Re: [SSSD] [PATCH] man: improve sssd-sudo manual page

Fri, 20 Sep 2013 02:46:34 -0700 

On 09/17/2013 03:39 PM, Jakub Hrozek wrote:

On Tue, Sep 17, 2013 at 02:00:11PM +0200, Pavel Březina wrote:

+            <emphasis>Note</emphasis>: in order to use netgroups or IPA
+            hostgroups in sudo rules, you also need to correctly set
+            <citerefentry>
+                <refentrytitle>nisdomainname</refentrytitle>
+                <manvolnum>1</manvolnum>
+            </citerefentry>
+            to your domain name.


Can we clarify if this domain name is IPA domain name or client's DNS
domain name?


Something like this?


I'd prefer to avoid using DNS domain name, since NIS domain doesn't have 
to necessarily correspond to DNS.



From 353c2633675e7f85835f2d3ef72f28f0e0b56e2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <[email protected]>
Date: Fri, 13 Sep 2013 15:48:10 +0200
Subject: [PATCH] man: improve sssd-sudo manual page

Resolves:
https://fedorahosted.org/sssd/ticket/2085
---
 src/man/sssd-sudo.5.xml | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
index 361fdb7b210df280cffce8c9147257bd0b3ecacb..de276ad2d7647da9b7d510bf00fdf8fb58aed1c7 100644
--- a/src/man/sssd-sudo.5.xml
+++ b/src/man/sssd-sudo.5.xml
@@ -66,11 +66,31 @@ sudoers: files sss
                 <manvolnum>5</manvolnum>
             </citerefentry>.
         </para>
+        <para>
+            <emphasis>Note</emphasis>: in order to use netgroups or IPA
+            hostgroups in sudo rules, you also need to correctly set
+            <citerefentry>
+                <refentrytitle>nisdomainname</refentrytitle>
+                <manvolnum>1</manvolnum>
+            </citerefentry>
+            to your NIS domain name (which equals to IPA domain name when
+            using hostgroups).
+        </para>
     </refsect1>
 
     <refsect1 id='sssd'>
         <title>Configuring SSSD to fetch sudo rules</title>
         <para>
+            All configuration that is needed on SSSD side is to extend the list
+            of <emphasis>services</emphasis> with "sudo" in [sssd] section of
+            <citerefentry>
+                <refentrytitle>sssd.conf</refentrytitle>
+                <manvolnum>5</manvolnum>
+            </citerefentry>. To speed up the LDAP lookups, you can also set
+            search base for sudo rules using
+            <emphasis>ldap_sudo_search_base</emphasis> option.
+        </para>
+        <para>
             The following example shows how to configure SSSD to download sudo
             rules from an LDAP server.
         </para>
@@ -89,8 +109,8 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
 </programlisting>
         </para>
         <para>
-            When the SSSD is configured to use the IPA provider, the sudo
-            provider is automatically enabled. The sudo search base
+            When the SSSD is configured to use IPA as the ID provider,
+            the sudo provider is automatically enabled. The sudo search base
             is configured to use the compat tree (ou=sudoers,$DC).
         </para>
     </refsect1>
-- 
1.7.11.7


_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel






















					Reply via email to