From 6835cbe127490f99b5b28ddf133924d905cf78fd Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Fri, 13 Sep 2013 15:48:10 +0200 Subject: man: improve sssd-sudo manual page Resolves: https://fedorahosted.org/sssd/ticket/2085 --- src/man/sssd-sudo.5.xml | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index 361fdb7b..de276ad2 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -66,10 +66,30 @@ sudoers: files sss 5 . + + Note: in order to use netgroups or IPA + hostgroups in sudo rules, you also need to correctly set + + nisdomainname + 1 + + to your NIS domain name (which equals to IPA domain name when + using hostgroups). + Configuring SSSD to fetch sudo rules + + All configuration that is needed on SSSD side is to extend the list + of services with "sudo" in [sssd] section of + + sssd.conf + 5 + . To speed up the LDAP lookups, you can also set + search base for sudo rules using + ldap_sudo_search_base option. + The following example shows how to configure SSSD to download sudo rules from an LDAP server. @@ -89,8 +109,8 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com - When the SSSD is configured to use the IPA provider, the sudo - provider is automatically enabled. The sudo search base + When the SSSD is configured to use IPA as the ID provider, + the sudo provider is automatically enabled. The sudo search base is configured to use the compat tree (ou=sudoers,$DC). -- cgit