[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema
On (16/09/16 14:37), Lukas Slebodnik wrote:
>On (30/08/16 16:51), Justin Stephenson wrote:
>>
>>On 08/30/2016 09:56 AM, Justin Stephenson wrote:
>>>
>>> On 08/30/2016 04:24 AM, Lukas Slebodnik wrote:
>>> > On (30/08/16 10:14), Jakub Hrozek wrote:
>>> > > On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
>>> > > > On 08/10/2016 04:33 PM, Dan Lavu wrote:
>>> > > > > I asked Lukas this but he wasn't positive, is the objectClasses
>>> > > > > different when adding 'ldap_sudo_search_base' ? Or is it just
>>> > > > > location?
>>> > > > >
>>> > > > > Eitherway, I think this is going to be a little more concise,
>>> > > > >
>>> > > > > "When SSSD is configured and using the IPA provider, sudo is
>>> > > > > automatically enabled. The sudo search base is
>>> > > > > cn=sudo,ou=sudoers,$DC. If a different search base is defined in
>>> > > > > sssd.conf, it will use the value from the configuration file. (e.g.
>>> > > > > ou=sudoers,$DC generated by compat plugin)."
>>> > > >
>>> > > > Hello Dan/Pavel,
>>> > > >
>>> > > > I tried to combine some of your suggestions, Please see attached.
>>> > > >
>>> > > > I also thought that $SUFFIX makes the root suffix more clear than
>>> > > > $DC but
>>> > > > that is just my personal opinion.
>>> > > >
>>> > > > Kind regards,
>>> > > > Justin Stephenson
>>> > > >
>>> > > > > ___
>>> > > > > sssd-devel mailing list
>>> > > > > sssd-devel@lists.fedorahosted.org
>>> > > > > https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
>>> > > > >
>>> > > > >
>>> > >
>>> > > > From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001
>>> > > > From: Justin Stephenson
>>> > > > Date: Mon, 29 Aug 2016 11:20:00 -0400
>>> > > > Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP
>>> > > > tree support
>>> > > >
>>> > > > Update sssd-sudo man page to reflect native IPA sudo support
>>> > > >
>>> > > > Resolves:
>>> > > > https://fedorahosted.org/sssd/ticket/3145
>>> > > > ---
>>> > > > src/man/sssd-sudo.5.xml | 9 ++---
>>> > > > 1 file changed, 6 insertions(+), 3 deletions(-)
>>> > > >
>>> > > > diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
>>> > > > index
>>> > > > de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b
>>> > > > 100644
>>> > > > --- a/src/man/sssd-sudo.5.xml
>>> > > > +++ b/src/man/sssd-sudo.5.xml
>>> > > > @@ -109,9 +109,12 @@ ldap_sudo_search_base =
>>> > > > ou=sudoers,dc=example,dc=com
>>> > > >
>>> > > >
>>> > > >
>>> > > > -When the SSSD is configured to use IPA as the ID
>>> > > > provider,
>>> > > > -the sudo provider is automatically enabled. The sudo
>>> > > > search base
>>> > > > -is configured to use the compat tree (ou=sudoers,$DC).
>>> > > > +When SSSD is configured to use IPA as the ID provider,
>>> > > > the
>>> > > > +sudo provider is automatically enabled. The sudo search
>>> > > > base is
>>> > > > +configured to use the IPA native LDAP
>>> > > > tree(cn=sudo,ou=sudoers,$SUFFIX).
>>> >
>>> > ^^^
>>> > I thought it is either (ou=sudoers,$SUFFIX)
>>> > or (cn=sudo,$SUFFIX)
>>> >
>>> > > Hi, the manpage builds and the text reads good to me. I would just like
>>> > > to put a whitespace between "tree" and the opening "(". If you agree, I
>>> > > can fix this before pushing the patch, no need to re-send it..
>>>
>>> Yes, please go ahead.
>>>
>>> > >
>>> > IMHO, It deserves a new patch :-)
>>>
>>> Hi Lukas, I can resubmit the patch if you'd like.
>>
>>Updated patch attached with both changes made.
