On (30/08/16 16:51), Justin Stephenson wrote: > >On 08/30/2016 09:56 AM, Justin Stephenson wrote: >> >> On 08/30/2016 04:24 AM, Lukas Slebodnik wrote: >> > On (30/08/16 10:14), Jakub Hrozek wrote: >> > > On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote: >> > > > On 08/10/2016 04:33 PM, Dan Lavu wrote: >> > > > > I asked Lukas this but he wasn't positive, is the objectClasses >> > > > > different when adding 'ldap_sudo_search_base' ? Or is it just >> > > > > location? >> > > > > >> > > > > Eitherway, I think this is going to be a little more concise, >> > > > > >> > > > > "When SSSD is configured and using the IPA provider, sudo is >> > > > > automatically enabled. The sudo search base is >> > > > > cn=sudo,ou=sudoers,$DC. If a different search base is defined in >> > > > > sssd.conf, it will use the value from the configuration file. (e.g. >> > > > > ou=sudoers,$DC generated by compat plugin)." >> > > > >> > > > Hello Dan/Pavel, >> > > > >> > > > I tried to combine some of your suggestions, Please see attached. >> > > > >> > > > I also thought that $SUFFIX makes the root suffix more clear than >> > > > $DC but >> > > > that is just my personal opinion. >> > > > >> > > > Kind regards, >> > > > Justin Stephenson >> > > > >> > > > > _______________________________________________ >> > > > > sssd-devel mailing list >> > > > > sssd-devel@lists.fedorahosted.org >> > > > > https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org >> > > > > >> > > > > >> > > >> > > > From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001 >> > > > From: Justin Stephenson <jstep...@redhat.com> >> > > > Date: Mon, 29 Aug 2016 11:20:00 -0400 >> > > > Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP >> > > > tree support >> > > > >> > > > Update sssd-sudo man page to reflect native IPA sudo support >> > > > >> > > > Resolves: >> > > > https://fedorahosted.org/sssd/ticket/3145 >> > > > --- >> > > > src/man/sssd-sudo.5.xml | 9 ++++++--- >> > > > 1 file changed, 6 insertions(+), 3 deletions(-) >> > > > >> > > > diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml >> > > > index >> > > > de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b >> > > > 100644 >> > > > --- a/src/man/sssd-sudo.5.xml >> > > > +++ b/src/man/sssd-sudo.5.xml >> > > > @@ -109,9 +109,12 @@ ldap_sudo_search_base = >> > > > ou=sudoers,dc=example,dc=com >> > > > </programlisting> >> > > > </para> >> > > > <para> >> > > > - When the SSSD is configured to use IPA as the ID provider, >> > > > - the sudo provider is automatically enabled. The sudo >> > > > search base >> > > > - is configured to use the compat tree (ou=sudoers,$DC). >> > > > + When SSSD is configured to use IPA as the ID provider, the >> > > > + sudo provider is automatically enabled. The sudo search >> > > > base is >> > > > + configured to use the IPA native LDAP >> > > > tree(cn=sudo,ou=sudoers,$SUFFIX). >> > >> > ^^^^^^^^^^^^^^^^^^^ >> > I thought it is either (ou=sudoers,$SUFFIX) >> > or (cn=sudo,$SUFFIX) >> > >> > > Hi, the manpage builds and the text reads good to me. I would just like >> > > to put a whitespace between "tree" and the opening "(". If you agree, I >> > > can fix this before pushing the patch, no need to re-send it.. >> >> Yes, please go ahead. >> >> > > >> > IMHO, It deserves a new patch :-) >> >> Hi Lukas, I can resubmit the patch if you'd like. > >Updated patch attached with both changes made. >
>From 76915bf609fdb2008c17f407f517de1a8602fc8b Mon Sep 17 00:00:00 2001 >From: Justin Stephenson <jstep...@redhat.com> >Date: Mon, 29 Aug 2016 11:20:00 -0400 >Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support > > Update sssd-sudo man page to reflect native IPA sudo support > > Resolves: > https://fedorahosted.org/sssd/ticket/3145 >--- > src/man/sssd-sudo.5.xml | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > >diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml >index >de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..9be77725d679946bd09b86771cc7379b6ac64627 > 100644 >--- a/src/man/sssd-sudo.5.xml >+++ b/src/man/sssd-sudo.5.xml >@@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com > </programlisting> > </para> > <para> >- When the SSSD is configured to use IPA as the ID provider, >- the sudo provider is automatically enabled. The sudo search base >- is configured to use the compat tree (ou=sudoers,$DC). >+ When SSSD is configured to use IPA as the ID provider, the >+ sudo provider is automatically enabled. The sudo search base is >+ configured to use the IPA native LDAP tree (cn=sudo,$SUFFIX). >+ If any other search base is defined in sssd.conf, this value will >be >+ used instead. The compat tree (ou=sudoers,$SUFFIX) is no longer >+ required for IPA sudo functionality. > </para> > </refsect1> Thank you for changes ACK++ LS _______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
