On Wed, Jun 01, 2016 at 11:58:45AM +0200, Pavel Březina wrote:
SSIA
From 2101e03fa59fec3f834b48256a287f456662d7c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= pbrezina@redhat.com Date: Wed, 1 Jun 2016 11:57:53 +0200 Subject: [PATCH] sudo man page: say that we support IPA schema
src/man/sssd-sudo.5.xml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..39376897a26ba8de12536e27a75821529e920bf6 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -111,7 +111,10 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com <para> When the SSSD is configured to use IPA as the ID provider, the sudo provider is automatically enabled. The sudo search base
is configured to use the compat tree (ou=sudoers,$DC).
is configured to use IPA sudo schema at cn=sudo,ou=sudoers,$DC. If
any other search base is set manually SSSD will look for rules
stored in LDAP sudo schema (e.g. ou=sudoers,$DC generated by
You might want to ping an English speaker to be sure, but I would say stored using the LDAP sudo schema. I would also put the "..generated by" after the enclosing bracket.
compat plugin). </para>
</refsect1>
-- 2.1.0
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
On 06/03/2016 05:42 PM, Jakub Hrozek wrote:
On Wed, Jun 01, 2016 at 11:58:45AM +0200, Pavel Březina wrote:
SSIA
From 2101e03fa59fec3f834b48256a287f456662d7c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= pbrezina@redhat.com Date: Wed, 1 Jun 2016 11:57:53 +0200 Subject: [PATCH] sudo man page: say that we support IPA schema
src/man/sssd-sudo.5.xml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..39376897a26ba8de12536e27a75821529e920bf6 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -111,7 +111,10 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com <para> When the SSSD is configured to use IPA as the ID provider, the sudo provider is automatically enabled. The sudo search base
is configured to use the compat tree (ou=sudoers,$DC).
is configured to use IPA sudo schema at cn=sudo,ou=sudoers,$DC. If
any other search base is set manually SSSD will look for rules
stored in LDAP sudo schema (e.g. ou=sudoers,$DC generated by
You might want to ping an English speaker to be sure, but I would say stored using the LDAP sudo schema. I would also put the "..generated by" after the enclosing bracket.
Hi Dan, can you tell us what's correct here please? Thanks!
compat plugin). </para> </refsect1>
On (13/06/16 10:08), Pavel Březina wrote:
On 06/03/2016 05:42 PM, Jakub Hrozek wrote:
On Wed, Jun 01, 2016 at 11:58:45AM +0200, Pavel Březina wrote:
SSIA
From 2101e03fa59fec3f834b48256a287f456662d7c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= pbrezina@redhat.com Date: Wed, 1 Jun 2016 11:57:53 +0200 Subject: [PATCH] sudo man page: say that we support IPA schema
src/man/sssd-sudo.5.xml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..39376897a26ba8de12536e27a75821529e920bf6 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -111,7 +111,10 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com <para> When the SSSD is configured to use IPA as the ID provider, the sudo provider is automatically enabled. The sudo search base
is configured to use the compat tree (ou=sudoers,$DC).
is configured to use IPA sudo schema at cn=sudo,ou=sudoers,$DC. If
any other search base is set manually SSSD will look for rules
stored in LDAP sudo schema (e.g. ou=sudoers,$DC generated by
You might want to ping an English speaker to be sure, but I would say stored using the LDAP sudo schema. I would also put the "..generated by" after the enclosing bracket.
Hi Dan, can you tell us what's correct here please? Thanks!
Dan,
bump :-)
LS
I asked Lukas this but he wasn't positive, is the objectClasses different when adding 'ldap_sudo_search_base' ? Or is it just location?
Eitherway, I think this is going to be a little more concise,
"When SSSD is configured and using the IPA provider, sudo is automatically enabled. The sudo search base is cn=sudo,ou=sudoers,$DC. If a different search base is defined in sssd.conf, it will use the value from the configuration file. (e.g. ou=sudoers,$DC generated by compat plugin)."
On 08/10/2016 04:33 PM, Dan Lavu wrote:
I asked Lukas this but he wasn't positive, is the objectClasses different when adding 'ldap_sudo_search_base' ? Or is it just location?
Eitherway, I think this is going to be a little more concise,
"When SSSD is configured and using the IPA provider, sudo is automatically enabled. The sudo search base is cn=sudo,ou=sudoers,$DC. If a different search base is defined in sssd.conf, it will use the value from the configuration file. (e.g. ou=sudoers,$DC generated by compat plugin)."
