On (16/09/16 14:37), Lukas Slebodnik wrote: >On (30/08/16 16:51), Justin Stephenson wrote: >> >>On 08/30/2016 09:56 AM, Justin Stephenson wrote: >>> >>> On 08/30/2016 04:24 AM, Lukas Slebodnik wrote: >>> > On (30/08/16 10:14), Jakub Hrozek wrote: >>> > > On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote: >>> > > > On 08/10/2016 04:33 PM, Dan Lavu wrote: >>> > > > > I asked Lukas this but he wasn't positive, is the objectClasses >>> > > > > different when adding 'ldap_sudo_search_base' ? Or is it just >>> > > > > location? >>> > > > > >>> > > > > Eitherway, I think this is going to be a little more concise, >>> > > > > >>> > > > > "When SSSD is configured and using the IPA provider, sudo is >>> > > > > automatically enabled. The sudo search base is >>> > > > > cn=sudo,ou=sudoers,$DC. If a different search base is defined in >>> > > > > sssd.conf, it will use the value from the configuration file. (e.g. >>> > > > > ou=sudoers,$DC generated by compat plugin)." >>> > > > >>> > > > Hello Dan/Pavel, >>> > > > >>> > > > I tried to combine some of your suggestions, Please see attached. >>> > > > >>> > > > I also thought that $SUFFIX makes the root suffix more clear than >>> > > > $DC but >>> > > > that is just my personal opinion. >>> > > > >>> > > > Kind regards, >>> > > > Justin Stephenson >>> > > > >>> > > > > _______________________________________________ >>> > > > > sssd-devel mailing list >>> > > > > [email protected] >>> > > > > https://lists.fedorahosted.org/admin/lists/[email protected] >>> > > > > >>> > > > > >>> > > >>> > > > From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001 >>> > > > From: Justin Stephenson <[email protected]> >>> > > > Date: Mon, 29 Aug 2016 11:20:00 -0400 >>> > > > Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP >>> > > > tree support >>> > > > >>> > > > Update sssd-sudo man page to reflect native IPA sudo support >>> > > > >>> > > > Resolves: >>> > > > https://fedorahosted.org/sssd/ticket/3145 >>> > > > --- >>> > > > src/man/sssd-sudo.5.xml | 9 ++++++--- >>> > > > 1 file changed, 6 insertions(+), 3 deletions(-) >>> > > > >>> > > > diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml >>> > > > index >>> > > > de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b >>> > > > 100644 >>> > > > --- a/src/man/sssd-sudo.5.xml >>> > > > +++ b/src/man/sssd-sudo.5.xml >>> > > > @@ -109,9 +109,12 @@ ldap_sudo_search_base = >>> > > > ou=sudoers,dc=example,dc=com >>> > > > </programlisting> >>> > > > </para> >>> > > > <para> >>> > > > - When the SSSD is configured to use IPA as the ID >>> > > > provider, >>> > > > - the sudo provider is automatically enabled. The sudo >>> > > > search base >>> > > > - is configured to use the compat tree (ou=sudoers,$DC). >>> > > > + When SSSD is configured to use IPA as the ID provider, >>> > > > the >>> > > > + sudo provider is automatically enabled. The sudo search >>> > > > base is >>> > > > + configured to use the IPA native LDAP >>> > > > tree(cn=sudo,ou=sudoers,$SUFFIX). >>> > >>> > ^^^^^^^^^^^^^^^^^^^ >>> > I thought it is either (ou=sudoers,$SUFFIX) >>> > or (cn=sudo,$SUFFIX) >>> > >>> > > Hi, the manpage builds and the text reads good to me. I would just like >>> > > to put a whitespace between "tree" and the opening "(". If you agree, I >>> > > can fix this before pushing the patch, no need to re-send it.. >>> >>> Yes, please go ahead. >>> >>> > > >>> > IMHO, It deserves a new patch :-) >>> >>> Hi Lukas, I can resubmit the patch if you'd like. >> >>Updated patch attached with both changes made. >> > >>From 76915bf609fdb2008c17f407f517de1a8602fc8b Mon Sep 17 00:00:00 2001 >>From: Justin Stephenson <[email protected]> >>Date: Mon, 29 Aug 2016 11:20:00 -0400 >>Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support >> >> Update sssd-sudo man page to reflect native IPA sudo support >> >> Resolves: >> https://fedorahosted.org/sssd/ticket/3145 >>--- >> src/man/sssd-sudo.5.xml | 9 ++++++--- >> 1 file changed, 6 insertions(+), 3 deletions(-) >> >>diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml >>index >>de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..9be77725d679946bd09b86771cc7379b6ac64627 >> 100644 >>--- a/src/man/sssd-sudo.5.xml >>+++ b/src/man/sssd-sudo.5.xml >>@@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com >> </programlisting> >> </para> >> <para> >>- When the SSSD is configured to use IPA as the ID provider, >>- the sudo provider is automatically enabled. The sudo search base >>- is configured to use the compat tree (ou=sudoers,$DC). >>+ When SSSD is configured to use IPA as the ID provider, the >>+ sudo provider is automatically enabled. The sudo search base is >>+ configured to use the IPA native LDAP tree (cn=sudo,$SUFFIX). >>+ If any other search base is defined in sssd.conf, this value >>will be >>+ used instead. The compat tree (ou=sudoers,$SUFFIX) is no longer >>+ required for IPA sudo functionality. >> </para> >> </refsect1> > >Thank you for changes >ACK++ > master: * 72bab5640b3ec57950b53dad0fb3042ea563592c
sssd-1-13: * a14547beaf0112123c33759c9b8264a1b58c6fa4 LS _______________________________________________ sssd-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
