English Finnish
ldap_sasl_minssf = 56
ldap_account_expire_policy = ipa
LDAP Provider - User options
ldap_user_member_of = memberOf
ldap_user_uuid = ipaUniqueID
ldap_user_ssh_public_key = ipaSshPubKey
ldap_user_auth_type = ipaUserAuthType
LDAP Provider - Group options
ldap_group_object_class = ipaUserGroup
ldap_group_object_class_alt = posixGroup
ldap_group_member = member
ldap_group_uuid = ipaUniqueID
ldap_group_objectsid = ipaNTSecurityIdentifier
ldap_group_external_member = ipaExternalMember
krb5_auth_timeout (integer)
Timeout in seconds after an online authentication request or change password request is aborted. If possible, the authentication request is continued offline.
krb5_validate (boolean)
Verify with the help of krb5_keytab that the TGT obtained has not been spoofed. The keytab is checked for entries sequentially, and the first entry with a matching realm is used for validation. If no entry matches the realm, the last entry in the keytab is used. This process can be used to validate environments using cross-realm trust by placing the appropriate keytab entry as the last entry or the only entry in the keytab file.
krb5_renewable_lifetime (string)
Request a renewable ticket with a total lifetime, given as an integer immediately followed by a time unit: