update static/schema information

[pve-docs.git] / pveum.1-synopsis.adoc

diff --git a/pveum.1-synopsis.adoc b/pveum.1-synopsis.adoc
index 086b9474139cb535f7cadeb19ba120e93dd01852..dad42b662d41e9779ead6beac89bb5f6c52697fd 100644 (file)
--- a/pveum.1-synopsis.adoc
+++ b/pveum.1-synopsis.adoc
@@ -200,11 +200,11 @@ Specifies the Authentication Context Class Reference values that theAuthorizatio
 
 Automatically create users if they do not exist.
 
-`--base_dn` `(?^:\w+=("[\w ,+/<>;=]+"|[^ ,+"/<>;=]+)(,\s*\w+=("[\w ,+/<>;=]+"|[^ ,+"/<>;=]+))*)` ::
+`--base_dn` `(?^:\w+=(?^:("[^"]+"|[^ ,+"/<>;=#][^,+"/<>;=]*[^ ,+"/<>;=]|[^ ,+"/<>;=#]))(,\s*\w+=(?^:("[^"]+"|[^ ,+"/<>;=#][^,+"/<>;=]*[^ ,+"/<>;=]|[^ ,+"/<>;=#])))*)` ::
 
 LDAP base domain name
 
-`--bind_dn` `(?^:\w+=("[\w ,+/<>;=]+"|[^ ,+"/<>;=]+)(,\s*\w+=("[\w ,+/<>;=]+"|[^ ,+"/<>;=]+))*)` ::
+`--bind_dn` `(?^:\w+=(?^:("[^"]+"|[^ ,+"/<>;=#][^,+"/<>;=]*[^ ,+"/<>;=]|[^ ,+"/<>;=#]))(,\s*\w+=(?^:("[^"]+"|[^ ,+"/<>;=#][^,+"/<>;=]*[^ ,+"/<>;=]|[^ ,+"/<>;=#])))*)` ::
 
 LDAP bind domain name
 
@@ -252,7 +252,7 @@ LDAP filter for user sync.
 
 The objectclasses for groups.
 
-`--group_dn` `(?^:\w+=("[\w ,+/<>;=]+"|[^ ,+"/<>;=]+)(,\s*\w+=("[\w ,+/<>;=]+"|[^ ,+"/<>;=]+))*)` ::
+`--group_dn` `(?^:\w+=(?^:("[^"]+"|[^ ,+"/<>;=#][^,+"/<>;=]*[^ ,+"/<>;=]|[^ ,+"/<>;=#]))(,\s*\w+=(?^:("[^"]+"|[^ ,+"/<>;=#][^,+"/<>;=]*[^ ,+"/<>;=]|[^ ,+"/<>;=#])))*)` ::
 
 LDAP base domain name for group sync. If not set, the base_dn will be used.
 
@@ -364,11 +364,11 @@ Specifies the Authentication Context Class Reference values that theAuthorizatio
 
 Automatically create users if they do not exist.
 
-`--base_dn` `(?^:\w+=("[\w ,+/<>;=]+"|[^ ,+"/<>;=]+)(,\s*\w+=("[\w ,+/<>;=]+"|[^ ,+"/<>;=]+))*)` ::
+`--base_dn` `(?^:\w+=(?^:("[^"]+"|[^ ,+"/<>;=#][^,+"/<>;=]*[^ ,+"/<>;=]|[^ ,+"/<>;=#]))(,\s*\w+=(?^:("[^"]+"|[^ ,+"/<>;=#][^,+"/<>;=]*[^ ,+"/<>;=]|[^ ,+"/<>;=#])))*)` ::
 
 LDAP base domain name
 
-`--bind_dn` `(?^:\w+=("[\w ,+/<>;=]+"|[^ ,+"/<>;=]+)(,\s*\w+=("[\w ,+/<>;=]+"|[^ ,+"/<>;=]+))*)` ::
+`--bind_dn` `(?^:\w+=(?^:("[^"]+"|[^ ,+"/<>;=#][^,+"/<>;=]*[^ ,+"/<>;=]|[^ ,+"/<>;=#]))(,\s*\w+=(?^:("[^"]+"|[^ ,+"/<>;=#][^,+"/<>;=]*[^ ,+"/<>;=]|[^ ,+"/<>;=#])))*)` ::
 
 LDAP bind domain name
 
@@ -424,7 +424,7 @@ LDAP filter for user sync.
 
 The objectclasses for groups.
 
-`--group_dn` `(?^:\w+=("[\w ,+/<>;=]+"|[^ ,+"/<>;=]+)(,\s*\w+=("[\w ,+/<>;=]+"|[^ ,+"/<>;=]+))*)` ::
+`--group_dn` `(?^:\w+=(?^:("[^"]+"|[^ ,+"/<>;=#][^,+"/<>;=]*[^ ,+"/<>;=]|[^ ,+"/<>;=#]))(,\s*\w+=(?^:("[^"]+"|[^ ,+"/<>;=#][^,+"/<>;=]*[^ ,+"/<>;=]|[^ ,+"/<>;=#])))*)` ::
 
 LDAP base domain name for group sync. If not set, the base_dn will be used.
 
@@ -596,9 +596,9 @@ Create or verify authentication ticket.
 
 User name
 
-`--new-format` `<boolean>` ('default =' `0`)::
+`--new-format` `<boolean>` ('default =' `1`)::
 
-With webauthn the format of half-authenticated tickts changed. New clients should pass 1 here and not worry about the old format. The old format is deprecated and will be retired with PVE-8.0
+This parameter is now ignored and assumed to be 1.
 
 `--otp` `<string>` ::
 
@@ -758,6 +758,22 @@ Full User ID, in the `name@realm` format.
 
 The TFA ID, if none provided, all TFA entries will be deleted.
 
+*pveum user tfa list* `[<userid>]`
+
+List TFA entries.
+
+`<userid>`: `<string>` ::
+
+Full User ID, in the `name@realm` format.
+
+*pveum user tfa unlock* `<userid>`
+
+Unlock a user's TFA authentication.
+
+`<userid>`: `<string>` ::
+
+Full User ID, in the `name@realm` format.
+
 *pveum user token add* `<userid> <tokenid>` `[OPTIONS]` `[FORMAT_OPTIONS]`
 
 Generate a new API token for a specific user. NOTE: returns API token