Hello Dan/Pavel,
I tried to combine some of your suggestions, Please see attached.
I also thought that $SUFFIX makes the root suffix more clear than $DC but that is just my personal opinion.
Kind regards, Justin Stephenson
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
On 08/10/2016 04:33 PM, Dan Lavu wrote:
I asked Lukas this but he wasn't positive, is the objectClasses different when adding 'ldap_sudo_search_base' ? Or is it just location?
Eitherway, I think this is going to be a little more concise,
"When SSSD is configured and using the IPA provider, sudo is automatically enabled. The sudo search base is cn=sudo,ou=sudoers,$DC. If a different search base is defined in sssd.conf, it will use the value from the configuration file. (e.g. ou=sudoers,$DC generated by compat plugin)."
Hello Dan/Pavel,
I tried to combine some of your suggestions, Please see attached.
I also thought that $SUFFIX makes the root suffix more clear than $DC but that is just my personal opinion.
Kind regards, Justin Stephenson
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001 From: Justin Stephenson jstephen@redhat.com Date: Mon, 29 Aug 2016 11:20:00 -0400 Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
Update sssd-sudo man page to reflect native IPA sudo support Resolves: https://fedorahosted.org/sssd/ticket/3145
src/man/sssd-sudo.5.xml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
</programlisting> </para> <para> - When the SSSD is configured to use IPA as the ID provider, - the sudo provider is automatically enabled. The sudo search base - is configured to use the compat tree (ou=sudoers,$DC). + When SSSD is configured to use IPA as the ID provider, the + sudo provider is automatically enabled. The sudo search base is + configured to use the IPA native LDAP tree(cn=sudo,ou=sudoers,$SUFFIX).
Hi, the manpage builds and the text reads good to me. I would just like to put a whitespace between "tree" and the opening "(". If you agree, I can fix this before pushing the patch, no need to re-send it..
If any other search base is defined in sssd.conf, this value will be
used instead. The compat tree(ou=sudoers,$SUFFIX) is no longer
required for IPA sudo functionality. </para>
</refsect1>
-- 2.7.4
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
On 08/30/2016 10:14 AM, Jakub Hrozek wrote:
On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
On 08/10/2016 04:33 PM, Dan Lavu wrote:
I asked Lukas this but he wasn't positive, is the objectClasses different when adding 'ldap_sudo_search_base' ? Or is it just location?
Eitherway, I think this is going to be a little more concise,
"When SSSD is configured and using the IPA provider, sudo is automatically enabled. The sudo search base is cn=sudo,ou=sudoers,$DC. If a different search base is defined in sssd.conf, it will use the value from the configuration file. (e.g. ou=sudoers,$DC generated by compat plugin)."
Hello Dan/Pavel,
I tried to combine some of your suggestions, Please see attached.
I also thought that $SUFFIX makes the root suffix more clear than $DC but that is just my personal opinion.
Kind regards, Justin Stephenson
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001 From: Justin Stephenson jstephen@redhat.com Date: Mon, 29 Aug 2016 11:20:00 -0400 Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
Update sssd-sudo man page to reflect native IPA sudo support Resolves: https://fedorahosted.org/sssd/ticket/3145
src/man/sssd-sudo.5.xml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
</programlisting> </para> <para> - When the SSSD is configured to use IPA as the ID provider, - the sudo provider is automatically enabled. The sudo search base - is configured to use the compat tree (ou=sudoers,$DC). + When SSSD is configured to use IPA as the ID provider, the + sudo provider is automatically enabled. The sudo search base is + configured to use the IPA native LDAP tree(cn=sudo,ou=sudoers,$SUFFIX).
Hi, the manpage builds and the text reads good to me. I would just like to put a whitespace between "tree" and the opening "(". If you agree, I can fix this before pushing the patch, no need to re-send it..
If any other search base is defined in sssd.conf, this value will be
used instead. The compat tree(ou=sudoers,$SUFFIX) is no longer
required for IPA sudo functionality. </para> </refsect1>
-- 2.7.4
Ack. Thank you.
On (30/08/16 10:14), Jakub Hrozek wrote:
On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
On 08/10/2016 04:33 PM, Dan Lavu wrote:
I asked Lukas this but he wasn't positive, is the objectClasses different when adding 'ldap_sudo_search_base' ? Or is it just location?
