>>>>>>> >>>>>
>>>>>>>> >>>>>>, >>>>>>
>>>>>>>>>> >>>>>>>>>> >>>
>>>>>>>>.
>>>> >>>>>, >>>>>>>>, >>
>>>>> >>>>>>>>>>
>>>>>>>>>>>, >>>'>>>>>> >>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>>, >>>>>>>>
>> >>>>> >>>>>>>>>>>>>>>
>>>>>>>>>>>> > >>>>. >
>>>>>>>> >>>>>> SSSD >>>>>
>>>>>>>>>>>>>>> >>
>>>>>>>>>>>, >>>>, >>>
>>>>>>>>>> >>>>>>>> >>>>
>>>>> SSSD. >>>>>>>> >>>>>>>>
>>>>>> >>>>> >>>>>>>>>>>>
> >>>> >>>>>, >>>>>>>>>
>>>> >>>>> >>>>
>>>>>>>>>>, >>>> >>>>
>>>>>>> >>>>>>>>>>>>> >
>>>>>>>>>>, >>>>>>
>>>>>>>>>>> >> >>>>>>>
>>>>>>>> >>>>>>>>>> >>
>>>>>>>. > >>>>> >>>>>>>>>
>>>>>>> >>>> >>>>>>>>
>>>>> >>>>>>>>>>>>>. >>>
>>>>>>>>> >>>> >>>>>
>>>>>>>>>>> >>>>>>>>>>>>
>>>>>>> sss_cache(8), >>>>>>>>>
>>> >>>>>>>>>> >
>>>>>>>>> >>>>>>:
o >>>>>>>>>>>>>, >>
>>>>>>>>> >>>>>>> >
>>>>>>>>>>.
o >>>>>>>>> >>>>>> >>>>>>
SSSD
o >>>>>>>>> >>>> >>>>>
o >>>>>>>>>> >>>>>> SSSD
>>>> >>>>, >>>>>>>> >>>>>
>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>>>>>>>>
>>>>> >>>>>>>>>>>>
>>>>>>>, >>>>>>> >>>>
>>>>>>>>> >> >>>>> >
>>>>>>>>, >>>>>
>>>>>>>>>> >>> >>>>>>> >
>>>>>>>> >>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>>.
>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>>>>>
Active Directory >>>>> >>>>>>>> objectSID
>>> >>>> >>'>>>>>
>>>>>>>>>>>> > >>>> >
>>>>>>>>. >>>> >>>>>>>>
objectSID >>>>> >>>>>>> >>
>>>>>>>>>>, >>>
>>>>>>>>>>>> >>>>>>>
>>>>>> Active Directory >>
>>>>>>>>>>
>>>>>>>>>>>>>> (RID) >>'>>>>
>>>>>>>>>>> >>> >>>>>.
>>>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>> SSSD
>>>>>>>>>>> >>>>>
>>>>>>>>> >>>>>>>>> UID >>
>>>>>>> >>>>>>>>>
>>>>>>>>, >>> >>>>>>>>>>>
<<>>>>>>>>>. >>>>> >>>>
>>>>>>>>>> >>>>>>>>,
>>>>>>>>>> >>>>>>> >>>>>>
Active Directory.
>>>> SSSD >>>>>> >>>>>>>>>
>>>>> >>>>>>>>>>> >>>
>>>>> >>>>>>> >>>>>>, SSSD
>>>>>> >>>> > >>>>>>>>>
>>>>>> >>> >>> >>>>>. >
>>>>> >>>>>>>>>>>>
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> >>
>>>>>> >>>>>>>>>>>
>>>>>>>>, >>>>
>>>>>>>>>>> >> >>>>>
>>>>>>>>>>:
>>>>> SID >>>>>>>>>>>
>>>>>>>>>>> murmurhash3 > >>>>>
>>>>>>>>>>>> >>>> >>
>>>>>>>> 32->>>>>>
>>>>>>>>. >>> >>>>>> >>>>>
>>>>>>>>>>>>>>>> >>>>
>>>>>>> >>> >>>>>>> >>>>>
>>>>>>>> >> >>>>>>>>
>>>>>>>>> >>>>>>>>>
>>>>>>.
