Mention sssd support in the sudoers.ldap manual and cross-reference

sssd-sudo(5).

diff --git a/doc/sudoers.ldap.cat b/doc/sudoers.ldap.cat
index c14b70064bed2e0bd03dc0ecef15c654545f349d..0834b2c923e6bf08d7ffb11e9e242b2b292ebf84 100644 (file)
--- a/doc/sudoers.ldap.cat
+++ b/doc/sudoers.ldap.cat
@@ -607,6 +607,15 @@ D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
 
          sudoers = files
 
+   I\bIn\bnt\bte\beg\bgr\bra\bat\bti\bio\bon\bn w\bwi\bit\bth\bh s\bss\bss\bsd\bd
+     On systems with the _\bS_\by_\bs_\bt_\be_\bm _\bS_\be_\bc_\bu_\br_\bi_\bt_\by _\bS_\be_\br_\bv_\bi_\bc_\be_\bs _\bD_\ba_\be_\bm_\bo_\bn (SSSD) and where s\bsu\bud\bdo\bo
+     has been built with SSSD support, it is possible to use SSSD to cache
+     LDAP _\bs_\bu_\bd_\bo_\be_\br_\bs rules.  To use SSSD as the _\bs_\bu_\bd_\bo_\be_\br_\bs source, you should use
+     sssd instead of ldap for the sudoers entry in _\b/_\be_\bt_\bc_\b/_\bn_\bs_\bs_\bw_\bi_\bt_\bc_\bh_\b._\bc_\bo_\bn_\bf.  Note
+     that the _\b/_\be_\bt_\bc_\b/_\bl_\bd_\ba_\bp_\b._\bc_\bo_\bn_\bf file is not used by the SSSD s\bsu\bud\bdo\bo back end.
+     Please see sssd-sudo(4) for more information on configuring s\bsu\bud\bdo\bo to work
+     with SSSD.
+
 F\bFI\bIL\bLE\bES\bS
      _\b/_\be_\bt_\bc_\b/_\bl_\bd_\ba_\bp_\b._\bc_\bo_\bn_\bf            LDAP configuration file
 
@@ -803,7 +812,7 @@ E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
           )
 
 S\bSE\bEE\bE A\bAL\bLS\bSO\bO
-     ldap.conf(4), sudo.conf(4), sudoers(1m)
+     ldap.conf(4), sssd-sudo(4), sudo.conf(4), sudoers(1m)
 
 C\bCA\bAV\bVE\bEA\bAT\bTS\bS
      Note that there are differences in the way that LDAP-based _\bs_\bu_\bd_\bo_\be_\br_\bs is
@@ -826,4 +835,4 @@ D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
      file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
      complete details.
 
-Sudo 1.8.12                      July 10, 2014                     Sudo 1.8.12
+Sudo 1.8.12                    November 17, 2014                   Sudo 1.8.12

diff --git a/doc/sudoers.ldap.man.in b/doc/sudoers.ldap.man.in
index c28ff573021d3d00ca459bb11aef9fd6c077941c..2bd3fa2695887536a4aa857795e686b70da54913 100644 (file)
--- a/doc/sudoers.ldap.man.in
+++ b/doc/sudoers.ldap.man.in
@@ -16,7 +16,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.TH "SUDOERS.LDAP" "8" "July 10, 2014" "Sudo @PACKAGE_VERSION@" "OpenBSD System Manager's Manual"
+.TH "SUDOERS.LDAP" "8" "November 17, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -37,7 +37,7 @@ Using LDAP for
 \fIsudoers\fR
 has several benefits:
 .TP 4n
-\fBo\fR
+\fB\(bu\fR
 \fBsudo\fR
 no longer needs to read
 \fIsudoers\fR
@@ -45,7 +45,7 @@ in its entirety.
 When LDAP is used, there are only two or three LDAP queries per invocation.
 This makes it especially fast and particularly usable in LDAP environments.
 .TP 4n
-\fBo\fR
+\fB\(bu\fR
 \fBsudo\fR
 no longer exits if there is a typo in
 \fIsudoers\fR.
@@ -56,7 +56,7 @@ this will not prevent
 \fBsudo\fR
 from running.
 .TP 4n
-\fBo\fR
+\fB\(bu\fR
 It is possible to specify per-entry options that override the global
 default options.
 \fI@sysconfdir@/sudoers\fR
@@ -65,7 +65,7 @@ user/host/commands/aliases.
 The syntax is complicated and can be difficult for users to understand.
 Placing the options directly in the entry is more natural.
 .TP 4n
-\fBo\fR
+\fB\(bu\fR
 The
 \fBvisudo\fR
 program is no longer needed.
@@ -1114,6 +1114,33 @@ default is assumed:
 sudoers = files
 .RE
 .fi
+.SS "Integration with sssd"
+On systems with the
+\fISystem Security Services Daemon\fR
+(SSSD) and where
+\fBsudo\fR
+has been built with SSSD support,
+it is possible to use SSSD to cache LDAP
+\fIsudoers\fR
+rules.
+To use SSSD as the
+\fIsudoers\fR
+source, you should use
+\fRsssd\fR
+instead of
+\fRldap\fR
+for the sudoers entry in
+\fI@nsswitch_conf@\fR.
+Note that the
+\fI@ldap_conf@\fR
+file is not used by the SSSD
+\fBsudo\fR
+back end.
+Please see
+sssd-sudo(@mansectform@)
+for more information on configuring
+\fBsudo\fR
+to work with SSSD.
 .SH "FILES"
 .TP 26n
 \fI@ldap_conf@\fR
@@ -1329,6 +1356,7 @@ objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
 .fi
 .SH "SEE ALSO"
 ldap.conf(@mansectform@),
+sssd-sudo(@mansectform@),
 sudo.conf(@mansectform@),
 sudoers(@mansectsu@)
 .SH "CAVEATS"

diff --git a/doc/sudoers.ldap.mdoc.in b/doc/sudoers.ldap.mdoc.in
index 1cdc965fe7f82365bfbe77cf2efd0f04e8b81f07..452cb063d05b5f4e42d47bd5017ea3facbb8269f 100644 (file)
--- a/doc/sudoers.ldap.mdoc.in
+++ b/doc/sudoers.ldap.mdoc.in
@@ -14,7 +14,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd July 10, 2014
+.Dd November 17, 2014
 .Dt SUDOERS.LDAP @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -1002,6 +1002,33 @@ default is assumed:
 .Bd -literal -offset 4n
 sudoers = files
 .Ed
+.Ss Integration with sssd
+On systems with the
+.Em System Security Services Daemon
+(SSSD) and where
+.Nm sudo
+has been built with SSSD support,
+it is possible to use SSSD to cache LDAP
+.Em sudoers
+rules.
+To use SSSD as the
+.Em sudoers
+source, you should use
+.Li sssd
+instead of
+.Li ldap
+for the sudoers entry in
+.Pa @nsswitch_conf@ .
+Note that the
+.Pa @ldap_conf@
+file is not used by the SSSD
+.Nm sudo
+back end.
+Please see
+.Xr sssd-sudo @mansectform@
+for more information on configuring
+.Nm sudo 
+to work with SSSD.
 .Sh FILES
 .Bl -tag -width 24n
 .It Pa @ldap_conf@
@@ -1211,6 +1238,7 @@ objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
 .Ed
 .Sh SEE ALSO
 .Xr ldap.conf @mansectform@ ,
+.Xr sssd-sudo @mansectform@ ,
 .Xr sudo.conf @mansectform@ ,
 .Xr sudoers @mansectsu@
 .Sh CAVEATS