Eitherway, I think this is going to be a little more concise,
"When SSSD is configured and using the IPA provider, sudo is automatically enabled. The sudo search base is cn=sudo,ou=sudoers,$DC. If a different search base is defined in sssd.conf, it will use the value from the configuration file. (e.g. ou=sudoers,$DC generated by compat plugin)."
Hello Dan/Pavel,
I tried to combine some of your suggestions, Please see attached.
I also thought that $SUFFIX makes the root suffix more clear than $DC but that is just my personal opinion.
Kind regards, Justin Stephenson
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001 From: Justin Stephenson jstephen@redhat.com Date: Mon, 29 Aug 2016 11:20:00 -0400 Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
Update sssd-sudo man page to reflect native IPA sudo support Resolves: https://fedorahosted.org/sssd/ticket/3145
src/man/sssd-sudo.5.xml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
</programlisting> </para> <para> - When the SSSD is configured to use IPA as the ID provider, - the sudo provider is automatically enabled. The sudo search base - is configured to use the compat tree (ou=sudoers,$DC). + When SSSD is configured to use IPA as the ID provider, the + sudo provider is automatically enabled. The sudo search base is + configured to use the IPA native LDAP tree(cn=sudo,ou=sudoers,$SUFFIX).
^^^^^^^^^^^^^^^^^^^ I thought it is either (ou=sudoers,$SUFFIX) or (cn=sudo,$SUFFIX)
Hi, the manpage builds and the text reads good to me. I would just like to put a whitespace between "tree" and the opening "(". If you agree, I can fix this before pushing the patch, no need to re-send it..
IMHO, It deserves a new patch :-)
LS
On 08/30/2016 04:24 AM, Lukas Slebodnik wrote:
On (30/08/16 10:14), Jakub Hrozek wrote:
On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
On 08/10/2016 04:33 PM, Dan Lavu wrote:
I asked Lukas this but he wasn't positive, is the objectClasses different when adding 'ldap_sudo_search_base' ? Or is it just location?
Eitherway, I think this is going to be a little more concise,
"When SSSD is configured and using the IPA provider, sudo is automatically enabled. The sudo search base is cn=sudo,ou=sudoers,$DC. If a different search base is defined in sssd.conf, it will use the value from the configuration file. (e.g. ou=sudoers,$DC generated by compat plugin)."
Hello Dan/Pavel,
I tried to combine some of your suggestions, Please see attached.
I also thought that $SUFFIX makes the root suffix more clear than $DC but that is just my personal opinion.
Kind regards, Justin Stephenson
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001 From: Justin Stephenson jstephen@redhat.com Date: Mon, 29 Aug 2016 11:20:00 -0400 Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
Update sssd-sudo man page to reflect native IPA sudo support Resolves: https://fedorahosted.org/sssd/ticket/3145
src/man/sssd-sudo.5.xml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
</programlisting> </para> <para> - When the SSSD is configured to use IPA as the ID provider, - the sudo provider is automatically enabled. The sudo search base - is configured to use the compat tree (ou=sudoers,$DC). + When SSSD is configured to use IPA as the ID provider, the + sudo provider is automatically enabled. The sudo search base is + configured to use the IPA native LDAP tree(cn=sudo,ou=sudoers,$SUFFIX).
^^^^^^^^^^^^^^^^^^^ I thought it is either (ou=sudoers,$SUFFIX) or (cn=sudo,$SUFFIX)
Hi, the manpage builds and the text reads good to me. I would just like to put a whitespace between "tree" and the opening "(". If you agree, I can fix this before pushing the patch, no need to re-send it..
Yes, please go ahead.
IMHO, It deserves a new patch :-)
Hi Lukas, I can resubmit the patch if you'd like.
LS _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
On 08/30/2016 09:56 AM, Justin Stephenson wrote:
On 08/30/2016 04:24 AM, Lukas Slebodnik wrote:
On (30/08/16 10:14), Jakub Hrozek wrote:
On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
On 08/10/2016 04:33 PM, Dan Lavu wrote:
I asked Lukas this but he wasn't positive, is the objectClasses different when adding 'ldap_sudo_search_base' ? Or is it just location?
Eitherway, I think this is going to be a little more concise,
"When SSSD is configured and using the IPA provider, sudo is automatically enabled. The sudo search base is cn=sudo,ou=sudoers,$DC. If a different search base is defined in sssd.conf, it will use the value from the configuration file. (e.g. ou=sudoers,$DC generated by compat plugin)."
Hello Dan/Pavel,
I tried to combine some of your suggestions, Please see attached.
