URL: https://github.com/SSSD/sssd/pull/68 Author: justin-stephenson Title: #68: MAN: Document different defaults for AD provider Action: opened
PR body: """ Update man pages for any AD provider config options that differ from ldap/krb5 provider back-end defaults. Resolves: https://fedorahosted.org/sssd/ticket/3214 I would appreciate any suggestions on improving the wording, I was hoping to be informative but concise. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/68/head:pr68 git checkout pr68
From 16ca7665d7efdf8d14bef7a128674fc934e5a7b7 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Thu, 27 Oct 2016 17:33:11 -0400 Subject: [PATCH] MAN: Document different defaults for AD provider Update man pages for any AD provider config options that differ from ldap/krb5 provider back-end defaults Resolves: https://fedorahosted.org/sssd/ticket/3214 --- src/man/include/ad_modified_defaults.xml | 63 ++++++++++++++++++++++++++++++++ src/man/sssd-ad.5.xml | 19 +++++++--- 2 files changed, 77 insertions(+), 5 deletions(-) create mode 100644 src/man/include/ad_modified_defaults.xml diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml new file mode 100644 index 0000000..c41b454 --- /dev/null +++ b/src/man/include/ad_modified_defaults.xml @@ -0,0 +1,63 @@ +<refsect1 id='modified-default-options'> + <title>MODIFIED DEFAULT OPTIONS</title> + <para> + Certain option defaults do not match their respective backend + provider defaults, these option names and AD provider-specific + defaults are listed below: + </para> + <refsect2 id='krb5_modifications'> + <title>KRB5 Provider</title> + <itemizedlist> + <listitem> + <para> + krb5_validate = true + </para> + </listitem> + <listitem> + <para> + krb5_use_enterprise_principal = true + </para> + </listitem> + </itemizedlist> + </refsect2> + <refsect2 id='ldap_modifications'> + <title>LDAP Provider</title> + <itemizedlist> + <listitem> + <para> + ldap_schema = ad + </para> + </listitem> + <listitem> + <para> + ldap_force_upper_case_realm = true + </para> + </listitem> + <listitem> + <para> + ldap_id_mapping = true + </para> + </listitem> + <listitem> + <para> + ldap_sasl_mech = gssapi + </para> + </listitem> + <listitem> + <para> + ldap_referrals = false + </para> + </listitem> + <listitem> + <para> + ldap_account_expire_policy = ad + </para> + </listitem> + <listitem> + <para> + ldap_use_tokengroups = true + </para> + </listitem> + </itemizedlist> + </refsect2> +</refsect1> diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 8a2f4ad..8c29006 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -48,7 +48,7 @@ addition servers from trusted domains are always auto-discovered. </para> <para> - The AD provider accepts the same options used by the + The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> @@ -56,12 +56,19 @@ <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> - </citerefentry> authentication provider with some exceptions described - below. + </citerefentry> authentication provider with optimizations for + Active Directory environments. The AD provider accepts the same + options used by the sssd-ldap and sssd-krb5 providers with some + exceptions. However, it is neither necessary nor recommended to + set these options. </para> <para> - However, it is neither necessary nor recommended to set these - options. The AD provider can also be used as an access, chpass, + The AD provider primarily copies the traditional ldap and krb5 + provider default options with some exceptions, the differences + are listed in the <quote>MODIFIED DEFAULT OPTIONS</quote> section. + </para> + <para> + The AD provider can also be used as an access, chpass, sudo and autofs provider. No configuration of the access provider is required on the client side. </para> @@ -982,6 +989,8 @@ ad_gpo_map_deny = +my_pam_service </para> </refsect1> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/ad_modified_defaults.xml" /> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/failover.xml" /> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/service_discovery.xml" />
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org