>>>>>>>>>>: >> >>>>>>
>>>>>>>>> >>>>>>> >>>>>
>> >>>>> >> >>>>>>>>>>>
>>>>> >>>>>>>> >>>
>>>>>>>. > >>>> >>>>>>>>>
>>>>> >>>>>> >>>> >>>>>>>
>>>>>>>>> >>>>>>>>> >>>>,
>>> >> >>>> >>>>>>>>> >>
>>>>>>>>>>>> >>>>>>>>>>
>>>>> >>>>> >>>>> >>>>>
>>>>>> >> >>>>>
>>>>'>>>>>> (>>>>>>>> >
>>>>>> >>>> >> >>>>>
>>>>>> >>>> >>>>>>>>
>>>>>>>, > >>>>>
>>>>>>>>>>> >>>>>>>
>>>>>). >>>> >> >>>>>>>>>>
> >>>>>>>> >>>>>>>>>,
>>>>>>>>>>>> >>> >>>
>>>>>>> >> >>>>>>>>>>>>
>>>>> >>>>>>>>> POSIX > Active Directory
(>>>>>>>> >>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>>) >>>
>>>>>>>>>>> >>>>>>> >>>>>
> >>>>> >>>>>>>>>>>> >>>>,
>> >>>>>>>>> >>> >>>>>
>>>>>> >>>>>>>> >>>>.
>>>>>>>>>> >>> >> >
>>>>>>> <<>>>>>>>>>>>>>>.
>>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>>> (> >>>>>>>
"[domain/>>>>>_>>>>>>]"):
ldap_id_mapping = True
ldap_schema = ad
>> >>>>>>> >>>>>>>>>>>
>>>> >>>>>>>> 10000 >>>>>>,
>>>>> > >>>> >>>> >>>>>>>
>> 200000 >>>>>>>>>>>>>>>,
>>>>>>>>> > 2000000 > >> >> 2000200000.
>>>>> >>> >>>>>>>>> >>>
>>>>>>>>> >>>>>>>>>>>
>>>>>>>>>.
>>>>>>>>> >>>>>>>>>>>>
ldap_idmap_range_min (>>>> >>>>>)
>>>>>>>> >>>>>
(>>>>>>>) >>>>
>>>>>>>>>
>>>>>>>>>>>>>>> POSIX, >>>
>>>> >>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>>>>>>>>>>>> SID
>>>>>>>>>>>> > >>>> Active
Directory. >> >>>>>>
>>>>>>>>>>>>> POSIX, >>>>
>>>>> >>>>>>>>>>>> >>>
>>>>'>>>>.
>>>>>>>>>>: >>>
>>>>>>>>
>>>>>>>>>>>>> >>> "min_id"
>>>, >> "min_id" >>>>>> >>
>>>>>> >>>>>>>>>> >>
>>>>>> >>>> >>>>>
>>>>>>, > >>> >>>>>>>>
>>>>> >>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>>>>. >>
>>>>>>>>>>> >
>>>>>>>>>>>, >>>
>>>>>>> >>>>>
>>>>>>>>> "min_id" >>>>>>
>>> >>>>>> "ldap_idmap_range_min"
>>>>>> >>>>>>>>: 200000
ldap_idmap_range_max (>>>> >>>>>)
>>>>>>>> >>>>>>
(>>>>>>>>) >>>>
>>>>>>>>>
>>>>>>>>>>>>>>> POSIX, >>>
>>>> >>>>>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>>>>>>>>>>>> SID
>>>>>>>>>>>> > >>>> Active
Directory. >> >>>>>>
>>>>>>>>>>>>> POSIX, >>>>
>> >>>>> >>>>>>>>>>>>
>>> >>>>'>>>>, >>>>>
>>>>>>>>>>>>>, >>>> >>
>>>>>>> >>>>>>> >>
>>>>>>>>, >>>> >>>>>
>>>>>>>>>>>> >>>
>>>>'>>>>.
>>>>>>>>>>: >>>
>>>>>>>>
>>>>>>>>>>>>> >>> "max_id"
>>>, >> "max_id" >>>>>> >>
>>>>>> >>>>>>>>>> >>
>>>>>> >>>> >>>>>
>>>>>>, > >>> >>>>>>>>
>>>>> >>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>>>>. >>
>>>>>>>>>>> >
>>>>>>>>>>>, >>>
>>>>>>> >>>>>
>>>>>>>>> "max_id" >>>>>>>
>>> >>>>>> "ldap_idmap_range_max"
>>>>>> >>>>>>>>: 2000200000
ldap_idmap_range_size (>>>> >>>>>)
>>>>>>>> >>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>> >> >>>>>>> >>
>>>>>>. >>>> >>>>>>
>>>>>>>>> >> >>>>>>>>
>>>>>> >> >>>>>>>>>> >
>>>>>>>>>>> >>>>>>>>,
>>>> >>>>>>>> >>>>>>>
>>>>>> >>>>>> >>>>>>.
