Enable LDAP for system authentication (also for local users only)
=================================================================

Selecting this profile will enable LDAP as the source of identity
and authentication providers.


LDAP CONFIGURATION
------------------

Authselect does not touch LDAP's configuration. Please, read openLDAP's
documentation to see how to configure it manually. Only local users
will be available on the system if there is no existing openLDAP configuration.

AVAILABLE OPTIONAL FEATURES
---------------------------

with-faillock::
    Enable account locking in case of too many consecutive
    authentication failures.
    
with-mkhomedir::
    Enable automatic creation of home directories for users on their
    first login.

with-fingerprint::
    Enable authentication with fingerprint reader through *pam_fprintd*.

with-pam-u2f::
    Enable authentication via u2f dongle through *pam_u2f*.

with-pam-u2f-2fa::
    Enable 2nd factor authentication via u2f dongle through *pam_u2f*.

with-silent-lastlog::
    Do not produce pam_lastlog message during login.

with-sudo::
    Allow sudo to use SSSD as a source for sudo rules in addition of /etc/sudoers.

with-pamaccess::
    Check access.conf during account authorization.

without-nullok::
    Do not add nullok parameter to pam_unix.

DISABLE SPECIFIC NSSWITCH DATABASES
-----------------------------------

Normally, nsswitch databases set by the profile overwrites values set in
user-nsswitch.conf. The following options can force authselect to
ignore value set by the profile and use the one set in user-nsswitch.conf
instead.

with-custom-passwd::
Ignore "passwd" database set by the profile.

with-custom-group::
Ignore "group" database set by the profile.

with-custom-netgroup::
Ignore "netgroup" database set by the profile.

with-custom-automount::
Ignore "automount" database set by the profile.

with-custom-services::
Ignore "services" database set by the profile.

with-custom-sudoers::
Ignore "sudoers" database set by the profile.

EXAMPLES
--------

* Enable LDAP with sudo support

  authselect select microway-ldap with-sudo

* Enable LDAP with sudo support and create home directories for users on their 
  first login

  authselect select microway-ldap with-mkhomedir with-sudo