I also thought that $SUFFIX makes the root suffix more clear than $DC but that is just my personal opinion.
Kind regards, Justin Stephenson
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001 From: Justin Stephenson jstephen@redhat.com Date: Mon, 29 Aug 2016 11:20:00 -0400 Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
Update sssd-sudo man page to reflect native IPA sudo support Resolves: https://fedorahosted.org/sssd/ticket/3145
src/man/sssd-sudo.5.xml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
</programlisting> </para> <para> - When the SSSD is configured to use IPA as the ID provider, - the sudo provider is automatically enabled. The sudo search base - is configured to use the compat tree (ou=sudoers,$DC). + When SSSD is configured to use IPA as the ID provider, the + sudo provider is automatically enabled. The sudo search base is + configured to use the IPA native LDAP tree(cn=sudo,ou=sudoers,$SUFFIX).
^^^^^^^^^^^^^^^^^^^ I thought it is either (ou=sudoers,$SUFFIX) or (cn=sudo,$SUFFIX)
Hi, the manpage builds and the text reads good to me. I would just like to put a whitespace between "tree" and the opening "(". If you agree, I can fix this before pushing the patch, no need to re-send it..
Yes, please go ahead.
IMHO, It deserves a new patch :-)
Hi Lukas, I can resubmit the patch if you'd like.
Updated patch attached with both changes made.
Kind regards, Justin Stephenson
LS _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
On (30/08/16 16:51), Justin Stephenson wrote:
On 08/30/2016 09:56 AM, Justin Stephenson wrote:
On 08/30/2016 04:24 AM, Lukas Slebodnik wrote:
On (30/08/16 10:14), Jakub Hrozek wrote:
On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
On 08/10/2016 04:33 PM, Dan Lavu wrote:
I asked Lukas this but he wasn't positive, is the objectClasses different when adding 'ldap_sudo_search_base' ? Or is it just location?
Eitherway, I think this is going to be a little more concise,
"When SSSD is configured and using the IPA provider, sudo is automatically enabled. The sudo search base is cn=sudo,ou=sudoers,$DC. If a different search base is defined in sssd.conf, it will use the value from the configuration file. (e.g. ou=sudoers,$DC generated by compat plugin)."
Hello Dan/Pavel,
I tried to combine some of your suggestions, Please see attached.
I also thought that $SUFFIX makes the root suffix more clear than $DC but that is just my personal opinion.
Kind regards, Justin Stephenson
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001 From: Justin Stephenson jstephen@redhat.com Date: Mon, 29 Aug 2016 11:20:00 -0400 Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
Update sssd-sudo man page to reflect native IPA sudo support Resolves: https://fedorahosted.org/sssd/ticket/3145
src/man/sssd-sudo.5.xml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
</programlisting> </para> <para> - When the SSSD is configured to use IPA as the ID provider, - the sudo provider is automatically enabled. The sudo search base - is configured to use the compat tree (ou=sudoers,$DC). + When SSSD is configured to use IPA as the ID provider, the + sudo provider is automatically enabled. The sudo search base is + configured to use the IPA native LDAP tree(cn=sudo,ou=sudoers,$SUFFIX).
^^^^^^^^^^^^^^^^^^^ I thought it is either (ou=sudoers,$SUFFIX) or (cn=sudo,$SUFFIX)
Hi, the manpage builds and the text reads good to me. I would just like to put a whitespace between "tree" and the opening "(". If you agree, I can fix this before pushing the patch, no need to re-send it..
Yes, please go ahead.
IMHO, It deserves a new patch :-)
Hi Lukas, I can resubmit the patch if you'd like.
Updated patch attached with both changes made.
