From 5f879ab8b6c1cefbc63e1c2303f79b09b6246ca3 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 19 Jul 2012 14:42:41 -0400
Subject: MAN: Improvements to the AD provider manpage

Add information about ID mapping (including how to disable it) as
well as information on how to handle homedir and shell.

https://fedorahosted.org/sssd/ticket/1433
---
 src/man/sssd-ad.5.xml   | 98 +++++++++++++++++++++++++++++++++++++++++++++++++
 src/man/sssd.conf.5.xml | 16 ++++++++
 2 files changed, 114 insertions(+)

diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index 46660b306..f9ef0f3d6 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -59,6 +59,16 @@
             provider. No configuration of the access provider is required on
             the client side.
         </para>
+        <para>
+            By default, the AD provider will map UID and GID values from the
+            objectSID parameter in Active Directory. For details on this, see
+            the <quote>ID MAPPING</quote> section below. If you want to
+            disable ID mapping and instead rely on POSIX attributes defined in
+            Active Directory, you should set
+            <programlisting>
+ldap_id_mapping = False
+            </programlisting>
+        </para>
     </refsect1>
 
     <refsect1 id='file-format'>
@@ -118,6 +128,92 @@
                     </listitem>
                 </varlistentry>
 
+                <varlistentry>
+                    <term>override_homedir (string)</term>
+                    <listitem>
+                        <para>
+                            Override the user's home directory. You
+                            can either provide an absolute value or a
+                            template. In the template, the following
+                            sequences are substituted:
+                            <variablelist>
+                                <varlistentry>
+                                    <term>%u</term>
+                                    <listitem><para>login name</para></listitem>
+                                </varlistentry>
+                                <varlistentry>
+                                    <term>%U</term>
+                                    <listitem><para>UID number</para></listitem>
+                                </varlistentry>
+                                <varlistentry>
+                                    <term>%d</term>
+                                    <listitem><para>domain name</para></listitem>
+                                </varlistentry>
+                                <varlistentry>
+                                    <term>%f</term>
+                                    <listitem><para>fully qualified user name (user@domain)</para></listitem>
+                                </varlistentry>
+                                <varlistentry>
+                                    <term>%%</term>
+                                    <listitem><para>a literal '%'</para>
+                                    </listitem>
+                                </varlistentry>
+                            </variablelist>
+                        </para>
+                        <para>
+                            This option can also be set per-domain.
+                        </para>
+                        <para>
+                            example:
+                            <programlisting>
+override_homedir = /home/%u
+                            </programlisting>
+                        </para>
+                        <para>
+                            Default: Not set (SSSD will use the value
+                            retrieved from LDAP)
+                        </para>
+                    </listitem>
+                </varlistentry>
+                <varlistentry>
+                    <term>fallback_homedir (string)</term>
+                    <listitem>
+                        <para>
+                            Set a default template for a user's home directory
+                            if one is not specified explicitly by the domain's
+                            data provider.
+                        </para>
+                        <para>
+                            The available values for this option are the same
+                            as for override_homedir.
+                        </para>
+                        <para>
+                            example:
+                            <programlisting>
+fallback_homedir = /home/%u
+                            </programlisting>
+                        </para>
+                        <para>
+                            Default: not set (no substitution for unset home
+                            directories)
+                        </para>
+                    </listitem>
+                </varlistentry>
+                <varlistentry>
+                    <term>default_shell</term>
+                    <listitem>
+                        <para>
+                            The default shell to use if the provider does not
+                            return one during lookup. This option supersedes
+                            any other shell options if it takes effect.
+                        </para>
+                        <para>
+                            Default: not set (Return NULL if no shell is
+                            specified and rely on libc to substitute something
+                            sensible when necessary, usually /bin/sh)
+                        </para>
+                    </listitem>
+                </varlistentry>
             </variablelist>
         </para>
     </refsect1>
@@ -126,6 +222,8 @@
 
     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/service_discovery.xml" />
 
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/ldap_id_mapping.xml" />
+
     <refsect1 id='example'>
         <title>EXAMPLE</title>
         <para>
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index dbacf7aaa..26f05eae6 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -449,6 +449,16 @@
                         <para>
                             This option can also be set per-domain.
                         </para>
+                        <para>
+                            example:
+                            <programlisting>
+override_homedir = /home/%u
+                            </programlisting>
+                        </para>
+                        <para>
+                            Default: Not set (SSSD will use the value
+                            retrieved from LDAP)
+                        </para>
                     </listitem>
                 </varlistentry>
                 <varlistentry>
@@ -463,6 +473,12 @@
                             The available values for this option are the same
                             as for override_homedir.
                         </para>
+                        <para>
+                            example:
+                            <programlisting>
+override_homedir = /home/%u
+                            </programlisting>
+                        </para>
                         <para>
                             Default: not set (no substitution for unset home
                             directories)
-- 
cgit