On Wed, Oct 16, 2013 at 06:31:32PM +0300, Alexander Bokovoy wrote:
> Hi!
>
> Attached is first update to AD trusts documentation for FreeIPA user
> guide. I've fixed number of outdated statements and added some more
> material.
>
> More patches will follow to cover functionality up to FreeIPA 3.3.2.
The new content looks good, I only found a few minor issues, see below.
bye,
Sumit
>
> --
> / Alexander Bokovoy
...
> + them to POSIX group and user identifiers. The user is
> granted
> + access to the &IPA;-hosted services. according to their
> access
^ ?
I think the dot should be removed.
> + rules. Additionally, the &IPA; group information in the SSSD
> + user cache is updated to include the mapped &IPA; groups for
> + the &AD; user.
...
> +
> + <para>
> + Since in POSIX environment every running process should be
> + running under some user and have some group membership to
> + access files, it is important that every &IPA; user has
I think you mean "every user of &IPA; services", because "every &IPA;
user" has a POSIX ID by default.
> + corresponding POSIX identifier and user belongs to some
> groups
> + which have POSIX identifiers. Each &AD; user, therefore,
> should
> + have membership in some POSIX group to be able to access
> files
> + and run processes in &IPA; domain.
> + </para>
> +
> +
> <para>
> - When &AD; groups are added to &IPAA; group,
> they can be idenfitied by
> + When &AD; objects are added to &IPAA; group,
> they can be idenfitied by
"identified" (error was there before)
> their SID or by name, in the formats
> <emphasis>DOMAIN\group_name</emphasis> or
> - <emphasis>group_name@domain</emphasis>. &IPA;
> then resolves the group name to
> + <emphasis>group_name@domain</emphasis>. &IPA;
> then resolves the object name to
> the SID and stores the SID as the group member
> entry, to be compared to any
> offered user PAC.
> - </para>
> + </para>
> +
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
