Update sudo support for SSSD discovered WAD ldap users (dsR8MR2+,MR3)
Update example Not to be updated in r9 or later. Change-Id: I0f22ef0453e35171def083ddd09a340d46e23b09 Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
This commit is contained in:
parent
2eedd72955
commit
2bcc6c2b59
|
@ -203,15 +203,14 @@ Run ``getent group <group_name>@<domain_name>`` to see the group and its members
|
||||||
|
|
||||||
.. code-block:: none
|
.. code-block:: none
|
||||||
|
|
||||||
getent passwd eng@ad.wad-server.com
|
getent group eng@ad.wad-server.com
|
||||||
|
|
||||||
|
|
||||||
Remote SSH
|
Remote SSH
|
||||||
----------
|
----------
|
||||||
|
|
||||||
Once the |SSSD| is connected to the domain, a domain user can be used to |SSH|
|
Once the |SSSD| is connected to the domain, a domain user can be used to |SSH|
|
||||||
to the |prod| host. If a user has the same user login name in multiple domains,
|
to the |prod| host.
|
||||||
the domain name can be used to distinguish between the common name users.
|
|
||||||
|
|
||||||
.. code-block:: none
|
.. code-block:: none
|
||||||
|
|
||||||
|
@ -284,15 +283,22 @@ Support of sudo users and local linux group membership (e.g. ``sys_protected``)
|
||||||
in |prod| platform is done locally after |WAD| users have been discovered by
|
in |prod| platform is done locally after |WAD| users have been discovered by
|
||||||
|SSSD|.
|
|SSSD|.
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
The user names discovered by |SSSD| are not fully qualified and therefore
|
||||||
|
users names should be unique across multiple domains. In the Linux platform
|
||||||
|
the commands that require a user name parameter should use ``<user_name>``
|
||||||
|
and not ``<user name>@<domain_name>``.
|
||||||
|
|
||||||
For example:
|
For example:
|
||||||
|
|
||||||
.. code-block:: none
|
.. code-block:: none
|
||||||
|
|
||||||
# To add the WAD-discovered user "pvtest1" to the group 'sudo'
|
# To add the WAD-discovered user "pvtest1" to the group 'sudo'
|
||||||
sudo usermod -a -G sudo pvtest1@ad.wad-server.com
|
sudo usermod -a -G sudo pvtest1
|
||||||
|
|
||||||
# To add the WAD-discovered user "pvtest1" to the group 'sys_protected'
|
# To add the WAD-discovered user "pvtest1" to the group 'sys_protected'
|
||||||
sudo usermod -a -G sys_protected pvtest1@ad.wad-server.com
|
sudo usermod -a -G sys_protected pvtest1
|
||||||
|
|
||||||
-------------------------------------------
|
-------------------------------------------
|
||||||
Default Local OpenLDAP Domain Configuration
|
Default Local OpenLDAP Domain Configuration
|
||||||
|
|
Loading…
Reference in New Issue