>>
>
>>From 76915bf609fdb2008c17f407f517de1a8602fc8b Mon Sep 17 00:00:00 2001
>>From: Justin Stephenson
>>Date: Mon, 29 Aug 2016 11:20:00 -0400
>>Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
>>
>>Update sssd-sudo man page to reflect native IPA sudo support
>>
>>Resolves:
>>https://fedorahosted.org/sssd/ticket/3145
>>---
>> src/man/sssd-sudo.5.xml | 9 ++---
>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>
>>diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
>>index
>>de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..9be77725d679946bd09b86771cc7379b6ac64627
>> 100644
>>--- a/src/man/sssd-sudo.5.xml
>>+++ b/src/man/sssd-sudo.5.xml
>>@@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
>>
>>
>>
>>-When the SSSD is configured to use IPA as the ID provider,
>>-the sudo provider is automatically enabled. The sudo search base
>>-is configured to use the compat tree (ou=sudoers,$DC).
>>+When SSSD is configured to use IPA as the ID provider, the
>>+sudo provider is automatically enabled. The sudo search base is
>>+configured to use the IPA native LDAP tree (cn=sudo,$SUFFIX).
>
[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema
On (30/08/16 16:51), Justin Stephenson wrote:
>
>On 08/30/2016 09:56 AM, Justin Stephenson wrote:
>>
>> On 08/30/2016 04:24 AM, Lukas Slebodnik wrote:
>> > On (30/08/16 10:14), Jakub Hrozek wrote:
>> > > On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
>> > > > On 08/10/2016 04:33 PM, Dan Lavu wrote:
>> > > > > I asked Lukas this but he wasn't positive, is the objectClasses
>> > > > > different when adding 'ldap_sudo_search_base' ? Or is it just
>> > > > > location?
>> > > > >
>> > > > > Eitherway, I think this is going to be a little more concise,
>> > > > >
>> > > > > "When SSSD is configured and using the IPA provider, sudo is
>> > > > > automatically enabled. The sudo search base is
>> > > > > cn=sudo,ou=sudoers,$DC. If a different search base is defined in
>> > > > > sssd.conf, it will use the value from the configuration file. (e.g.
>> > > > > ou=sudoers,$DC generated by compat plugin)."
>> > > >
>> > > > Hello Dan/Pavel,
>> > > >
>> > > > I tried to combine some of your suggestions, Please see attached.
>> > > >
>> > > > I also thought that $SUFFIX makes the root suffix more clear than
>> > > > $DC but
>> > > > that is just my personal opinion.
>> > > >
>> > > > Kind regards,
>> > > > Justin Stephenson
>> > > >
>> > > > > ___
>> > > > > sssd-devel mailing list
>> > > > > sssd-devel@lists.fedorahosted.org
>> > > > > https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
>> > > > >
>> > > > >
>> > >
>> > > > From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001
>> > > > From: Justin Stephenson
>> > > > Date: Mon, 29 Aug 2016 11:20:00 -0400
>> > > > Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP
>> > > > tree support
>> > > >
>> > > > Update sssd-sudo man page to reflect native IPA sudo support
>> > > >
>> > > > Resolves:
>> > > > https://fedorahosted.org/sssd/ticket/3145
>> > > > ---
>> > > > src/man/sssd-sudo.5.xml | 9 ++---
>> > > > 1 file changed, 6 insertions(+), 3 deletions(-)
>> > > >
>> > > > diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
>> > > > index
>> > > > de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b
>> > > > 100644
>> > > > --- a/src/man/sssd-sudo.5.xml
>> > > > +++ b/src/man/sssd-sudo.5.xml
>> > > > @@ -109,9 +109,12 @@ ldap_sudo_search_base =
>> > > > ou=sudoers,dc=example,dc=com
>> > > >
>> > > >
>> > > >
>> > > > -When the SSSD is configured to use IPA as the ID provider,
>> > > > -the sudo provider is automatically enabled. The sudo
>> > > > search base
>> > > > -is configured to use the compat tree (ou=sudoers,$DC).
>> > > > +When SSSD is configured to use IPA as the ID provider, the
>> > > > +sudo provider is automatically enabled. The sudo search
>> > > > base is
>> > > > +configured to use the IPA native LDAP
>> > > > tree(cn=sudo,ou=sudoers,$SUFFIX).
