mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 08:00:02 -06:00
Consolidate man pages and IPA tools help
IPA tools options are not consistent with information in man pages. https://fedorahosted.org/freeipa/ticket/1163 https://fedorahosted.org/freeipa/ticket/1178
This commit is contained in:
parent
8d35089780
commit
9de10f3674
@ -25,24 +25,27 @@ ipa\-dns\-install [\fIOPTION\fR]...
|
||||
Adds DNS as an IPA\-managed service. This requires that the IPA server is already installed and configured.
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
\fB\-p\fR <fl>DM_PASSWORD\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR
|
||||
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR
|
||||
The password to be used by the Directory Server for the Directory Manager user
|
||||
.TP
|
||||
\fB\-d\fR, \fB\-\-debug\fR
|
||||
Enable debug logging when more verbose output is needed
|
||||
.TP
|
||||
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
|
||||
The IP address of the IPA server. If not provided then this is determined based on the hostname of the server.
|
||||
.TP
|
||||
\fB\-\-forwarders\fR=\fIFORWARDERS\fR
|
||||
A forwarder is a DNS server where queries for a specific non\-resolvable address can be directed. To define multiple forwarders use mutliple instances of \fB\-\-forwarders\fR
|
||||
\fB\-\-forwarder\fR=\fIFORWARDER\fR
|
||||
A forwarder is a DNS server where queries for a specific non\-resolvable address can be directed. To define multiple forwarders use multiple instances of \fB\-\-forwarder\fR
|
||||
.TP
|
||||
\fB\-\-noforwarders\fR
|
||||
\fB\-\-no\-forwarders\fR
|
||||
Do not add any DNS forwarders, send non\-resolvable addresses to the DNS root servers.
|
||||
.TP
|
||||
\fB\-\-no\-reverse\fR
|
||||
Do not create reverse DNS zone
|
||||
.TP
|
||||
\fB\-\-zonemgr\fR
|
||||
The e\-mail address of the DNS zone manager. Defaults too root@host.domain
|
||||
.TP
|
||||
\fB\-d\fR, \fB\-\-debug\fR
|
||||
Enable debug logging when more verbose output is needed
|
||||
.TP
|
||||
\fB\-U\fR, \fB\-\-unattended\fR
|
||||
An unattended installation that will never prompt for user input
|
||||
.SH "EXIT STATUS"
|
||||
|
@ -27,12 +27,12 @@ Configures a new IPA server that is a replica of the server that generated it. O
|
||||
The replica_file is created using the ipa\-replica\-prepare utility.
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
\fB\-N\fR, \fB\-\-no\-ntp\fR
|
||||
Do not configure NTP
|
||||
.TP
|
||||
\fB\-d\fR, \fB\-\-debug
|
||||
Enable debug logging when more verbose output is needed
|
||||
.TP
|
||||
\fB\-n\fR, \fB\-\-no\-ntp\fR
|
||||
Do not configure NTP
|
||||
.TP
|
||||
\fB\-p\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
|
||||
Directory Manager (existing master) password
|
||||
.TP
|
||||
@ -49,8 +49,17 @@ the \fB\-\-no\-forwarders\fR option is specified.
|
||||
\fB\-\-no\-forwarders\fR
|
||||
Do not add any DNS forwarders. Root DNS servers will be used instead.
|
||||
.TP
|
||||
\fB\-\-no\-reverse\fR
|
||||
Do not create reverse DNS zone
|
||||
.TP
|
||||
\fB\-\-no\-host\-dns\fR
|
||||
Do not use DNS for hostname lookup during installation
|
||||
.TP
|
||||
\fB\-\-no\-pkinit\fR
|
||||
Disables pkinit setup steps
|
||||
.TP
|
||||
\fB\-U\fR, \fB\-\-unattended\fR
|
||||
An unattended installation that will never prompt for user input
|
||||
.SH "EXIT STATUS"
|
||||
0 if the command was successful
|
||||
|
||||
|
@ -43,19 +43,19 @@ Manages the replication agreements of an IPA server.
|
||||
\- Immediately flush any data to be replicated from a server specified with the --from option
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
\fB\-H HOST\fR, \fB\-\-host\fR=\fIHOST\fR
|
||||
\fB\-H\fR \fIHOST\fR, \fB\-\-host\fR=\fIHOST\fR
|
||||
The IPA server to manage.
|
||||
The default is the machine on which the command is run
|
||||
Not honoured by the re-initialize command.
