From 3ec6f2902a89d97ad3af5df400a45217fe764f4e Mon Sep 17 00:00:00 2001 From: Fabiano FidĂȘncio Date: Wed, 13 Sep 2017 07:22:12 +0200 Subject: MAN: Add a note about the output of all commands when using domain_resolution_order MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As the output of all commands when using domain_resolution_order is fully-qualified, even when using shortnames, let's add a note in the man page to make it explicit. Also, let's suggest a possible workaround for this having the output non fully-qualified and also mention the problems that the possible workaround may cause. Resolves: https://pagure.io/SSSD/sssd/issue/3513 Signed-off-by: Fabiano FidĂȘncio Reviewed-by: Jakub Hrozek --- src/man/sssd.conf.5.xml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'src') diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 9c9bf894f..11496341d 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -559,6 +559,30 @@ lookup_order will be looked up in a random order for each parent domain. + + Please, note that when this option is set the + output format of all commands is always + fully-qualified even when using short names + for input. + In case the administrator wants the output not + fully-qualified, the full_name_format option + can be used as shown below: + full_name_format=%1$s + However, keep in mind that during login, login + applications often canonicalize the username by + calling + + getpwnam + 3 + + which, if a shortname is returned for a + qualified input (while trying to reach a user + which exists in multiple domains) might + re-route the login attempt into the domain + which users shortnames, making this workaround + totally not recommended in cases where + usernames may overlap between domains. + Default: Not set -- cgit