On Wed, Feb 26, 2014 at 04:15:30PM +0100, Jakub Hrozek wrote: > On Tue, Feb 25, 2014 at 08:53:45PM +0100, Jakub Hrozek wrote: > > On Tue, Feb 25, 2014 at 08:39:26PM +0100, Jakub Hrozek wrote: > > > On Tue, Feb 25, 2014 at 11:58:41AM -0500, Dmitri Pal wrote: > > > > On 02/25/2014 11:11 AM, Jakub Hrozek wrote: > > > > >Hi, > > > > > > > > > >the attached patch addresses #2252. I tried to make it clear that > > > > >removing the cache should only be done while online, but I'm open to > > > > >any > > > > >further suggestions. > > > > > > > > > > > > > > >_______________________________________________ > > > > >sssd-devel mailing list > > > > >sssd-devel@lists.fedorahosted.org > > > > >https://lists.fedorahosted.org/mailman/listinfo/sssd-devel > > > > > > > > + Please note that changing the ID mapping related configuration > > > > + options might cause --->the<---- user and group IDs to change. > > > > At the moment, > > > > + SSSD does not support changing IDs, so the SSSD database must > > > > be > > > > + removed. Because cached passwords are also stored in the > > > > database, > > > > + removing the database should only be performed while the SSSD > > > > + is online, otherwise users might get locked out. > > > > > > > > I do not think you need "the" in this case. > > > > > > Thank you, a new patch is attached. I'm constantly struggling with using > > > articles as Czech has no such concept :) > > > > Sorry, I attached the original patch again by accident. > > During an IRC discussion, Stephen suggested to use a bit stronger language > (will instead of might) and to stress out that changing IDs is not a > good idea as file ownership needs to be fixed as well. > > A new patch is attached.
Yet another version based on IRC discussion is attached.
>From 1a27a3fce54cc55bc4e30d535021c613329bfda0 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Tue, 25 Feb 2014 17:09:00 +0100 Subject: [PATCH] MAN: Clarify that changing ID mapping options might require purging the cache https://fedorahosted.org/sssd/ticket/2252 Currently SSSD chokes when IDs of users change, we don't support ID changes yet. Because some users were confused about the failures, this patch adds additional clarification. --- src/man/include/ldap_id_mapping.xml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/man/include/ldap_id_mapping.xml b/src/man/include/ldap_id_mapping.xml index 9dda399243bfd1725509c239d3358f2ef7501014..56b587c3fb2d2cc4e5fbdc89fd3e8fa2525df146 100644 --- a/src/man/include/ldap_id_mapping.xml +++ b/src/man/include/ldap_id_mapping.xml @@ -12,6 +12,18 @@ need to use manually-assigned values, ALL values must be manually-assigned. </para> + <para> + Please note that changing the ID mapping related configuration + options will cause user and group IDs to change. At the moment, + SSSD does not support changing IDs, so the SSSD database must be + removed. Because cached passwords are also stored in the database, + removing the database should only be performed while the SSSD + is online, otherwise users might get locked out. + Moreover, as the change of IDs might necessitate the adjustment + of other system properties such as file and directory ownership, + it's advisable to plan ahead and test the ID mapping configuration + thoroughly. + </para> <refsect2 id='idmap_algorithm'> <title>Mapping Algorithm</title> -- 1.8.5.3
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
