diff options
author | Fabiano FidĂȘncio <fidencio@redhat.com> | 2017-09-13 07:22:12 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-09-14 17:18:01 +0200 |
commit | 3ec6f2902a89d97ad3af5df400a45217fe764f4e (patch) | |
tree | 699cd16b362a0c139fbcc4aae4e55cffb6d1a31f | |
parent | 9acdf51bf32d7b4389f3faea0fc6b73c56b6da71 (diff) | |
download | sssd-3ec6f2902a89d97ad3af5df400a45217fe764f4e.tar.gz sssd-3ec6f2902a89d97ad3af5df400a45217fe764f4e.tar.xz sssd-3ec6f2902a89d97ad3af5df400a45217fe764f4e.zip |
MAN: Add a note about the output of all commands when using domain_resolution_order
As the output of all commands when using domain_resolution_order is
fully-qualified, even when using shortnames, let's add a note in the man
page to make it explicit. Also, let's suggest a possible workaround for
this having the output non fully-qualified and also mention the problems
that the possible workaround may cause.
Resolves: https://pagure.io/SSSD/sssd/issue/3513
Signed-off-by: Fabiano FidĂȘncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-rw-r--r-- | src/man/sssd.conf.5.xml | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 9c9bf894f..11496341d 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -560,6 +560,30 @@ in a random order for each parent domain. </para> <para> + Please, note that when this option is set the + output format of all commands is always + fully-qualified even when using short names + for input. + In case the administrator wants the output not + fully-qualified, the full_name_format option + can be used as shown below: + <quote>full_name_format=%1$s</quote> + However, keep in mind that during login, login + applications often canonicalize the username by + calling + <citerefentry> + <refentrytitle>getpwnam</refentrytitle> + <manvolnum>3</manvolnum> + </citerefentry> + which, if a shortname is returned for a + qualified input (while trying to reach a user + which exists in multiple domains) might + re-route the login attempt into the domain + which users shortnames, making this workaround + totally not recommended in cases where + usernames may overlap between domains. + </para> + <para> Default: Not set </para> </listitem> |