diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-25 17:09:00 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-26 18:35:59 +0100 |
| commit | 0aa145fd26584d129fb5a6974f58c232b87bb692 (patch) | |
| tree | 1ac1b5e3b5a39b9d9b34723b95a97c8b80cc940f | |
| parent | 1e45bf20032b4d984e02487bb39cb61210063ea9 (diff) | |
| download | sssd-0aa145fd26584d129fb5a6974f58c232b87bb692.tar.gz sssd-0aa145fd26584d129fb5a6974f58c232b87bb692.tar.xz sssd-0aa145fd26584d129fb5a6974f58c232b87bb692.zip | |
MAN: Clarify that changing ID mapping options might require purging the cache
https://fedorahosted.org/sssd/ticket/2252
Currently SSSD chokes when IDs of users change, we don't support ID
changes yet. Because some users were confused about the failures, this
patch adds additional clarification.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
(cherry picked from commit 3dfa09a826e5f63b4948462c2452937fc329834d)
| -rw-r--r-- | src/man/include/ldap_id_mapping.xml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/src/man/include/ldap_id_mapping.xml b/src/man/include/ldap_id_mapping.xml index 71ff248f1..7f5dbd30b 100644 --- a/src/man/include/ldap_id_mapping.xml +++ b/src/man/include/ldap_id_mapping.xml @@ -12,6 +12,48 @@ need to use manually-assigned values, ALL values must be manually-assigned. </para> + <para> + Please note that changing the ID mapping related configuration + options will cause user and group IDs to change. At the moment, + SSSD does not support changing IDs, so the SSSD database must + be removed. Because cached passwords are also stored in the + database, removing the database should only be performed while + the authentication servers are reachable, otherwise users might + get locked out. In order to cache the password, an authentication + must be performed. It is not sufficient to use + <citerefentry> + <refentrytitle>sss_cache</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry> + to remove the database, rather the process + consists of: + <itemizedlist> + <listitem> + <para> + Making sure the remote servers are reachable + </para> + </listitem> + <listitem> + <para> + Stopping the SSSD service + </para> + </listitem> + <listitem> + <para> + Removing the database + </para> + </listitem> + <listitem> + <para> + Starting the SSSD service + </para> + </listitem> + </itemizedlist> + Moreover, as the change of IDs might necessitate the adjustment + of other system properties such as file and directory ownership, + it's advisable to plan ahead and test the ID mapping configuration + thoroughly. + </para> <refsect2 id='idmap_algorithm'> <title>Mapping Algorithm</title> |