>> >
>> > ^^^
>> > I thought it is either (ou=sudoers,$SUFFIX)
>> > or (cn=sudo,$SUFFIX)
>> >
>> > > Hi, the manpage builds and the text reads good to me. I would just like
>> > > to put a whitespace between "tree" and the opening "(". If you agree, I
>> > > can fix this before pushing the patch, no need to re-send it..
>>
>> Yes, please go ahead.
>>
>> > >
>> > IMHO, It deserves a new patch :-)
>>
>> Hi Lukas, I can resubmit the patch if you'd like.
>
>Updated patch attached with both changes made.
>
>From 76915bf609fdb2008c17f407f517de1a8602fc8b Mon Sep 17 00:00:00 2001
>From: Justin Stephenson
>Date: Mon, 29 Aug 2016 11:20:00 -0400
>Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
>
>Update sssd-sudo man page to reflect native IPA sudo support
>
>Resolves:
>https://fedorahosted.org/sssd/ticket/3145
>---
> src/man/sssd-sudo.5.xml | 9 ++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
>diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
>index
>de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..9be77725d679946bd09b86771cc7379b6ac64627
> 100644
>--- a/src/man/sssd-sudo.5.xml
>+++ b/src/man/sssd-sudo.5.xml
>@@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
>
>
>
>-When the SSSD is configured to use IPA as the ID provider,
>-the sudo provider is automatically enabled. The sudo search base
>-is configured to use the compat tree (ou=sudoers,$DC).
>+When SSSD is configured to use IPA as the ID provider, the
>+sudo provider is automatically enabled. The sudo search base is
>+configured to use the IPA native LDAP tree (cn=sudo,$SUFFIX).
>+If any other search base is defined in sssd.conf, this value will
>be
>+used instead. The compat tree (ou=sudoers,$SUFFIX) is no longer
>+required f
[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema
On 08/30/2016 09:56 AM, Justin Stephenson wrote:
On 08/30/2016 04:24 AM, Lukas Slebodnik wrote:
On (30/08/16 10:14), Jakub Hrozek wrote:
On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
On 08/10/2016 04:33 PM, Dan Lavu wrote:
I asked Lukas this but he wasn't positive, is the objectClasses
different when adding 'ldap_sudo_search_base' ? Or is it just
location?
Eitherway, I think this is going to be a little more concise,
"When SSSD is configured and using the IPA provider, sudo is
automatically enabled. The sudo search base is
cn=sudo,ou=sudoers,$DC. If a different search base is defined in
sssd.conf, it will use the value from the configuration file. (e.g.
ou=sudoers,$DC generated by compat plugin)."
Hello Dan/Pavel,
I tried to combine some of your suggestions, Please see attached.
I also thought that $SUFFIX makes the root suffix more clear than
$DC but
that is just my personal opinion.
Kind regards,
Justin Stephenson
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001
From: Justin Stephenson
Date: Mon, 29 Aug 2016 11:20:00 -0400
Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP
tree support
Update sssd-sudo man page to reflect native IPA sudo support
Resolves:
https://fedorahosted.org/sssd/ticket/3145
---
src/man/sssd-sudo.5.xml | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
index
de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b
100644
--- a/src/man/sssd-sudo.5.xml
+++ b/src/man/sssd-sudo.5.xml
@@ -109,9 +109,12 @@ ldap_sudo_search_base =
ou=sudoers,dc=example,dc=com
-When the SSSD is configured to use IPA as the ID provider,
-the sudo provider is automatically enabled. The sudo
search base
-is configured to use the compat tree (ou=sudoers,$DC).
+When SSSD is configured to use IPA as the ID provider, the
+sudo provider is automatically enabled. The sudo search
base is
+configured to use the IPA native LDAP
tree(cn=sudo,ou=sudoers,$SUFFIX).
^^^
I thought it is either (ou=sudoers,$SUFFIX)
or (cn=sudo,$SUFFIX)
Hi, the manpage builds and the text reads good to me. I would just like
to put a whitespace between "tree" and the opening "(". If you agree, I
can fix this before pushing the patch, no need to re-send it..
Yes, please go ahead.
