On Wed, Oct 16, 2013 at 06:31:32PM +0300, Alexander Bokovoy wrote:
> Hi!
> 
> Attached is first update to AD trusts documentation for FreeIPA user
> guide. I've fixed number of outdated statements and added some more
> material.
> 
> More patches will follow to cover functionality up to FreeIPA 3.3.2.

The new content looks good, I only found a few minor issues, see below.

bye,
Sumit

> 
> -- 
> / Alexander Bokovoy

...

> +                them to POSIX group and user identifiers.  The user is 
> granted
> +                access to the &IPA;-hosted services.  according to their 
> access

                                                      ^ ?
I think the dot should be removed.

> +                rules. Additionally, the &IPA; group information in the SSSD
> +                user cache is updated to include the mapped &IPA; groups for
> +                the &AD; user.

...

> +
> +            <para>
> +                Since in POSIX environment every running process should be
> +                running under some user and have some group membership to
> +                access files, it is important that every &IPA; user has

I think you mean "every user of &IPA; services", because "every &IPA;
user" has a POSIX ID by default.

> +                corresponding POSIX identifier and user belongs to some 
> groups
> +                which have POSIX identifiers. Each &AD; user, therefore, 
> should
> +                have membership in some POSIX group to be able to access 
> files
> +                and run processes in &IPA; domain.
> +            </para>
> +
> +
>                       <para>
> -                             When &AD; groups are added to &IPAA; group, 
> they can be idenfitied by
> +                             When &AD; objects are added to &IPAA; group, 
> they can be idenfitied by

"identified" (error was there before)

>                               their SID or by name, in the formats 
> <emphasis>DOMAIN\group_name</emphasis> or
> -                             <emphasis>group_name@domain</emphasis>. &IPA; 
> then resolves the group name to
> +                             <emphasis>group_name@domain</emphasis>. &IPA; 
> then resolves the object name to
>                               the SID and stores the SID as the group member 
> entry, to be compared to any
>                               offered user PAC.
> -                     </para>
> +            </para>
> +

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to