>>>>>>>>>>: >>>>>>>>
>>>>> >>>>>>>>> >>>
>>>> >> >>>>>> >>
>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> >>
>>>>>>>>>>>> RID >>
>>>>>>> Active Directory. >>>>>
>>>>> >> >>>> >>>
>>>>->>>> >>>>>>>>>>>>
> RID, >> >>>>>>>>> >>
>>>>>>>>, >>>>
>>>>>>>>>>.
>>>>>>>: >>>>
>>>>>>>>>>> >>>>>>>
>>>>>>>>>>>> Active Directory >
>>>>>>>>>> >
objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107,
<> >>>>>>> >>>>
>>>>>>>>, >>> > >>
>>>>>> >> 1108, >>>>>>>>
>>>>>> >>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>> SID >>>>>
>>>>>>>>>>> SID >>>> 1.
(>>>>>>>>>, 1108 = 1107 - 0 + 1).
>>> >>>>>>>>>>>
>>>>>>>>> >>>>>>>>>>
>>>>>>> >>> >>>>>>>>>>
>>>>>>>, >>>>>>>> >>>>>
>>>>> >>>>>>>>
>>>>>>>> >> >>>>> >>>>
>>>>'>>>>
>>>>>>>>>>>>>>> >
>>>>>>>, >>>> >>>>>
>>>>>>>>>> >>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>.
>>>>>> >>>>>>>>: 200000
ldap_idmap_default_domain_sid (>>>>>)
>>>>>>>> SID >>>>>>>>
>>>>>>. >> >>>>>>>>>
>>>>> >>>>>>>>> >>>>>
>>>>>>>>>>> >>, >> >>>
>>>>> >>>> >>>>>>
>>>>>>>>>> >>
>>>>>>>>> >>>>> > >>>>>
>>>>>>>>>>>>>>> >>>
>>>>>>>>>>>>
>>>>>>>>> murmurhash
>>>>>>>>> >>>>.
>>>>>> >>>>>>>>: not set
ldap_idmap_default_domain (>>>>>)
>>>>>>> >>>>> >>>>>>>>
>>>>>>.
>>>>>> >>>>>>>>: not set
ldap_idmap_autorid_compat (>>>>>>
>>>>>>>>)
>>>>>> >>>>>>>>>
>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>> >>>,
>>> >>>>>>>>>>
>>>>>>>>>>> >>
>>>>>>>>>> >>>>>>>> >>
>>>>>>>>> "idmap_autorid" winbind.
When this option is configured, domains will be allocated
starting with slice zero and increasing monotonically with each
additional domain.
>>>>>>>>>>: >>>
>>>>>>>> >
>>>>>>>>>>>>>>>>>>
(>>>>>>>> >>> >>>>>>>
>>>>>>> >>>>>>>>>>>>
>> >>>>). >>>> > >>>>>
>>>>>>>>>> > >>>>>>>>,
> >>>> >>>>>>>> winbind, >>>>
>>>>>>>>>>> >>>
>>>>>>>>, >>>>> >>>>>
>>>>>>>>>>>>
>>>>>>>>>> "ldap_idmap_default_domain_sid"
> >>>>> >>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>> >>>>>>>>>
>>>>>> >>>>>> >>
>>>>>>>>> >>>>>.
>>>>>> >>>>>>>>: False
ldap_idmap_helper_table_size (>>>> >>>>>)
>>>>>>>>>>> >>>>>>>>>
>>>>>>>>> >>>>>>, >>>
>>>>> >>>>>>>>>>>>>>>
>>> >>> >>>>>>>>>
>>>>'>>>>
>>>>>>>>>>>>>> UNIX >> SID.
>>>>>>>>>>: >>> >>>
>>>>'>>>>>>>> SID >>
>>>>>>>>>>>>>> UNIX >>>>
>>>> >>>>>>>>
>>>>>>>>> >>>>>>>>
>>>>>, >>>> >>>>>>> RID SID
>>>>>>>>>>> >>>>
>>>>>> >>>>>>>>> >>>
>>>>>>>>> >>>>>>>>>
>>>>>>. >>>> >>>>>>>>>
ldap_idmap_helper_table_size >>>> 0,
>>>>>>>>> >>>>>>>>
>>>>> >>
>>>>>>>>>>>>>>>>.
