diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-25 17:09:00 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-26 18:38:44 +0100 |
commit | 59995f35b7dd6ec552be1081b0120f2344e3ded3 (patch) | |
tree | 01b925c0289cf6e086d9b7feb3c569e85fb9865b | |
parent | af16267fc9d681fc4230fa82a9fe86de9491c8fd (diff) | |
download | sssd-59995f35b7dd6ec552be1081b0120f2344e3ded3.tar.gz sssd-59995f35b7dd6ec552be1081b0120f2344e3ded3.tar.xz sssd-59995f35b7dd6ec552be1081b0120f2344e3ded3.zip |
MAN: Clarify that changing ID mapping options might require purging the cache
https://fedorahosted.org/sssd/ticket/2252
Currently SSSD chokes when IDs of users change, we don't support ID
changes yet. Because some users were confused about the failures, this
patch adds additional clarification.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
(cherry picked from commit 3dfa09a826e5f63b4948462c2452937fc329834d)
-rw-r--r-- | src/man/include/ldap_id_mapping.xml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/src/man/include/ldap_id_mapping.xml b/src/man/include/ldap_id_mapping.xml index 71ff248f1..7f5dbd30b 100644 --- a/src/man/include/ldap_id_mapping.xml +++ b/src/man/include/ldap_id_mapping.xml @@ -12,6 +12,48 @@ need to use manually-assigned values, ALL values must be manually-assigned. </para> + <para> + Please note that changing the ID mapping related configuration + options will cause user and group IDs to change. At the moment, + SSSD does not support changing IDs, so the SSSD database must + be removed. Because cached passwords are also stored in the + database, removing the database should only be performed while + the authentication servers are reachable, otherwise users might + get locked out. In order to cache the password, an authentication + must be performed. It is not sufficient to use + <citerefentry> + <refentrytitle>sss_cache</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry> + to remove the database, rather the process + consists of: + <itemizedlist> + <listitem> + <para> + Making sure the remote servers are reachable + </para> + </listitem> + <listitem> + <para> + Stopping the SSSD service + </para> + </listitem> + <listitem> + <para> + Removing the database + </para> + </listitem> + <listitem> + <para> + Starting the SSSD service + </para> + </listitem> + </itemizedlist> + Moreover, as the change of IDs might necessitate the adjustment + of other system properties such as file and directory ownership, + it's advisable to plan ahead and test the ID mapping configuration + thoroughly. + </para> <refsect2 id='idmap_algorithm'> <title>Mapping Algorithm</title> |