From 552dbe5253354146c390dbb86ab96fbcad56c4f7 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Mon, 17 Nov 2014 15:26:12 -0700
Subject: [PATCH] Mention sssd support in the sudoers.ldap manual and
 cross-reference sssd-sudo(5).

---
 doc/sudoers.ldap.cat     | 13 +++++++++++--
 doc/sudoers.ldap.man.in  | 38 +++++++++++++++++++++++++++++++++-----
 doc/sudoers.ldap.mdoc.in | 30 +++++++++++++++++++++++++++++-
 3 files changed, 73 insertions(+), 8 deletions(-)

diff --git a/doc/sudoers.ldap.cat b/doc/sudoers.ldap.cat
index c14b70064..0834b2c92 100644
--- a/doc/sudoers.ldap.cat
+++ b/doc/sudoers.ldap.cat
@@ -607,6 +607,15 @@ DDEESSCCRRIIPPTTIIOONN
 
          sudoers = files
 
+   IInntteeggrraattiioonn wwiitthh ssssssdd
+     On systems with the _S_y_s_t_e_m _S_e_c_u_r_i_t_y _S_e_r_v_i_c_e_s _D_a_e_m_o_n (SSSD) and where ssuuddoo
+     has been built with SSSD support, it is possible to use SSSD to cache
+     LDAP _s_u_d_o_e_r_s rules.  To use SSSD as the _s_u_d_o_e_r_s source, you should use
+     sssd instead of ldap for the sudoers entry in _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f.  Note
+     that the _/_e_t_c_/_l_d_a_p_._c_o_n_f file is not used by the SSSD ssuuddoo back end.
+     Please see sssd-sudo(4) for more information on configuring ssuuddoo to work
+     with SSSD.
+
 FFIILLEESS
      _/_e_t_c_/_l_d_a_p_._c_o_n_f            LDAP configuration file
 
@@ -803,7 +812,7 @@ EEXXAAMMPPLLEESS
           )
 
 SSEEEE AALLSSOO
-     ldap.conf(4), sudo.conf(4), sudoers(1m)
+     ldap.conf(4), sssd-sudo(4), sudo.conf(4), sudoers(1m)
 
 CCAAVVEEAATTSS
      Note that there are differences in the way that LDAP-based _s_u_d_o_e_r_s is
@@ -826,4 +835,4 @@ DDIISSCCLLAAIIMMEERR
      file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
      complete details.
 
-Sudo 1.8.12                      July 10, 2014                     Sudo 1.8.12
+Sudo 1.8.12                    November 17, 2014                   Sudo 1.8.12
diff --git a/doc/sudoers.ldap.man.in b/doc/sudoers.ldap.man.in
index c28ff5730..2bd3fa269 100644
--- a/doc/sudoers.ldap.man.in
+++ b/doc/sudoers.ldap.man.in
@@ -16,7 +16,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.TH "SUDOERS.LDAP" "8" "July 10, 2014" "Sudo @PACKAGE_VERSION@" "OpenBSD System Manager's Manual"
+.TH "SUDOERS.LDAP" "8" "November 17, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -37,7 +37,7 @@ Using LDAP for
 \fIsudoers\fR
 has several benefits:
 .TP 4n
-\fBo\fR
+\fB\(bu\fR
 \fBsudo\fR
 no longer needs to read
 \fIsudoers\fR
@@ -45,7 +45,7 @@ in its entirety.
 When LDAP is used, there are only two or three LDAP queries per invocation.
 This makes it especially fast and particularly usable in LDAP environments.
 .TP 4n
-\fBo\fR
+\fB\(bu\fR
 \fBsudo\fR
 no longer exits if there is a typo in
 \fIsudoers\fR.
@@ -56,7 +56,7 @@ this will not prevent
 \fBsudo\fR
 from running.
 .TP 4n
-\fBo\fR
+\fB\(bu\fR
 It is possible to specify per-entry options that override the global
 default options.
 \fI@sysconfdir@/sudoers\fR
@@ -65,7 +65,7 @@ user/host/commands/aliases.
 The syntax is complicated and can be difficult for users to understand.
 Placing the options directly in the entry is more natural.
 .TP 4n
-\fBo\fR
+\fB\(bu\fR
 The
 \fBvisudo\fR
 program is no longer needed.
@@ -1114,6 +1114,33 @@ default is assumed:
 sudoers = files
 .RE
 .fi
+.SS "Integration with sssd"
+On systems with the
+\fISystem Security Services Daemon\fR
+(SSSD) and where
+\fBsudo\fR
+has been built with SSSD support,
+it is possible to use SSSD to cache LDAP
+\fIsudoers\fR
+rules.
+To use SSSD as the
+\fIsudoers\fR
+source, you should use
+\fRsssd\fR
+instead of
+\fRldap\fR
+for the sudoers entry in
+\fI@nsswitch_conf@\fR.
+Note that the
+\fI@ldap_conf@\fR
+file is not used by the SSSD
+\fBsudo\fR
+back end.
+Please see
+sssd-sudo(@mansectform@)
+for more information on configuring
+\fBsudo\fR
+to work with SSSD.
 .SH "FILES"
 .TP 26n
 \fI@ldap_conf@\fR
@@ -1329,6 +1356,7 @@ objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
 .fi
 .SH "SEE ALSO"
 ldap.conf(@mansectform@),
+sssd-sudo(@mansectform@),
 sudo.conf(@mansectform@),
 sudoers(@mansectsu@)
 .SH "CAVEATS"
diff --git a/doc/sudoers.ldap.mdoc.in b/doc/sudoers.ldap.mdoc.in
index 1cdc965fe..452cb063d 100644
--- a/doc/sudoers.ldap.mdoc.in
+++ b/doc/sudoers.ldap.mdoc.in
@@ -14,7 +14,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd July 10, 2014
+.Dd November 17, 2014
 .Dt SUDOERS.LDAP @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -1002,6 +1002,33 @@ default is assumed:
 .Bd -literal -offset 4n
 sudoers = files
 .Ed
+.Ss Integration with sssd
+On systems with the
+.Em System Security Services Daemon
+(SSSD) and where
+.Nm sudo
+has been built with SSSD support,
+it is possible to use SSSD to cache LDAP
+.Em sudoers
+rules.
+To use SSSD as the
+.Em sudoers
+source, you should use
+.Li sssd
+instead of
+.Li ldap
+for the sudoers entry in
+.Pa @nsswitch_conf@ .
+Note that the
+.Pa @ldap_conf@
+file is not used by the SSSD
+.Nm sudo
+back end.
+Please see
+.Xr sssd-sudo @mansectform@
+for more information on configuring
+.Nm sudo 
+to work with SSSD.
 .Sh FILES
 .Bl -tag -width 24n
 .It Pa @ldap_conf@
@@ -1211,6 +1238,7 @@ objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
 .Ed
 .Sh SEE ALSO
 .Xr ldap.conf @mansectform@ ,
+.Xr sssd-sudo @mansectform@ ,
 .Xr sudo.conf @mansectform@ ,
 .Xr sudoers @mansectsu@
 .Sh CAVEATS
-- 
2.40.0