From 76915bf609fdb2008c17f407f517de1a8602fc8b Mon Sep 17 00:00:00 2001 From: Justin Stephenson jstephen@redhat.com Date: Mon, 29 Aug 2016 11:20:00 -0400 Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
Update sssd-sudo man page to reflect native IPA sudo support
Resolves: https://fedorahosted.org/sssd/ticket/3145
src/man/sssd-sudo.5.xml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..9be77725d679946bd09b86771cc7379b6ac64627 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
</programlisting> </para> <para> - When the SSSD is configured to use IPA as the ID provider, - the sudo provider is automatically enabled. The sudo search base - is configured to use the compat tree (ou=sudoers,$DC). + When SSSD is configured to use IPA as the ID provider, the + sudo provider is automatically enabled. The sudo search base is + configured to use the IPA native LDAP tree (cn=sudo,$SUFFIX). + If any other search base is defined in sssd.conf, this value will be + used instead. The compat tree (ou=sudoers,$SUFFIX) is no longer + required for IPA sudo functionality. </para> </refsect1>
Thank you for changes ACK++
LS
On (16/09/16 14:37), Lukas Slebodnik wrote:
On (30/08/16 16:51), Justin Stephenson wrote:
On 08/30/2016 09:56 AM, Justin Stephenson wrote:
On 08/30/2016 04:24 AM, Lukas Slebodnik wrote:
On (30/08/16 10:14), Jakub Hrozek wrote:
On Mon, Aug 29, 2016 at 11:28:44AM -0400, Justin Stephenson wrote:
On 08/10/2016 04:33 PM, Dan Lavu wrote: > I asked Lukas this but he wasn't positive, is the objectClasses > different when adding 'ldap_sudo_search_base' ? Or is it just > location? > > Eitherway, I think this is going to be a little more concise, > > "When SSSD is configured and using the IPA provider, sudo is > automatically enabled. The sudo search base is > cn=sudo,ou=sudoers,$DC. If a different search base is defined in > sssd.conf, it will use the value from the configuration file. (e.g. > ou=sudoers,$DC generated by compat plugin)."
Hello Dan/Pavel,
I tried to combine some of your suggestions, Please see attached.
I also thought that $SUFFIX makes the root suffix more clear than $DC but that is just my personal opinion.
Kind regards, Justin Stephenson
> _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org > >
From f639386298d40013e2c2d915b9ed4a72e1c09868 Mon Sep 17 00:00:00 2001 From: Justin Stephenson jstephen@redhat.com Date: Mon, 29 Aug 2016 11:20:00 -0400 Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
Update sssd-sudo man page to reflect native IPA sudo support Resolves: https://fedorahosted.org/sssd/ticket/3145
src/man/sssd-sudo.5.xml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..845d1699bd8c3739b401a09eeca0b06861c2e86b 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
</programlisting> </para> <para> - When the SSSD is configured to use IPA as the ID provider, - the sudo provider is automatically enabled. The sudo search base - is configured to use the compat tree (ou=sudoers,$DC). + When SSSD is configured to use IPA as the ID provider, the + sudo provider is automatically enabled. The sudo search base is + configured to use the IPA native LDAP tree(cn=sudo,ou=sudoers,$SUFFIX).
^^^^^^^^^^^^^^^^^^^ I thought it is either (ou=sudoers,$SUFFIX) or (cn=sudo,$SUFFIX)
Hi, the manpage builds and the text reads good to me. I would just like to put a whitespace between "tree" and the opening "(". If you agree, I can fix this before pushing the patch, no need to re-send it..
Yes, please go ahead.
IMHO, It deserves a new patch :-)
Hi Lukas, I can resubmit the patch if you'd like.
Updated patch attached with both changes made.
From 76915bf609fdb2008c17f407f517de1a8602fc8b Mon Sep 17 00:00:00 2001 From: Justin Stephenson jstephen@redhat.com Date: Mon, 29 Aug 2016 11:20:00 -0400 Subject: [PATCH] MAN: sssd-sudo manual update IPA native LDAP tree support
Update sssd-sudo man page to reflect native IPA sudo support
Resolves: https://fedorahosted.org/sssd/ticket/3145
src/man/sssd-sudo.5.xml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index de276ad2d7647da9b7d510bf00fdf8fb58aed1c7..9be77725d679946bd09b86771cc7379b6ac64627 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -109,9 +109,12 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
</programlisting> </para> <para> - When the SSSD is configured to use IPA as the ID provider, - the sudo provider is automatically enabled. The sudo search base - is configured to use the compat tree (ou=sudoers,$DC). + When SSSD is configured to use IPA as the ID provider, the + sudo provider is automatically enabled. The sudo search base is + configured to use the IPA native LDAP tree (cn=sudo,$SUFFIX). + If any other search base is defined in sssd.conf, this value will be + used instead. The compat tree (ou=sudoers,$SUFFIX) is no longer + required for IPA sudo functionality. </para> </refsect1>
Thank you for changes ACK++
master: * 72bab5640b3ec57950b53dad0fb3042ea563592c
sssd-1-13: * a14547beaf0112123c33759c9b8264a1b58c6fa4
LS
sssd-devel@lists.fedorahosted.org