From f9994f79d793c86ef03155f5e744517a7326a573 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Sun, 15 Apr 2018 17:06:26 -0600
Subject: [PATCH] add examples

---
 doc/cvtsudoers.cat     | 38 ++++++++++++++++++++----
 doc/cvtsudoers.man.in  | 67 ++++++++++++++++++++++++++++++++++++++++--
 doc/cvtsudoers.mdoc.in | 52 ++++++++++++++++++++++++++++++--
 3 files changed, 145 insertions(+), 12 deletions(-)

diff --git a/doc/cvtsudoers.cat b/doc/cvtsudoers.cat
index 99fcc80cd..0c4aae238 100644
--- a/doc/cvtsudoers.cat
+++ b/doc/cvtsudoers.cat
@@ -24,10 +24,10 @@ DDEESSCCRRIIPPTTIIOONN
      --bb _d_n, ----bbaassee=_d_n
                  The base DN (distinguished name) that will be used when
                  performing LDAP queries.  Typically this is of the form
-                 ou=SUDOers,dc=example,dc=com for the domain example.com.  If
-                 this option is not specified, the value of the SUDOERS_BASE
-                 environment variable will be used instead.  Only necessary
-                 when converting to LDIF format.
+                 ou=SUDOers,dc=-mydomain,dc=com for the domain my-domain.com.
+                 If this option is not specified, the value of the
+                 SUDOERS_BASE environment variable will be used instead.  Only
+                 necessary when converting to LDIF format.
 
      --cc, ----ccoonnffiigg
                  Specify the path to a configuration file.  Defaults to
@@ -61,8 +61,8 @@ DDEESSCCRRIIPPTTIIOONN
                  default when the output _f_o_r_m_a_t is JSON or sudoers.
 
      --ff _o_u_t_p_u_t___f_o_r_m_a_t, ----ffoorrmmaatt=_o_u_t_p_u_t___f_o_r_m_a_t
-                 Specify the output format.  The following formats are
-                 supported:
+                 Specify the output format (case-insensitive).  The following
+                 formats are supported:
 
                  JSON      JSON (JavaScript Object Notation) files are usually
                            easier for third-party applications to consume than
@@ -210,6 +210,32 @@ DDEESSCCRRIIPPTTIIOONN
 FFIILLEESS
      _/_e_t_c_/_c_v_t_s_u_d_o_e_r_s_._c_o_n_f      default configuration for cvtsudoers
 
+EEXXAAMMPPLLEESS
+     Convert _/_e_t_c_/_s_u_d_o_e_r_s to LDIF (LDAP Data Interchange Format) where the
+     _l_d_a_p_._c_o_n_f file uses a _s_u_d_o_e_r_s___b_a_s_e of my-domain,dc=com, storing the
+     result in _s_u_d_o_e_r_s_._l_d_i_f:
+
+           $ cvtsudoers -b ou=SUDOers,dc=my-domain,dc=com -o sudoers.ldif \
+                        /etc/sudoers
+
+     Convert _/_e_t_c_/_s_u_d_o_e_r_s to JSON format, storing the result in _s_u_d_o_e_r_s_._j_s_o_n:
+
+           $ cvtsudoers -f json -o sudoers.json /etc/sudoers
+
+     Parse _/_e_t_c_/_s_u_d_o_e_r_s and display only rules that match user _a_m_b_r_o_s_e on host
+     _h_a_s_t_u_r:
+
+           $ cvtsudoers -f sudoers -m user=ambrose,host=hastur /etc/sudoers
+
+     Same as above, but expand aliases and prune out any non-matching users
+     and hosts from the expanded entries.
+
+           $ cvtsudoers -ep -f sudoers -m user=ambrose,host=hastur /etc/sudoers
+
+     Convert _s_u_d_o_e_r_s_._l_d_i_f from LDIF to traditional _s_u_d_o_e_r_s format:
+
+           $ cvtsudoers -i ldif -f sudoers -o sudoers.new sudoers.ldif
+
 SSEEEE AALLSSOO
      sudoers(4), sudoers.ldap(4), sudo(1m)
 