|
||||
.TP
|
||||
\fB\-p DM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
|
||||
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
|
||||
The Directory Manager password to use for authentication
|
||||
.TP
|
||||
\fB\-v\fR, \fB\-\-verbose\fR
|
||||
Provide additional information
|
||||
.TP
|
||||
\fB\-\-winsync\fR
|
||||
Specifies to create/use a Windows Sync Agreement
|
||||
\fB\-f\fR, \fB\-\-force\fR
|
||||
Ignore some types of errors
|
||||
.TP
|
||||
\fB\-\-binddn\fR=\fIADMIN_DN\fR
|
||||
Bind DN to use with remote server (default is cn=Directory Manager) \- Be careful to quote this value on the command line
|
||||
@ -63,6 +63,9 @@ Bind DN to use with remote server (default is cn=Directory Manager) \- Be carefu
|
||||
\fB\-\-bindpw\fR=\fIADMIN_PWD\fR
|
||||
Password for Bind DN to use with remote server (default is the DM_PASSWORD above)
|
||||
.TP
|
||||
\fB\-\-winsync\fR
|
||||
Specifies to create/use a Windows Sync Agreement
|
||||
.TP
|
||||
\fB\-\-cacert\fR=\fI/path/to/cacertfile\fR
|
||||
Full path and filename of CA certificate to use with TLS/SSL to the remote server \- this CA certificate will be installed in the directory server's certificate database
|
||||
.TP
|
||||
|
@ -45,8 +45,20 @@ The password of the Directory Server PKCS#12 file
|
||||
\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
|
||||
The password of the Apache Server PKCS#12 file
|
||||
.TP
|
||||
\fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR
|
||||
The password of the Apache Server PKCS#12 file
|
||||
.TP
|
||||
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
|
||||
Directory Manager (existing master) password
|
||||
.TP
|
||||
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
|
||||
IP address of the replica server. If you provide this option, the A and PTR records will be added to the DNS.
|
||||
.TP
|
||||
\fB\-\-ca\fR=\fICA_FILE\fR
|
||||
Location of CA PKCS#12 file, default /root/cacert.p12
|
||||
.TP
|
||||
\fB\-\-no\-pkinit\fR
|
||||
Disables pkinit setup steps
|
||||
.SH "EXIT STATUS"
|
||||
0 if the command was successful
|
||||
|
||||
|
@ -25,22 +25,19 @@ ipa\-server\-install [\fIOPTION\fR]...
|
||||
Configures the services needed by an IPA server. This includes setting up a Kerberos Key Distribution Center (KDC) with an LDAP back\-end, configuring Apache, configuring NTP and starting the ipa_kpasswd service provided by IPA. By default a dogtag\-based CA will be configured to issue server certificates.
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
\fB\-u\fR, \fB\-\-user\fR=\fIDS_USER\fR
|
||||
The user that the Directory Server will run as
|
||||
.TP
|
||||
\fB\-r\fR, \fB\-\-realm\fR=\fIREALM_NAME\fR
|
||||
\fB\-r\fR \fIREALM_NAME\fR, \fB\-\-realm\fR=\fIREALM_NAME\fR
|
||||
The Kerberos realm name for the IPA server
|
||||
.TP
|
||||
\fB\-n\fR, \fB\-\-domain\fR=\fIDOMAIN_NAME\fR
|
||||
\fB\-n\fR \fIDOMAIN_NAME\fR, \fB\-\-domain\fR=\fIDOMAIN_NAME\fR
|
||||
Your DNS domain name
|
||||
.TP
|
||||
\fB\-p\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR
|
||||
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR
|
||||
The password to be used by the Directory Server for the Directory Manager user
|
||||
.TP
|
||||
\fB\-P\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR
|
||||
\fB\-P\fR \fIMASTER_PASSWORD\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR
|
||||
The kerberos master password (normally autogenerated)
|
||||
.TP
|
||||
\fB\-a\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR
|
||||
\fB\-a\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR
|
||||
The password for the IPA admin user
|
||||
.TP
|
||||
\fB\-d\fR, \fB\-\-debug\fR
|
||||
@ -49,15 +46,21 @@ Enable debug logging when more verbose output is needed
|
||||
\fB\-\-selfsign\fR
|
||||
Configure a self\-signed CA instance for issuing server certificates instead of using dogtag for certificates
|
||||
.TP
|
||||
\fB\-\-external\-ca\fR
|
||||
Generate a CSR to be signed by an external CA
|
||||
.TP
|
||||
\fB\-\-external_cert_file\fR=\fIFILE\fR
|
||||
File containing PKCS#10 certificate
|
||||
.TP
|
||||
\fB\-\-external_ca_file\fR=\fIFILE\fR
|
||||
File containing PKCS#10 of the external CA chain
|
||||
.TP
|
||||
\fB\-\-hostname\fR=\fIHOST_NAME\fR
|
||||
The fully\-qualified DNS name of this server
|
||||
.TP
|
||||
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
|
||||
The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail.
|
||||
.TP
|
||||
\fB\-U\fR, \fB\-\-unattended\fR
|
||||
An unattended installation that will never prompt for user input
|
||||
.TP
|
||||
\fB\-\-setup\-dns\fR
|
||||
Generate a DNS zone if it does not exist already and configure the DNS server.
|
||||
This option requires that you either specify at least one DNS forwarder through
|
||||
@ -76,17 +79,23 @@ the \fB\-\-no\-forwarders\fR option is specified.
|
||||
\fB\-\-no\-forwarders\fR
|
||||
Do not add any DNS forwarders. Root DNS servers will be used instead.