IMHO, It deserves a new patch :-)
Hi Lukas, I can resubmit the patch if you'd like.
Updated patch attached with both changes made.
Kind regards,
Justin Stephenson
LS
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
>From 76915bf609fdb2008c17f407f517de1a8602fc8b Mon Sep 17 00:00:00 2001
From: Justin Stephenson
Date: Mon, 29 Aug 2016 11:20:00 -0400
Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
Update sssd-sudo man page to reflect native IPA sudo support
Resolves:
https://fedorahosted.org/sssd/ticket/3145
---
src/man/sssd-sudo.5.xml | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..9be77725d679946bd09b86771cc7379b6ac64627 100644
--- a/src/man/sssd-sudo.5.xml
+++ b/src/man/sssd-sudo.5.xml
@@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
-When the SSSD is configured to use IPA as the ID provider,
-the sudo provider is automatically enabled. The sudo search base
-is configured to use the compat tree (ou=sudoers,$DC).
+When SSSD is configured to use IPA as the ID provider, the
+sudo provider is automatically enabled. The sudo search base is
+configured to use the IPA native LDAP tree (cn=sudo,$SUFFIX).
+If any other search base is defined in sssd.conf, this value will be
+used instead. The compat tree (ou=sudoers,$SUFFIX) is no longer
+required for IPA sudo functionality.
--
2.7.4
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema
On 08/30/2016 04:24 AM, Lukas Slebodnik wrote:
On (30/08/16 10:14), Jakub Hrozek wrote:
On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
On 08/10/2016 04:33 PM, Dan Lavu wrote:
I asked Lukas this but he wasn't positive, is the objectClasses different when
adding 'ldap_sudo_search_base' ? Or is it just location?
Eitherway, I think this is going to be a little more concise,
"When SSSD is configured and using the IPA provider, sudo is automatically enabled.
The sudo search base is cn=sudo,ou=sudoers,$DC. If a different search base is defined in
sssd.conf, it will use the value from the configuration file. (e.g. ou=sudoers,$DC
generated by compat plugin)."
Hello Dan/Pavel,
I tried to combine some of your suggestions, Please see attached.
I also thought that $SUFFIX makes the root suffix more clear than $DC but
that is just my personal opinion.
Kind regards,
Justin Stephenson
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001
From: Justin Stephenson
Date: Mon, 29 Aug 2016 11:20:00 -0400
Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
Update sssd-sudo man page to reflect native IPA sudo support
Resolves:
https://fedorahosted.org/sssd/ticket/3145
---
src/man/sssd-sudo.5.xml | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
index
de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b
100644
--- a/src/man/sssd-sudo.5.xml
+++ b/src/man/sssd-sudo.5.xml
@@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
-When the SSSD is configured to use IPA as the ID provider,
-the sudo provider is automatically enabled. The sudo search base
-is configured to use the compat tree (ou=sudoers,$DC).
+When SSSD is configured to use IPA as the ID provider, the
+sudo provider is automatically enabled. The sudo search base is
+configured to use the IPA native LDAP
tree(cn=sudo,ou=sudoers,$SUFFIX).
^^^
I thought it is either (ou=sudoers,$SUFFIX)
or (cn=sudo,$SUFFIX)
Hi, the manpage builds and the text reads good to me. I would just like
to put a whitespace between "tree" and the opening "(". If you agree, I
can fix this before pushing the patch, no need to re-send it..
Yes, please go ahead.
IMHO, It deserves a new patch :-)
Hi Lukas, I can resubmit the patch if you'd like.
LS
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema
On (30/08/16 10:14), Jakub Hrozek wrote:
>On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
>> On 08/10/2016 04:33 PM, Dan Lavu wrote:
>> > I asked Lukas this but he wasn't positive, is the objectClasses different
>> > when adding 'ldap_sudo_search_base' ? Or is it just location?
>> >
>> > Eitherway, I think this is going to be a little more concise,
>> >
>> > "When SSSD is configured and using the IPA provider, sudo is automatically
>> > enabled. The sudo search base is cn=sudo,ou=sudoers,$DC. If a different
>> > search base is defined in sssd.conf, it will use the value from the
>> > configuration file. (e.g. ou=sudoers,$DC generated by compat plugin)."