diff --git a/doc/cvtsudoers.man.in b/doc/cvtsudoers.man.in
index d1dc94f7b..f50a2e478 100644
--- a/doc/cvtsudoers.man.in
+++ b/doc/cvtsudoers.man.in
@@ -61,9 +61,9 @@ The options are as follows:
 The base DN (distinguished name) that will be used when performing
 LDAP queries.
 Typically this is of the form
-\fRou=SUDOers,dc=example,dc=com\fR
+\fRou=SUDOers,dc=-mydomain,dc=com\fR
 for the domain
-\fRexample.com\fR.
+\fRmy-domain.com\fR.
 If this option is not specified, the value of the
 \fRSUDOERS_BASE\fR
 environment variable will be used instead.
@@ -128,7 +128,7 @@ Aliases are preserved by default when the output
 is JSON or sudoers.
 .TP 12n
 \fB\-f\fR \fIoutput_format\fR, \fB\--format\fR=\fIoutput_format\fR
-Specify the output format.
+Specify the output format (case-insensitive).
 The following formats are supported:
 .PP
 .RS 12n
@@ -384,6 +384,67 @@ configuration file.
 .TP 26n
 \fI@sysconfdir@/cvtsudoers.conf\fR
 default configuration for cvtsudoers
+.SH "EXAMPLES"
+Convert
+\fI/etc/sudoers\fR
+to LDIF (LDAP Data Interchange Format) where the
+\fIldap.conf\fR
+file uses a
+\fIsudoers_base\fR
+of my-domain,dc=com, storing the result in
+\fIsudoers.ldif\fR:
+.nf
+.sp
+.RS 6n
+$ cvtsudoers -b ou=SUDOers,dc=my-domain,dc=com -o sudoers.ldif \e
+             /etc/sudoers
+.RE
+.fi
+.PP
+Convert
+\fI/etc/sudoers\fR
+to JSON format, storing the result in
+\fIsudoers.json\fR:
+.nf
+.sp
+.RS 6n
+$ cvtsudoers -f json -o sudoers.json /etc/sudoers
+.RE
+.fi
+.PP
+Parse
+\fI/etc/sudoers\fR
+and display only rules that match user
+\fIambrose\fR
+on host
+\fIhastur\fR:
+.nf
+.sp
+.RS 6n
+$ cvtsudoers -f sudoers -m user=ambrose,host=hastur /etc/sudoers
+.RE
+.fi
+.PP
+Same as above, but expand aliases and prune out any non-matching
+users and hosts from the expanded entries.
+.nf
+.sp
+.RS 6n
+$ cvtsudoers -ep -f sudoers -m user=ambrose,host=hastur /etc/sudoers
+.RE
+.fi
+.PP
+Convert
+\fIsudoers.ldif\fR
+from LDIF to traditional
+\fIsudoers\fR
+format:
+.nf
+.sp
+.RS 6n
+$ cvtsudoers -i ldif -f sudoers -o sudoers.new sudoers.ldif
+.RE
+.fi
 .SH "SEE ALSO"
 sudoers(@mansectform@),
 sudoers.ldap(@mansectform@),
diff --git a/doc/cvtsudoers.mdoc.in b/doc/cvtsudoers.mdoc.in
index 867a3da6e..1ab474e41 100644
--- a/doc/cvtsudoers.mdoc.in
+++ b/doc/cvtsudoers.mdoc.in
@@ -58,9 +58,9 @@ The options are as follows:
 The base DN (distinguished name) that will be used when performing
 LDAP queries.
 Typically this is of the form
-.Li ou=SUDOers,dc=example,dc=com
+.Li ou=SUDOers,dc=-mydomain,dc=com
 for the domain
-.Li example.com .
+.Li my-domain.com .
 If this option is not specified, the value of the
 .Ev SUDOERS_BASE
 environment variable will be used instead.
@@ -112,7 +112,7 @@ Aliases are preserved by default when the output
 .Ar format
 is JSON or sudoers.
 .It Fl f Ar output_format , Fl -format Ns = Ns Ar output_format
-Specify the output format.
+Specify the output format (case-insensitive).
 The following formats are supported:
 .Bl -tag -width 8n
 .It JSON
@@ -327,6 +327,52 @@ configuration file.
 .It Pa @sysconfdir@/cvtsudoers.conf
 default configuration for cvtsudoers
 .El
+.Sh EXAMPLES
+Convert
+.Pa /etc/sudoers
+to LDIF (LDAP Data Interchange Format) where the
+.Pa ldap.conf
+file uses a
+.Em sudoers_base
+of my-domain,dc=com, storing the result in
+.Pa sudoers.ldif :
+.Bd -literal -offset indent
+$ cvtsudoers -b ou=SUDOers,dc=my-domain,dc=com -o sudoers.ldif \e
+             /etc/sudoers
+.Ed
+.Pp
+Convert
+.Pa /etc/sudoers
+to JSON format, storing the result in
+.Pa sudoers.json :
+.Bd -literal -offset indent
+$ cvtsudoers -f json -o sudoers.json /etc/sudoers
+.Ed
+.Pp
+Parse
+.Pa /etc/sudoers
+and display only rules that match user
+.Em ambrose
+on host
+.Em hastur :
+.Bd -literal -offset indent
+$ cvtsudoers -f sudoers -m user=ambrose,host=hastur /etc/sudoers
+.Ed
+.Pp
+Same as above, but expand aliases and prune out any non-matching
+users and hosts from the expanded entries.
+.Bd -literal -offset indent
+$ cvtsudoers -ep -f sudoers -m user=ambrose,host=hastur /etc/sudoers
+.Ed
+.Pp
+Convert
+.Pa sudoers.ldif
+from LDIF to traditional
+.Em sudoers
+format:
+.Bd -literal -offset indent
+$ cvtsudoers -i ldif -f sudoers -o sudoers.new sudoers.ldif
+.Ed
 .Sh SEE ALSO
 .Xr sudoers @mansectform@ ,
 .Xr sudoers.ldap @mansectform@ ,
-- 
2.40.0