diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2013-09-13 15:48:10 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-09-20 20:13:36 +0200 |
| commit | 6835cbe127490f99b5b28ddf133924d905cf78fd (patch) | |
| tree | fea7f25a84617bcb2ae9695d6ab905f2f87ecebc | |
| parent | 9dc153a402a36eeb6edbbf23ef489d957b9a76d0 (diff) | |
| download | sssd-6835cbe127490f99b5b28ddf133924d905cf78fd.tar.gz sssd-6835cbe127490f99b5b28ddf133924d905cf78fd.tar.bz2 sssd-6835cbe127490f99b5b28ddf133924d905cf78fd.zip | |
man: improve sssd-sudo manual page
Resolves:
https://fedorahosted.org/sssd/ticket/2085
| -rw-r--r-- | src/man/sssd-sudo.5.xml | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index 361fdb7b..de276ad2 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -66,11 +66,31 @@ sudoers: files sss <manvolnum>5</manvolnum> </citerefentry>. </para> + <para> + <emphasis>Note</emphasis>: in order to use netgroups or IPA + hostgroups in sudo rules, you also need to correctly set + <citerefentry> + <refentrytitle>nisdomainname</refentrytitle> + <manvolnum>1</manvolnum> + </citerefentry> + to your NIS domain name (which equals to IPA domain name when + using hostgroups). + </para> </refsect1> <refsect1 id='sssd'> <title>Configuring SSSD to fetch sudo rules</title> <para> + All configuration that is needed on SSSD side is to extend the list + of <emphasis>services</emphasis> with "sudo" in [sssd] section of + <citerefentry> + <refentrytitle>sssd.conf</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry>. To speed up the LDAP lookups, you can also set + search base for sudo rules using + <emphasis>ldap_sudo_search_base</emphasis> option. + </para> + <para> The following example shows how to configure SSSD to download sudo rules from an LDAP server. </para> @@ -89,8 +109,8 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com </programlisting> </para> <para> - When the SSSD is configured to use the IPA provider, the sudo - provider is automatically enabled. The sudo search base + When the SSSD is configured to use IPA as the ID provider, + the sudo provider is automatically enabled. The sudo search base is configured to use the compat tree (ou=sudoers,$DC). </para> </refsect1> |