MAN: Add a note about the output of all commands when using domain_resolution_order

As the output of all commands when using domain_resolution_order is fully-qualified, even when using shortnames, let's add a note in the man page to make it explicit. Also, let's suggest a possible workaround for this having the output non fully-qualified and also mention the problems that the possible workaround may cause. Resolves: https://pagure.io/SSSD/sssd/issue/3513 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
author: Fabiano Fidêncio <fidencio@redhat.com> 2017-09-13 07:22:12 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2017-09-14 17:18:01 +0200
commit: 3ec6f2902a89d97ad3af5df400a45217fe764f4e (patch)
tree: 699cd16b362a0c139fbcc4aae4e55cffb6d1a31f
parent: 9acdf51bf32d7b4389f3faea0fc6b73c56b6da71 (diff)
download: sssd-3ec6f2902a89d97ad3af5df400a45217fe764f4e.tar.gz
sssd-3ec6f2902a89d97ad3af5df400a45217fe764f4e.tar.xz
sssd-3ec6f2902a89d97ad3af5df400a45217fe764f4e.zip
1 files changed, 24 insertions, 0 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 9c9bf894f..11496341d 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -560,6 +560,30 @@
                                 in a random order for each parent domain.
                             </para>
                             <para>
+                                Please, note that when this option is set the
+                                output format of all commands is always
+                                fully-qualified even when using short names
+                                for input.
+                                In case the administrator wants the output not
+                                fully-qualified, the full_name_format option
+                                can be used as shown below:
+                                <quote>full_name_format=%1$s</quote>
+                                However, keep in mind that during login, login
+                                applications often canonicalize the username by
+                                calling
+                                <citerefentry>
+                                    <refentrytitle>getpwnam</refentrytitle>
+                                    <manvolnum>3</manvolnum>
+                                </citerefentry>
+                                which, if a shortname is returned for a
+                                qualified input (while trying to reach a user
+                                which exists in multiple domains) might
+                                re-route the login attempt into the domain
+                                which users shortnames, making this workaround
+                                totally not recommended in cases where
+                                usernames may overlap between domains.
+                            </para>
+                            <para>
                                 Default: Not set
                             </para>
                         </listitem>
author	Fabiano Fidêncio <fidencio@redhat.com>	2017-09-13 07:22:12 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2017-09-14 17:18:01 +0200
commit	3ec6f2902a89d97ad3af5df400a45217fe764f4e (patch)
tree	699cd16b362a0c139fbcc4aae4e55cffb6d1a31f
parent	9acdf51bf32d7b4389f3faea0fc6b73c56b6da71 (diff)
download	sssd-3ec6f2902a89d97ad3af5df400a45217fe764f4e.tar.gz sssd-3ec6f2902a89d97ad3af5df400a45217fe764f4e.tar.xz sssd-3ec6f2902a89d97ad3af5df400a45217fe764f4e.zip