From 46839452fe6f80f224633556b03d1abf5fa0952a Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 6 May 2015 18:15:15 -0400 Subject: [PATCH] ipsilon-server-install man page https://fedorahosted.org/ipsilon/ticket/34 Signed-off-by: Rob Crittenden Reviewed-by: Patrick Uiterwijk --- man/ipsilon-server-install.1 | 177 +++++++++++++++++++++++++++++++++++ 1 file changed, 177 insertions(+) create mode 100644 man/ipsilon-server-install.1 diff --git a/man/ipsilon-server-install.1 b/man/ipsilon-server-install.1 new file mode 100644 index 0000000..cf79b31 --- /dev/null +++ b/man/ipsilon-server-install.1 @@ -0,0 +1,177 @@ +.\" Copyright (C) 2015 Ipsilon Project Contributors +.\" +.TH "ipsilon-server-install" "1" "1.0.0" "Ipsilon" "Ipsilon Manual Pages" +.SH "NAME" +ipsilon\-server\-install \- Configure an Ipsilon Identity Provider instance +.SH "SYNOPSIS" +ipsilon\-server\-install [OPTION]... +.SH "DESCRIPTION" +Configure an Ipsilon instance to provide identity services using any of the supported and enabled protocols. + +Ipsilon uses a plugable framework so some options may not be available, depending on what plugins have been installed. + +Ipsilon supports three types of plugins: + +1. Authentication provider plugins \- implements an authentication protocol such as SAML 2, OpenID or Persona. At least one needs to be enabled. +.br +2. Login plugins \- mechanisms for authenticating including GSSAPI, LDAP, PAM, etc. At least one should be enabled. +.br +3. Info plugins \- sources where additional attributes of the user may be obtained. +.br + +There are also environment helper options which aid in configuring the Identity Provider for a particular environment, such as a FreeIPA domain. + +The installation details are logged to /var/log/ipsilon\-install.log. +.SH "DATABASES" +Ipsilon stores configuration and session information in database tables. By default, a set of sqlite databases are used. If a full RDBMS is desired then the \fB\-\-database\-url\fR and/or \fB*\-dburi\fR options can be used to provide the database URIs. This should probably be used in load\-balanced situations so all servers can use the same database. + +An example of a specific URI is +.br +\-\-users_dburi=postgresql://@dbserver.example.com:45432/users + +The templatized version would be +.br +\-\-database\-url=postgresql://@dbserver.example.com:45432/%(dbname)s +.SH "OPTIONS" +.SS BASIC OPTIONS +.TP +\fB\-h\fR, \fB\-\-help\fR +Show this help message and exit +.TP +\fB\-\-version\fR +Show program's version number and exit +.TP +\fB\-o\fR \fILM_ORDER\fR, \fB\-\-login\-managers\-order\fR \fILM_ORDER\fR +Comma separated list of login managers +.TP +\fB\-\-hostname\fR \fIHOSTNAME\fR +The hostname used by clients to reach this instance. This is used to determine the URLs provided in SAML metadata +.TP +\fB\-\-instance\fR \fIINSTANCE\fR +Ipsilon instance name +.TP +\fB\-\-system\-user\fR \fISYSTEM_USER\fI +User account used to run the server +.TP +\fB\-\-admin\-user\fR \fIADMIN_USER\fR +User account that is assigned Ipsilon admin privileges +.TP +\fB\-\-database\-url\fR \fIDATABASE_URL\fR +The (templatized) database URL to use +.TP +\fB\-\-secure\fR +Boolean to turn on all security checks +.TP +\fB\-\-server\-debugging\fR +Enable debugging +.TP +\fB\-\-uninstall\fR +Uninstall the server and all data +.TP +\fB\-\-yes\fR +Always answer yes +.TP +\fB\-\-admin\-dburi\fR \fIADMIN_DBURI\fR +Configuration database URI (override template) +.TP +\fB\-\-users\-dburi \fIUSERS_DBURI\fR +User configuration database URI (override template) +.TP +\fB\-\-transaction\-dburi\fR \fITRANSACTION_DBURI\fR +Transaction database URI (override template) +.SS AUTHENTICATION PROVIDER OPTIONS +.TP +\fB\-\-openid\fR +Configure OpenID Provider +.TP +\fB\-\-openid\-dburi\fR \fIOPENID_DBURI\fR +OpenID database URI (override template) +.TP +\fB\-\-persona\fR +Configure Persona Provider +.TP +\fB\-\-saml2\fR +Configure SAML2 Provider +.TP +\fB\-\-saml2\-metadata\-validity\fR \fISAML2_METADATA_VALIDITY\fR +Metadata validity period in days (default \- 1825) + +.SS LOGIN MANAGER OPTIONS +.TP +\fB\-\-form\fR +Configure External Form authentication +.TP +\fB\-\-form\-service\fR \fIFORM_SERVICE\fR +PAM service name to use for authentication +.TP +\fB\-\-fas\fR +Configure FAS (Fedora Authentication System) authentication +.TP +\fB\-\-ldap\fR +Configure LDAP authentication +.TP +\fB\-\-ldap\-server\-url\fR \fILDAP_SERVER_URL\fR +LDAP Server Url +.TP +\fB\-\-ldap\-bind\-dn\-template\fR \fILDAP_BIND_DN_TEMPLATE\fR +LDAP Bind DN Template +.TP +\fB\-\-ldap\-tls\-level\fR \fILDAP_TLS_LEVEL\fR +LDAP TLS level +.TP +\fB\-\-ldap\-base\-dn\fR \fILDAP_BASE_DN\fR +LDAP Base DN +.TP +\fB\-\-krb\fR +Configure Kerberos authentication +.TP +\fB\-\-krb\-httpd\-keytab\fR \fIKRB_HTTPD_KEYTAB\fR +Kerberos keytab location for HTTPD +.TP +\fB\-\-pam\fR +Configure PAM authentication +.TP +\fB\-\-pam\-service\fR \fIPAM_SERVICE\fR +PAM service name to use for authentication +.TP +\fB\-\-testauth\fR +Configure testing environment authentication + +.SS INFO PROVIDER OPTIONS +\fB\-\-info\-ldap\fR +Use LDAP to populate user attrs +.TP +\fB\-\-info\-ldap\-server\-url\fR \fIINFO_LDAP_SERVER_URL\fR +LDAP Server Url +.TP +\fB\-\-info\-ldap\-bind\-dn\fR \fIINFO_LDAP_BIND_DN\fR +LDAP Bind DN +.TP +\fB\-\-info\-ldap\-bind\-pwd\fR \fIINFO_LDAP_BIND_PWD\fR +LDAP Bind Password +.TP +\fB\-\-info\-ldap\-user\-dn\-template\fR \fIINFO_LDAP_USER_DN_TEMPLATE\fR +LDAP User DN Template +.TP +\fB\-\-info\-ldap\-base\-dn\fR \fIINFO_LDAP_BASE_DN\fR +LDAP Base DN +.TP +\fB\-\-info\-nss\fR +Use passwd data to populate user attrs +.TP +\fB\-\-info\-sssd\fR \fI +Use mod_lookup_identity and SSSD to populate user attrs. SSSD must be pre\-configured for at least one domain. +.TP +\fB\-\-info\-sssd\-domain\fR \fIINFO_SSSD_DOMAIN\fR +SSSD domain to enable mod_lookup_identity for (default is all) + +.SS ENVIRONMENT HELPER OPTIONS +\fB\-\-ipa\fR +Helper for IPA joined machines. This configures Ipsilon for Kerberos authentication. +.SH "EXIT STATUS" +0 if the installation was successful + +1 if an error occurred +.SH "SEE ALSO" +.BR ipsilon(7), +.BR ipsilon\-client\-install(1) -- 2.20.1