On 08/30/2016 10:14 AM, Jakub Hrozek wrote:
On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
On 08/10/2016 04:33 PM, Dan Lavu wrote:
I asked Lukas this but he wasn't positive, is the objectClasses different when
adding 'ldap_sudo_search_base' ? Or is it just location?
Eitherway, I think this is going to be a little more concise,
"When SSSD is configured and using the IPA provider, sudo is automatically enabled.
The sudo search base is cn=sudo,ou=sudoers,$DC. If a different search base is defined in
sssd.conf, it will use the value from the configuration file. (e.g. ou=sudoers,$DC
generated by compat plugin)."
Hello Dan/Pavel,
I tried to combine some of your suggestions, Please see attached.
I also thought that $SUFFIX makes the root suffix more clear than $DC but
that is just my personal opinion.
Kind regards,
Justin Stephenson
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Mon, 29 Aug 2016 11:20:00 -0400
Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
Update sssd-sudo man page to reflect native IPA sudo support
Resolves:
https://fedorahosted.org/sssd/ticket/3145
---
src/man/sssd-sudo.5.xml | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
index
de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b
100644
--- a/src/man/sssd-sudo.5.xml
+++ b/src/man/sssd-sudo.5.xml
@@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
</programlisting>
</para>
<para>
- When the SSSD is configured to use IPA as the ID provider,
- the sudo provider is automatically enabled. The sudo search base
- is configured to use the compat tree (ou=sudoers,$DC).
+ When SSSD is configured to use IPA as the ID provider, the
+ sudo provider is automatically enabled. The sudo search base is
+ configured to use the IPA native LDAP
tree(cn=sudo,ou=sudoers,$SUFFIX).
Hi, the manpage builds and the text reads good to me. I would just like
to put a whitespace between "tree" and the opening "(". If you agree, I
can fix this before pushing the patch, no need to re-send it..
+ If any other search base is defined in sssd.conf, this value will
be
+ used instead. The compat tree(ou=sudoers,$SUFFIX) is no longer
+ required for IPA sudo functionality.
</para>
</refsect1>
--
2.7.4
Ack. Thank you.
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