>>
>> Hello Dan/Pavel,
>>
>> I tried to combine some of your suggestions, Please see attached.
>>
>> I also thought that $SUFFIX makes the root suffix more clear than $DC but
>> that is just my personal opinion.
>>
>> Kind regards,
>> Justin Stephenson
>>
>> > ___
>> > sssd-devel mailing list
>> > sssd-devel@lists.fedorahosted.org
>> > https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
>> >
>
>> From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001
>> From: Justin Stephenson
>> Date: Mon, 29 Aug 2016 11:20:00 -0400
>> Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree
>> support
>>
>> Update sssd-sudo man page to reflect native IPA sudo support
>>
>> Resolves:
>> https://fedorahosted.org/sssd/ticket/3145
>> ---
>> src/man/sssd-sudo.5.xml | 9 ++---
>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>
>> diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
>> index
>> de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b
>> 100644
>> --- a/src/man/sssd-sudo.5.xml
>> +++ b/src/man/sssd-sudo.5.xml
>> @@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
>>
>>
>>
>> -When the SSSD is configured to use IPA as the ID provider,
>> -the sudo provider is automatically enabled. The sudo search base
>> -is configured to use the compat tree (ou=sudoers,$DC).
>> +When SSSD is configured to use IPA as the ID provider, the
>> +sudo provider is automatically enabled. The sudo search base is
>> +configured to use the IPA native LDAP
>> tree(cn=sudo,ou=sudoers,$SUFFIX).
^^^
I thought it is either (ou=sudoers,$SUFFIX)
or (cn=sudo,$SUFFIX)
>Hi, the manpage builds and the text reads good to me. I would just like
>to put a whitespace between "tree" and the opening "(". If you agree, I
>can fix this before pushing the patch, no need to re-send it..
>
IMHO, It deserves a new patch :-)
LS
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema
On 08/30/2016 10:14 AM, Jakub Hrozek wrote:
On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
On 08/10/2016 04:33 PM, Dan Lavu wrote:
I asked Lukas this but he wasn't positive, is the objectClasses different when
adding 'ldap_sudo_search_base' ? Or is it just location?
Eitherway, I think this is going to be a little more concise,
"When SSSD is configured and using the IPA provider, sudo is automatically enabled.
The sudo search base is cn=sudo,ou=sudoers,$DC. If a different search base is defined in
sssd.conf, it will use the value from the configuration file. (e.g. ou=sudoers,$DC
generated by compat plugin)."
Hello Dan/Pavel,
I tried to combine some of your suggestions, Please see attached.
I also thought that $SUFFIX makes the root suffix more clear than $DC but
that is just my personal opinion.
Kind regards,
Justin Stephenson
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001
From: Justin Stephenson
Date: Mon, 29 Aug 2016 11:20:00 -0400
Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
Update sssd-sudo man page to reflect native IPA sudo support
Resolves:
https://fedorahosted.org/sssd/ticket/3145
---
src/man/sssd-sudo.5.xml | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
index
de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b
100644
--- a/src/man/sssd-sudo.5.xml
+++ b/src/man/sssd-sudo.5.xml
@@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
-When the SSSD is configured to use IPA as the ID provider,
-the sudo provider is automatically enabled. The sudo search base
-is configured to use the compat tree (ou=sudoers,$DC).
+When SSSD is configured to use IPA as the ID provider, the
+sudo provider is automatically enabled. The sudo search base is
+configured to use the IPA native LDAP
tree(cn=sudo,ou=sudoers,$SUFFIX).
Hi, the manpage builds and the text reads good to me. I would just like
to put a whitespace between "tree" and the opening "(". If you agree, I
can fix this before pushing the patch, no need to re-send it..
+If any other search base is defined in sssd.conf, this value will
be
+used instead. The compat tree(ou=sudoers,$SUFFIX) is no longer
+required for IPA sudo functionality.
--
2.7.4
Ack. Thank you.
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema
On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
> On 08/10/2016 04:33 PM, Dan Lavu wrote:
> > I asked Lukas this but he wasn't positive, is the objectClasses different
> > when adding 'ldap_sudo_search_base' ? Or is it just location?
