Update sudo support for SSSD discovered WAD ldap users (dsR8MR2+,MR3)
Update example Not to be updated in r9 or later. Change-Id: I0f22ef0453e35171def083ddd09a340d46e23b09 Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
This commit is contained in:
parent
2eedd72955
commit
2bcc6c2b59
|
@ -203,15 +203,14 @@ Run ``getent group <group_name>@<domain_name>`` to see the group and its members
|
|||
|
||||
.. code-block:: none
|
||||
|
||||
getent passwd eng@ad.wad-server.com
|
||||
getent group eng@ad.wad-server.com
|
||||
|
||||
|
||||
Remote SSH
|
||||
----------
|
||||
|
||||
Once the |SSSD| is connected to the domain, a domain user can be used to |SSH|
|
||||
to the |prod| host. If a user has the same user login name in multiple domains,
|
||||
the domain name can be used to distinguish between the common name users.
|
||||
to the |prod| host.
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
|
@ -284,15 +283,22 @@ Support of sudo users and local linux group membership (e.g. ``sys_protected``)
|
|||
in |prod| platform is done locally after |WAD| users have been discovered by
|
||||
|SSSD|.
|
||||
|
||||
.. note::
|
||||
|
||||
The user names discovered by |SSSD| are not fully qualified and therefore
|
||||
users names should be unique across multiple domains. In the Linux platform
|
||||
the commands that require a user name parameter should use ``<user_name>``
|
||||
and not ``<user name>@<domain_name>``.
|
||||
|
||||
For example:
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
# To add the WAD-discovered user "pvtest1" to the group 'sudo'
|
||||
sudo usermod -a -G sudo pvtest1@ad.wad-server.com
|
||||
sudo usermod -a -G sudo pvtest1
|
||||
|
||||
# To add the WAD-discovered user "pvtest1" to the group 'sys_protected'
|
||||
sudo usermod -a -G sys_protected pvtest1@ad.wad-server.com
|
||||
sudo usermod -a -G sys_protected pvtest1
|
||||
|
||||
-------------------------------------------
|
||||
Default Local OpenLDAP Domain Configuration
|
||||
|
|
Loading…
Reference in New Issue