[SSSD] Re: [PATCH] sudo man page: say that we support IPA schema

Mon, 29 Aug 2016 08:29:28 -0700 

On 08/10/2016 04:33 PM, Dan Lavu wrote:

I asked Lukas this but he wasn't positive, is the objectClasses different when 
adding 'ldap_sudo_search_base' ? Or is it just location?

Eitherway, I think this is going to be a little more concise,

"When SSSD is configured and using the IPA provider, sudo is automatically enabled. 
The sudo search base is cn=sudo,ou=sudoers,$DC. If a different search base is defined in 
sssd.conf, it will use the value from the configuration file. (e.g. ou=sudoers,$DC 
generated by compat plugin)."


Hello Dan/Pavel,

I tried to combine some of your suggestions, Please see attached.
I also thought that $SUFFIX makes the root suffix more clear than $DC but that is just my personal opinion. 

Kind regards,
Justin Stephenson


_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]


>From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <[email protected]>
Date: Mon, 29 Aug 2016 11:20:00 -0400
Subject: [PATCH]     MAN: sssd-sudo manual update IPA native LDAP tree support

    Update sssd-sudo man page to reflect native IPA sudo support

    Resolves:
    https://fedorahosted.org/sssd/ticket/3145
---
 src/man/sssd-sudo.5.xml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b 100644
--- a/src/man/sssd-sudo.5.xml
+++ b/src/man/sssd-sudo.5.xml
@@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
 </programlisting>
         </para>
         <para>
-            When the SSSD is configured to use IPA as the ID provider,
-            the sudo provider is automatically enabled. The sudo search base
-            is configured to use the compat tree (ou=sudoers,$DC).
+            When SSSD is configured to use IPA as the ID provider, the
+            sudo provider is automatically enabled. The sudo search base is
+            configured to use the IPA native LDAP tree(cn=sudo,ou=sudoers,$SUFFIX).
+            If any other search base is defined in sssd.conf, this value will be
+            used instead. The compat tree(ou=sudoers,$SUFFIX) is no longer
+            required for IPA sudo functionality.
         </para>
     </refsect1>
 
-- 
2.7.4


_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]

Reply via email to