|
||||
.TP
|
||||
\fB\-\-no\-reverse\fR
|
||||
Do not create reverse DNS zone
|
||||
.TP
|
||||
\fB\-\-zonemgr\fR
|
||||
The e\-mail address of the DNS zone manager. Defaults to root@host.domain
|
||||
.TP
|
||||
\fB\-\-no\-host\-dns\fR
|
||||
Do not use DNS for hostname lookup during installation
|
||||
\fB\-U\fR, \fB\-\-unattended\fR
|
||||
An unattended installation that will never prompt for user input
|
||||
.TP
|
||||
\fB\-\-uninstall\fR
|
||||
Uninstall an existing IPA installation
|
||||
.TP
|
||||
\fB\-N\fR, \fB\-\-no\-ntp\fR
|
||||
Do not configure NTP
|
||||
.TP
|
||||
\fB\-\-uninstall\fR
|
||||
Uninstall an existing IPA installation
|
||||
\fB\-\-no\-pkinit\fR
|
||||
Disables pkinit setup steps
|
||||
.TP
|
||||
\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR
|
||||
PKCS#12 file containing the Directory Server SSL Certificate
|
||||
@ -94,12 +103,21 @@ PKCS#12 file containing the Directory Server SSL Certificate
|
||||
\fB\-\-http_pkcs12\fR=\fIFILE\fR
|
||||
PKCS#12 file containing the Apache Server SSL Certificate
|
||||
.TP
|
||||
\fB\-\-pkinit_pkcs12\fR=\fIFILE\fR
|
||||
PKCS#12 file containing the Kerberos KDC SSL certificate
|
||||
.TP
|
||||
\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR
|
||||
The password of the Directory Server PKCS#12 file
|
||||
.TP
|
||||
\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
|
||||
The password of the Apache Server PKCS#12 file
|
||||
.TP
|
||||
\fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR
|
||||
The password of the Kerberos KDC PKCS#12 file
|
||||
.TP
|
||||
\fB\-\-no\-host\-dns\fR
|
||||
Do not use DNS for hostname lookup during installation
|
||||
.TP
|
||||
\fB\-\-idstart\fR=\fIIDSTART\fR
|
||||
The starting user and group id number (default random)
|
||||
.TP
|
||||
|
@ -40,9 +40,6 @@ Set the IPA server to connect to
|
||||
\fB\-\-realm\fR=\fIREALM_NAME\fR
|
||||
Set the IPA realm name to REALM_NAME
|
||||
.TP
|
||||
\fB\-\-hostname\fR
|
||||
The hostname of this server (FQDN). By default of nodename from uname(2) is used.
|
||||
.TP
|
||||
\fB\-f\fR, \fB\-\-force\fR
|
||||
Force the settings even if errors occur
|
||||
.TP
|
||||
@ -52,15 +49,15 @@ Print debugging information to stdout
|
||||
\fB\-U\fR, \fB\-\-unattended\fR
|
||||
Unattended installation. The user will not be prompted.
|
||||
.TP
|
||||
\fB\-N\fR, \fB\-\-no\-ntp\fR
|
||||
Do not configure or enable NTP.
|
||||
.TP
|
||||
\fB\-\-ntp\-server\fR=\fINTP_SERVER\fR
|
||||
Configure ntpd to use this NTP server.
|
||||
.TP
|
||||
\fB\-S\fR, \fB\-\-no\-sssd\fR
|
||||
Do not configure the client to use SSSD for authentication, use nss_ldap instead.
|
||||
.TP
|
||||
\fB\-N\fR, \fB\-\-no\-ntp\fR
|
||||
Do not configure or enable NTP.
|
||||
.TP
|
||||
\fB\-w\fR \fIPASSWORD\fR, \fB\-\-password\fR=\fIPASSWORD\fR
|
||||
Password for joining a machine to the IPA realm. Assumes bulk password unless principal is also set.
|
||||
.TP
|
||||
@ -74,11 +71,14 @@ Authorized kerberos principal to use to join the IPA realm.
|
||||
Configure SSSD to permit all access. Otherwise the machine will be controlled by the Host\-based Access Controls (HBAC) on the IPA server.
|
||||
.TP
|
||||
\fB\-\-mkhomedir\fR
|
||||
Configure pam to create a users home directory if it does not exist.
|
||||
Configure PAM to create a users home directory if it does not exist.
|
||||
.TP
|
||||
\fB\-\-uninstall\fR
|
||||
Remove the IPA client software and restore the configuration to the pre\-IPA state.
|
||||
.TP
|
||||
\fB\-\-hostname\fR
|
||||
The hostname of this server (FQDN). By default of nodename from uname(2) is used.
|
||||
.TP
|
||||
\fB\-\-enable\-dns\-updates\fR
|
||||
This option tells SSSD to automatically update DNS with the IP address of this client.
|
||||
.SH "EXIT STATUS"
|
||||
|
Loading…
Reference in New Issue
Block a user