summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/man/Makefile.am13
-rw-r--r--src/man/sssd-ldap.5.xml31
-rw-r--r--src/man/sssd.conf.5.xml11
3 files changed, 44 insertions, 11 deletions
diff --git a/src/man/Makefile.am b/src/man/Makefile.am
index 09af8985..36c3921d 100644
--- a/src/man/Makefile.am
+++ b/src/man/Makefile.am
@@ -5,11 +5,20 @@ top_builddir = ../..
# MANPAGES #
############
+
+# If no conditions are given, *all* conditionals are expanded. We don't
+# to include any conditions by default, so we need to pass a phony conditional
+CONDS=with_false
+if BUILD_SUDO
+# conditionals are delimeted with a semicolon
+CONDS+=;with_sudo
+endif
+
#Special Rules:
export SGML_CATALOG_FILES
-DOCBOOK_XSLT = http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl
+DOCBOOK_XSLT = http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl
XMLLINT_FLAGS = --catalogs --postvalid --nonet --xinclude --noout
-XSLTPROC_FLAGS = --catalogs --xinclude --nonet
+XSLTPROC_FLAGS = --stringparam profile.condition "$(CONDS)" --catalogs --xinclude --nonet
man_MANS = \
sss_useradd.8 sss_userdel.8 sss_usermod.8 \
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 5afa9ad7..3228e624 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -1553,7 +1553,15 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
</para>
</listitem>
</varlistentry>
+ </variablelist>
+ </para>
+ </refsect1>
+ <refsect1 id='sudo-options' condition="with_sudo">
+ <title>SUDO OPTIONS</title>
+ <para>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/experimental.xml" />
+ <variablelist>
<varlistentry>
<term>ldap_sudorule_object_class (string)</term>
<listitem>
@@ -1597,7 +1605,8 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
<listitem>
<para>
The LDAP attribute that corresponds to the
- host name.
+ host name (or host IP address, host IP network,
+ or host netgroup)
</para>
<para>
Default: sudoHost
@@ -1610,7 +1619,7 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
<listitem>
<para>
The LDAP attribute that corresponds to the
- user name.
+ user name (or UID, group name or user's netgroup)
</para>
<para>
Default: sudoUser
@@ -1648,8 +1657,8 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
<term>ldap_sudorule_runasgroup (string)</term>
<listitem>
<para>
- The LDAP attribute that corresponds to the
- group name that commands may be run as.
+ The LDAP attribute that corresponds to the group
+ name or group GID that commands may be run as.
</para>
<para>
Default: sudoRunAsGroup
@@ -1722,9 +1731,16 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
</para>
</listitem>
</varlistentry>
-
</variablelist>
</para>
+ <para>
+ This manual page only describes attribute name mapping.
+ For detailed explanation of sudo related attribute sematics,
+ see
+ <citerefentry>
+ <refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>
+ </para>
</refsect1>
<refsect1 id='advanced-options'>
@@ -1835,7 +1851,7 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
</listitem>
</varlistentry>
- <varlistentry>
+ <varlistentry condition="with_sudo">
<term>ldap_sudo_search_base (string)</term>
<listitem>
<para>
@@ -1851,6 +1867,9 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
Default: the value of
<emphasis>ldap_search_base</emphasis>
</para>
+ <para>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/experimental.xml" />
+ </para>
</listitem>
</varlistentry>
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 93f82303..fee40a6a 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -85,7 +85,8 @@
started when sssd itself starts.
</para>
<para>
- Supported services: nss, pam, sudo
+ Supported services: nss, pam
+ <phrase condition="with_sudo">, sudo</phrase>
</para>
</listitem>
</varlistentry>
@@ -866,10 +867,14 @@
</para>
</listitem>
</varlistentry>
- <varlistentry>
+
+ <varlistentry condition="with_sudo">
<term>sudo_provider (string)</term>
<listitem>
<para>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/experimental.xml" />
+ </para>
+ <para>
The SUDO provider used for the domain.
Supported SUDO providers are:
</para>
@@ -884,7 +889,7 @@
<quote>none</quote> disables SUDO explicitly.
</para>
<para>
- Default: <quote>id_provider</quote> is used if it
+ Default: The value of <quote>id_provider</quote> is used if it
is set.
</para>
</listitem>