>>>>>> >>>>>>>>: 10
>>>>> >>>>>> SID
> SSSD >>>>>>>>>>> >>>>>>>>>
>>>>>> >>>> >> >>>>>
>>>>>>>> (Well-Known) SID, >>>>> SID >>
>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>. >>>>>>>>
>>>>>> >>>>>>>>>>> >
>>>>>, >>>'>>>>> >> >>>>
>>>>> >>>>>>>> SID >> >>>>>
>>>>>>>>>>>> > >>>>>>>>>>
Linux/UNIX, >>>>>>>>>>>>>>> POSIX
>>> >>> >>'>>>>> >>>>>.
>>>>>>> >>>> SID
>>>>>>>>>>>> >>>>>>>>
>>>>>>>>>>>>, >>>
>>>>>>>>>> >> >>>> >>>>>>.
>>>>>>>> >>>>>>>>>>>> >>>
>>>>> >>>>>>> (Well-Known) SID >
o >>>>>>>> >>>>>>
>>>>>>>>>>>> (Null Authority)
o >>>>>>>> >>>>>>
>>>>>>>>>>>> (World Authority)
o >>>>>>>> >>>>>>
>>>>>>>>>>>> (Local Authority)
o >>>>>>>>> >>>>>>
>>>>>>>>>>>> (Creator Authority)
o >>>>'>>>>>> >>>>>>
>>>>>>>>>>>> >>>>>
o >>>>>> >>>>>>>>>>>>>
o >>>>>> >>>>>>>>>>>> NT (NT
Authority)
o >>>>>>>>> (Built-in)
>>>>>>>> >>>>>>>>
>>>>>>>>> >>>>>>>> >>
>>>>> >>>> >>>>>>>>>>> >>
>>>>> >>>>>>> >>>
>>>>>>>>>> >>>>>> >>>>
>>>>> >>>>>>> (Well-Known) SID.
>>>>>>>> >>>>> > >>>>>>>
>>>>>>> >>>>> >>>>>>>>>
>>>> >>>> >>>>>>>>>
>>>>>>>> >> >>>>>> SID >>
>>>>>>>>> >>>>>, > >>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>, > SSSD
>>>>>>>>>>> >>>>>>>>>
>>>>>> SID >> >>>>>>. >>>
>>>>>>>> >>>>>>>>>>, >>>
>>>>>> >>>>> >>>>>>> (Well-Known)
SID >>>>>>>>>>> >>>> >>>>>
>>>>>. >>>>, >> >>>>>
>>>>>>>>>>>>>>> >> >>>>>
>>>>>>> > sssd.conf >>>> >>>>>:
<>, <>, <>, <>, <>, <>, <> >> <>.
>>>>>>>
> >>>>>>>>>> >>>>>
>>>>>>>> >>>>>>>>>>>>>,
>> SSSD >>>>>>>>>>> >>>>>>>>
>>>>>, > LDAP >>>>>>>>>>> >>
>>>> > >>>>>>> > >>>>>>>
[domains].
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://ldap.mydomain.org
ldap_search_base = dc=mydomain,dc=org
ldap_tls_reqcert = demand
cache_credentials = true
>>>>>>> >>>>>>> >>>>>>> LDAP
> >>>>>>>>>> >>>>>
>>>>>>>> >>>>>>>>>>>>>,
>> SSSD >>>>>>>>>>> >>>>>>>>
>>>>> > >>>>>>>>>>>
ldap_access_order=lockout.
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
access_provider = ldap
ldap_access_order = lockout
ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org
ldap_uri = ldap://ldap.mydomain.org
ldap_search_base = dc=mydomain,dc=org
ldap_tls_reqcert = demand
cache_credentials = true
>>>>>>>>>>
>>>>> >>>>>> > >>>>>>>>>>
>>>>>>>>>>>> >> >>>
>>>>>>>> >>>>>>>>>>
>>>>>>>>> >> >>>>>
>>>>>>>> >>>>>>>>>> (man)
ldap.conf(5) > >>>>>>> OpenLDAP 2.4.
>>>>> >>>>>>>>>>>
sssd(8), sssd.conf(5), sssd-ldap(5), sssd-ldap-attributes(5), sssd-
krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-
sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8),
sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8),
sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5),
pam_sss(8). sss_rpcidmapd(5)
AUTHORS
>>>>>>> >>>>> >>>>>>>> SSSD --
https://pagure.io/SSSD/sssd/
SSSD 04/09/2024 SSSD-LDAP(5)