> >
> > Eitherway, I think this is going to be a little more concise,
> >
> > "When SSSD is configured and using the IPA provider, sudo is automatically
> > enabled. The sudo search base is cn=sudo,ou=sudoers,$DC. If a different
> > search base is defined in sssd.conf, it will use the value from the
> > configuration file. (e.g. ou=sudoers,$DC generated by compat plugin)."
>
> Hello Dan/Pavel,
>
> I tried to combine some of your suggestions, Please see attached.
>
> I also thought that $SUFFIX makes the root suffix more clear than $DC but
> that is just my personal opinion.
>
> Kind regards,
> Justin Stephenson
>
> > ___
> > sssd-devel mailing list
> > sssd-devel@lists.fedorahosted.org
> > https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
> >
> From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001
> From: Justin Stephenson
> Date: Mon, 29 Aug 2016 11:20:00 -0400
> Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
>
> Update sssd-sudo man page to reflect native IPA sudo support
>
> Resolves:
> https://fedorahosted.org/sssd/ticket/3145
> ---
> src/man/sssd-sudo.5.xml | 9 ++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
> index
> de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b
> 100644
> --- a/src/man/sssd-sudo.5.xml
> +++ b/src/man/sssd-sudo.5.xml
> @@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
>
>
>
> -When the SSSD is configured to use IPA as the ID provider,
> -the sudo provider is automatically enabled. The sudo search base
> -is configured to use the compat tree (ou=sudoers,$DC).
> +When SSSD is configured to use IPA as the ID provider, the
> +sudo provider is automatically enabled. The sudo search base is
> +configured to use the IPA native LDAP
> tree(cn=sudo,ou=sudoers,$SUFFIX).
Hi, the manpage builds and the text reads good to me. I would just like
to put a whitespace between "tree" and the opening "(". If you agree, I
can fix this before pushing the patch, no need to re-send it..
> +If any other search base is defined in sssd.conf, this value
> will be
> +used instead. The compat tree(ou=sudoers,$SUFFIX) is no longer
> +required for IPA sudo functionality.
>
>
>
> --
> 2.7.4
>
> ___
> sssd-devel mailing list
> sssd-devel@lists.fedorahosted.org
> https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema
On 08/10/2016 04:33 PM, Dan Lavu wrote: I asked Lukas this but he wasn't positive, is the objectClasses different when adding 'ldap_sudo_search_base' ? Or is it just location? Eitherway, I think this is going to be a little more concise, "When SSSD is configured and using the IPA provider, sudo is automatically enabled. The sudo search base is cn=sudo,ou=sudoers,$DC. If a different search base is defined in sssd.conf, it will use the value from the configuration file. (e.g. ou=sudoers,$DC generated by compat plugin)." Hello Dan/Pavel, I tried to combine some of your suggestions, Please see attached. I also thought that $SUFFIX makes the root suffix more clear than $DC but that is just my personal opinion. Kind regards, Justin Stephenson ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org >From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Mon, 29 Aug 2016 11:20:00 -0400 Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support Update sssd-sudo man page to reflect native IPA sudo support Resolves: https://fedorahosted.org/sssd/ticket/3145 --- src/man/sssd-sudo.5.xml | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com -When the SSSD is configured to use IPA as the ID provider, -the sudo provider is automatically enabled. The sudo search base -is configured to use the compat tree (ou=sudoers,$DC). +When SSSD is configured to use IPA as the ID provider, the +sudo provider is automatically enabled. The sudo search base is +configured to use the IPA native LDAP tree(cn=sudo,ou=sudoers,$SUFFIX). +If any other search base is defined in sssd.conf, this value will be +used instead. The compat tree(ou=sudoers,$SUFFIX) is no longer +required for IPA sudo functionality. -- 2.7.4 ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema
I asked Lukas this but he wasn't positive, is the objectClasses different when adding 'ldap_sudo_search_base' ? Or is it just location? Eitherway, I think this is going to be a little more concise, "When SSSD is configured and using the IPA provider, sudo is automatically enabled. The sudo search base is cn=sudo,ou=sudoers,$DC. If a different search base is defined in sssd.conf, it will use the value from the configuration file. (e.g. ou=sudoers,$DC generated by compat plugin)." ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema
On (13/06/16 10:08), Pavel Březina wrote: >On 06/03/2016 05:42 PM, Jakub Hrozek wrote: >> On Wed, Jun 01, 2016 at 11:58:45AM +0200, Pavel Březina wrote: >> > SSIA >> >> > From 2101e03fa59fec3f834b48256a287f456662d7c2 Mon Sep 17 00:00:00 2001 >> > From: =?UTF-8?q?Pavel=20B=C5=99ezina?= >> > Date: Wed, 1 Jun 2016 11:57:53 +0200 >> > Subject: [PATCH] sudo man page: say that we support IPA schema >> > >> > --- >> > src/man/sssd-sudo.5.xml | 5 - >> > 1 file changed, 4 insertions(+), 1 deletion(-) >> > >> > diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml >> > index >> > de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..39376897a26ba8de12536e27a75821529e920bf6 >> > 100644 >> > --- a/src/man/sssd-sudo.5.xml >> > +++ b/src/man/sssd-sudo.5.xml >> > @@ -111,7 +111,10 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com >> > >> > When the SSSD is configured to use IPA as the ID provider, >> > the sudo provider is automatically enabled. The sudo search >> > base >> > -is configured to use the compat tree (ou=sudoers,$DC). >> > +is configured to use IPA sudo schema at >> > cn=sudo,ou=sudoers,$DC. If >> > +any other search base is set manually SSSD will look for rules >> > +stored in LDAP sudo schema (e.g. ou=sudoers,$DC generated by >> >> You might want to ping an English speaker to be sure, but I would say >> stored using the LDAP sudo schema. I would also put the "..generated by" >> after the enclosing bracket. > >Hi Dan, can you tell us what's correct here please? Thanks! > Dan, bump :-) LS ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema
On 06/03/2016 05:42 PM, Jakub Hrozek wrote: On Wed, Jun 01, 2016 at 11:58:45AM +0200, Pavel Březina wrote: SSIA From 2101e03fa59fec3f834b48256a287f456662d7c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Wed, 1 Jun 2016 11:57:53 +0200 Subject: [PATCH] sudo man page: say that we support IPA schema --- src/man/sssd-sudo.5.xml | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..39376897a26ba8de12536e27a75821529e920bf6 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -111,7 +111,10 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com When the SSSD is configured to use IPA as the ID provider, the sudo provider is automatically enabled. The sudo search base -is configured to use the compat tree (ou=sudoers,$DC). +is configured to use IPA sudo schema at cn=sudo,ou=sudoers,$DC. If +any other search base is set manually SSSD will look for rules +stored in LDAP sudo schema (e.g. ou=sudoers,$DC generated by You might want to ping an English speaker to be sure, but I would say stored using the LDAP sudo schema. I would also put the "..generated by" after the enclosing bracket. Hi Dan, can you tell us what's correct here please? Thanks! +compat plugin). ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema
On Wed, Jun 01, 2016 at 11:58:45AM +0200, Pavel Březina wrote: > SSIA > From 2101e03fa59fec3f834b48256a287f456662d7c2 Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Pavel=20B=C5=99ezina?= > Date: Wed, 1 Jun 2016 11:57:53 +0200 > Subject: [PATCH] sudo man page: say that we support IPA schema > > --- > src/man/sssd-sudo.5.xml | 5 - > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml > index > de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..39376897a26ba8de12536e27a75821529e920bf6 > 100644 > --- a/src/man/sssd-sudo.5.xml > +++ b/src/man/sssd-sudo.5.xml > @@ -111,7 +111,10 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com > > When the SSSD is configured to use IPA as the ID provider, > the sudo provider is automatically enabled. The sudo search base > -is configured to use the compat tree (ou=sudoers,$DC). > +is configured to use IPA sudo schema at cn=sudo,ou=sudoers,$DC. > If > +any other search base is set manually SSSD will look for rules > +stored in LDAP sudo schema (e.g. ou=sudoers,$DC generated by You might want to ping an English speaker to be sure, but I would say stored using the LDAP sudo schema. I would also put the "..generated by" after the enclosing bracket. > +compat plugin). > > > > -- > 2.1.0 > > ___ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
