English Finnish
The AD provider will use this option for the CLDAP ping timeouts as well.
FIND BY VALID CERTIFICATE
The following options can be used to control how the certificates are validated when using the FindByValidCertificate() API:
For more details about the options see <citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>.
Specifies the lower (inclusive) bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. It is the first POSIX ID which can be used for the mapping.
Specifies the upper (exclusive) bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. It is the first POSIX ID which cannot be used for the mapping anymore, i.e. one larger than the last one which can be used for the mapping.
Size (in megabytes) of the data table allocated inside fast in-memory cache for SID related requests. Only SID-by-ID and ID-by-SID requests are currently cached in fast in-memory cache. Setting the size to 0 will disable the SID in-memory cache.
Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\]+)\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+$))|(^(?P&lt;name&gt;[^@\\]+)$))</quote> which allows three different styles for user names:
ldap_ignore_unreadable_references (bool)
Ignore unreadable LDAP entries referenced in group's member attribute. If this parameter is set to false an error will be returned and the operation will fail instead of just ignoring the unreadable entry.
This parameter may be useful when using the AD provider and the computer account that sssd uses to connect to AD does not have access to a particular entry or LDAP sub-tree for security reasons.
NOTE: a keytab or support for anonymous PKINIT is required to use FAST.
krb5_fast_use_anonymous_pkinit (boolean)
If set to true try to use anonymous PKINIT instead of a keytab to get the required credential for FAST. The krb5_fast_principal options is ignored in this case.
<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and statistical data, please note that due to the way requests are processed internally the logged execution time of a request might be longer than it actually was.
memcache_size_sid (integer) memcache_size_passwd (integeri)