[SSSD] [sssd PR#68][opened] MAN: Document different defaults for AD provider

justin-stephenson Thu, 27 Oct 2016 14:43:03 -0700

   URL: https://github.com/SSSD/sssd/pull/68
Author: justin-stephenson
 Title: #68: MAN: Document different defaults for AD provider
Action: opened


PR body:
"""
Update man pages for any AD provider config options that differ from
ldap/krb5 provider back-end defaults.

Resolves:
https://fedorahosted.org/sssd/ticket/3214

I would appreciate any suggestions on improving the wording, I was hoping to be 
informative but concise.
"""

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/68/head:pr68
git checkout pr68

From 16ca7665d7efdf8d14bef7a128674fc934e5a7b7 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Thu, 27 Oct 2016 17:33:11 -0400
Subject: [PATCH] MAN: Document different defaults for AD provider

Update man pages for any AD provider config options that differ from
ldap/krb5 provider back-end defaults

Resolves:
https://fedorahosted.org/sssd/ticket/3214
---
 src/man/include/ad_modified_defaults.xml | 63 ++++++++++++++++++++++++++++++++
 src/man/sssd-ad.5.xml                    | 19 +++++++---
 2 files changed, 77 insertions(+), 5 deletions(-)
 create mode 100644 src/man/include/ad_modified_defaults.xml

diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml
new file mode 100644
index 0000000..c41b454
--- /dev/null
+++ b/src/man/include/ad_modified_defaults.xml
@@ -0,0 +1,63 @@
+<refsect1 id='modified-default-options'>
+    <title>MODIFIED DEFAULT OPTIONS</title>
+    <para>
+        Certain option defaults do not match their respective backend
+        provider defaults, these option names and AD provider-specific
+        defaults are listed below:
+    </para>
+    <refsect2 id='krb5_modifications'>
+        <title>KRB5 Provider</title>
+        <itemizedlist>
+            <listitem>
+                <para>
+                    krb5_validate = true
+                </para>
+            </listitem>
+            <listitem>
+                <para>
+                    krb5_use_enterprise_principal = true
+                </para>
+            </listitem>
+        </itemizedlist>
+    </refsect2>
+    <refsect2 id='ldap_modifications'>
+        <title>LDAP Provider</title>
+        <itemizedlist>
+            <listitem>
+                <para>
+                    ldap_schema = ad
+                </para>
+            </listitem>
+            <listitem>
+                <para>
+                    ldap_force_upper_case_realm = true
+                </para>
+            </listitem>
+            <listitem>
+                <para>
+                    ldap_id_mapping = true
+                </para>
+            </listitem>
+            <listitem>
+                <para>
+                    ldap_sasl_mech = gssapi
+                </para>
+            </listitem>
+            <listitem>
+                <para>
+                    ldap_referrals = false
+                </para>
+            </listitem>
+            <listitem>
+                <para>
+                    ldap_account_expire_policy = ad
+                </para>
+            </listitem>
+            <listitem>
+                <para>
+                    ldap_use_tokengroups = true
+                </para>
+            </listitem>
+        </itemizedlist>
+    </refsect2>
+</refsect1>
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index 8a2f4ad..8c29006 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -48,7 +48,7 @@
             addition servers from trusted domains are always auto-discovered.
         </para>
         <para>
-            The AD provider accepts the same options used by the
+            The AD provider enables SSSD to use the
             <citerefentry>
                 <refentrytitle>sssd-ldap</refentrytitle>
                 <manvolnum>5</manvolnum>
@@ -56,12 +56,19 @@
             <citerefentry>
                 <refentrytitle>sssd-krb5</refentrytitle>
                 <manvolnum>5</manvolnum>
-            </citerefentry> authentication provider with some exceptions described
-            below.
+            </citerefentry> authentication provider with optimizations for
+            Active Directory environments. The AD provider accepts the same
+            options used by the sssd-ldap and sssd-krb5 providers with some
+            exceptions. However, it is neither necessary nor recommended to
+            set these options.
         </para>
         <para>
-            However, it is neither necessary nor recommended to set these
-            options. The AD provider can also be used as an access, chpass,
+            The AD provider primarily copies the traditional ldap and krb5
+            provider default options with some exceptions, the differences
+            are listed in the <quote>MODIFIED DEFAULT OPTIONS</quote> section.
+        </para>
+        <para>
+            The AD provider can also be used as an access, chpass,
             sudo and autofs provider. No configuration of the access provider
             is required on the client side.
         </para>
@@ -982,6 +989,8 @@ ad_gpo_map_deny = +my_pam_service
         </para>
     </refsect1>
 
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="include/ad_modified_defaults.xml" />
+
     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="include/failover.xml" />
 
     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="include/service_discovery.xml" />

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#68][opened] MAN: Document different defaults for AD provider

Reply via email to