pcie-passthrough: add short note about iommu passthrough mode

[pve-docs.git] / pveum.adoc

diff --git a/pveum.adoc b/pveum.adoc
index 99e1a45d8ad250ecdf2b79ad8a5b60c487f90efc..65d874a89d3272553d64dacde4e9b6ad49b0ae82 100644 (file)
--- a/pveum.adoc
+++ b/pveum.adoc
@@ -1,4 +1,7 @@
 [[chapter_user_management]]
+
+[[user_mgmt]]
+
 ifdef::manvolnum[]
 pveum(1)
 ========
@@ -296,6 +299,20 @@ Users and groups are synced to the cluster-wide configuration file,
 `/etc/pve/user.cfg`.
 
 
+Attributes to Properties
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+If the sync response includes user attributes, they will be synced into the
+matching user property in the `user.cfg`. For example: `firstname` or
+`lastname`.
+
+If the names of the attributes are not matching the {pve} properties, you can
+set a custom field-to-field map in the config by using the `sync_attributes`
+option.
+
+How such properties are handled if anything vanishes can be controlled via the
+sync options, see below.
+
 Sync Configuration
 ^^^^^^^^^^^^^^^^^^
 
@@ -334,7 +351,6 @@ NOTE: Filters allow you to create a set of additional match criteria, to narrow
 down the scope of a sync. Information on available LDAP filter types and their
 usage can be found at https://ldap.com/ldap-filters/[ldap.com].
 
-
 [[pveum_ldap_sync_options]]
 Sync Options
 ^^^^^^^^^^^^
@@ -366,10 +382,10 @@ The main options for syncing are:
     - `Entry` (`entry`): Removes entries (i.e. users and groups) when they are
       not returned in the sync response.
 
-    - `Properties` (`properties`): Removes properties of entries which were
-      not returned in the sync response. This includes custom properties
-      which were never set by the sync. Exceptions are tokens and the enable
-      flag. Those will be retained even with this option.
+    - `Properties` (`properties`): Removes properties of entries where the user
+      in the sync response did not contain those attributes. This includes
+      all properties, even those never set by a sync. Exceptions are tokens
+      and the enable flag, these will be retained even with this option enabled.
 
 * `Preview` (`dry-run`): No data is written to the config. This is useful if you
   want to see which users and groups would get synced to the `user.cfg`.
@@ -611,8 +627,7 @@ registrations unusable!
 This is done via `/etc/pve/datacenter.cfg`. For instance:
 
 ----
-webauthn:
-rp=mypve.example.com,origin=https://mypve.example.com:8006,id=mypve.example.com
+webauthn: rp=mypve.example.com,origin=https://mypve.example.com:8006,id=mypve.example.com
 ----
 
 [[pveum_configure_u2f]]
@@ -741,6 +756,7 @@ Node / System related privileges::
 * `Sys.Syslog`: view syslog
 * `Sys.Audit`: view node status/config, Corosync cluster config, and HA config
 * `Sys.Modify`: create/modify/remove node network parameters
+* `Sys.Incoming`: allow incoming data streams from other clusters (experimental)
 * `Group.Allocate`: create/modify/remove groups
 * `Pool.Allocate`: create/modify/remove a pool
 * `Pool.Audit`: view a pool
@@ -765,6 +781,7 @@ Virtual machine related privileges::
 * `VM.Config.Network`: add/modify/remove network devices
 * `VM.Config.HWType`: modify emulated hardware types
 * `VM.Config.Options`: modify any other VM configuration
+* `VM.Config.Cloudinit`: modify Cloud-init parameters
 * `VM.Snapshot`: create/delete VM snapshots
 
 Storage related privileges::