diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-25 17:09:00 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-26 18:34:46 +0100 |
| commit | 3dfa09a826e5f63b4948462c2452937fc329834d (patch) | |
| tree | 034a2a4d9fedbdbb89d236fc41cb6005bb0768d8 /src/man | |
| parent | 604d46e028ab62f83060fb88bdd3319a31aca2d1 (diff) | |
| download | sssd-3dfa09a826e5f63b4948462c2452937fc329834d.tar.gz sssd-3dfa09a826e5f63b4948462c2452937fc329834d.tar.xz sssd-3dfa09a826e5f63b4948462c2452937fc329834d.zip | |
MAN: Clarify that changing ID mapping options might require purging the cache
https://fedorahosted.org/sssd/ticket/2252
Currently SSSD chokes when IDs of users change, we don't support ID
changes yet. Because some users were confused about the failures, this
patch adds additional clarification.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Diffstat (limited to 'src/man')
| -rw-r--r-- | src/man/include/ldap_id_mapping.xml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/src/man/include/ldap_id_mapping.xml b/src/man/include/ldap_id_mapping.xml index 9dda39924..64d2c159d 100644 --- a/src/man/include/ldap_id_mapping.xml +++ b/src/man/include/ldap_id_mapping.xml @@ -12,6 +12,48 @@ need to use manually-assigned values, ALL values must be manually-assigned. </para> + <para> + Please note that changing the ID mapping related configuration + options will cause user and group IDs to change. At the moment, + SSSD does not support changing IDs, so the SSSD database must + be removed. Because cached passwords are also stored in the + database, removing the database should only be performed while + the authentication servers are reachable, otherwise users might + get locked out. In order to cache the password, an authentication + must be performed. It is not sufficient to use + <citerefentry> + <refentrytitle>sss_cache</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry> + to remove the database, rather the process + consists of: + <itemizedlist> + <listitem> + <para> + Making sure the remote servers are reachable + </para> + </listitem> + <listitem> + <para> + Stopping the SSSD service + </para> + </listitem> + <listitem> + <para> + Removing the database + </para> + </listitem> + <listitem> + <para> + Starting the SSSD service + </para> + </listitem> + </itemizedlist> + Moreover, as the change of IDs might necessitate the adjustment + of other system properties such as file and directory ownership, + it's advisable to plan ahead and test the ID mapping configuration + thoroughly. + </para> <refsect2 id='idmap_algorithm'> <title>Mapping Algorithm</title> |