From 5ba03a1e8bd97fe109e342e0727efeac2d274dbc Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Sep 20 2013 18:28:37 +0000 Subject: man: improve sssd-sudo manual page Resolves: https://fedorahosted.org/sssd/ticket/2085 --- diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index 361fdb7..de276ad 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -66,11 +66,31 @@ sudoers: files sss 5 . + + Note: in order to use netgroups or IPA + hostgroups in sudo rules, you also need to correctly set + + nisdomainname + 1 + + to your NIS domain name (which equals to IPA domain name when + using hostgroups). + Configuring SSSD to fetch sudo rules + All configuration that is needed on SSSD side is to extend the list + of services with "sudo" in [sssd] section of + + sssd.conf + 5 + . To speed up the LDAP lookups, you can also set + search base for sudo rules using + ldap_sudo_search_base option. + + The following example shows how to configure SSSD to download sudo rules from an LDAP server. @@ -89,8 +109,8 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com - When the SSSD is configured to use the IPA provider, the sudo - provider is automatically enabled. The sudo search base + When the SSSD is configured to use IPA as the ID provider, + the sudo provider is automatically enabled. The sudo search base is configured to use the compat tree (ou=sudoers,$DC).