Document limitations of LDIF conversion.

diff --git a/doc/cvtsudoers.cat b/doc/cvtsudoers.cat
index d18ebd3439bf4f9b35240354bf55c3750ea26bae..0571ab36f3a1db1f7d59865f6cee2b321c258e85 100644 (file)
--- a/doc/cvtsudoers.cat
+++ b/doc/cvtsudoers.cat
@@ -8,7 +8,8 @@ S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
 
 D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
      c\bcv\bvt\bts\bsu\bud\bdo\boe\ber\brs\bs can be used to convert a policy file in _\bs_\bu_\bd_\bo_\be_\br_\bs format to
-     other formats.  The default output format is LDIF.
+     other formats.  The default output format is LDIF.  It is only possible
+     to convert a _\bs_\bu_\bd_\bo_\be_\br_\bs file that is syntactically correct.
 
      If no _\bs_\bu_\bd_\bo_\be_\br_\bs_\b__\bf_\bi_\bl_\be is specified, or if it is `-', the policy is read from
      the standard input.  By default, the result is written to the standard
@@ -30,6 +31,17 @@ D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
                            imported into an LDAP server for use with
                            sudoers.ldap(4).
 
+                           Conversion to LDIF has the following limitations:
+
+                           +\b+\bo\bo     Command, host, runas and user-specific
+                                 Defaults lines cannot be translated as they
+                                 don't have an equivalent in the sudoers LDAP
+                                 schema.
+
+                           +\b+\bo\bo     Command, host, runas and user aliases are not
+                                 supported by the sudoers LDAP schema so they
+                                 are expanded during the conversion.
+
      -\b-h\bh, -\b--\b-h\bhe\bel\blp\bp  Display a short help message to the standard output and exit.
 
      -\b-o\bo _\bo_\bu_\bt_\bp_\bu_\bt_\b__\bf_\bi_\bl_\be, -\b--\b-o\bou\but\btp\bpu\but\bt=_\bo_\bu_\bt_\bp_\bu_\bt_\b__\bf_\bi_\bl_\be

diff --git a/doc/cvtsudoers.man.in b/doc/cvtsudoers.man.in
index 9a5723bce41514dcac05fc179039aa6026593c68..dd47964db43564c23d77eefd50a85ff29750588d 100644 (file)
--- a/doc/cvtsudoers.man.in
+++ b/doc/cvtsudoers.man.in
@@ -35,6 +35,9 @@ can be used to convert a policy file in
 \fIsudoers\fR
 format to other formats.
 The default output format is LDIF.
+It is only possible to convert a
+\fIsudoers\fR
+file that is syntactically correct.
 .PP
 If no
 \fIsudoers_file\fR
@@ -67,7 +70,23 @@ LDIF
 LDIF (LDAP Data Interchange Format) files can be imported into an LDAP
 server for use with
 sudoers.ldap(@mansectform@).
+.sp
+Conversion to LDIF has the following limitations:
+.PP
+.RS 10n
 .PD 0
+.TP 6n
+\fB\(bu\fR
+Command, host, runas and user-specific Defaults lines cannot be
+translated as they don't have an equivalent in the sudoers LDAP schema.
+.PD
+.TP 6n
+\fB\(bu\fR
+Command, host, runas and user aliases are not supported by the
+sudoers LDAP schema so they are expanded during the conversion.
+.PD 0
+.PP
+.RE
 .PP
 .RE
 .PD

diff --git a/doc/cvtsudoers.mdoc.in b/doc/cvtsudoers.mdoc.in
index 648510a82201ec97d086bb651b624dc3f5556c02..4d657f79e53df4dd3fca819424f8faf3733cee9e 100644 (file)
--- a/doc/cvtsudoers.mdoc.in
+++ b/doc/cvtsudoers.mdoc.in
@@ -32,6 +32,9 @@ can be used to convert a policy file in
 .Em sudoers
 format to other formats.
 The default output format is LDIF.
+It is only possible to convert a
+.Em sudoers
+file that is syntactically correct.
 .Pp
 If no
 .Ar sudoers_file
@@ -59,6 +62,16 @@ format.
 LDIF (LDAP Data Interchange Format) files can be imported into an LDAP
 server for use with
 .Xr sudoers.ldap @mansectform@ .
+.Pp
+Conversion to LDIF has the following limitations:
+.Bl -bullet -width 4n
+.It
+Command, host, runas and user-specific Defaults lines cannot be
+translated as they don't have an equivalent in the sudoers LDAP schema.
+.It
+Command, host, runas and user aliases are not supported by the
+sudoers LDAP schema so they are expanded during the conversion.
+.El
 .El
 .It Fl h , -help
 Display a short help message to the standard output and exit.