From ea7ada6c0629df45348f699e30acc44194550801 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 10 Jan 2019 18:12:35 +0100
Subject: [PATCH] idmap_sss: improve man page
The misleading in the idmap_sss man page is improved.
Related to https://pagure.io/SSSD/sssd/issue/3912
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
src/man/idmap_sss.8.xml | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/src/man/idmap_sss.8.xml b/src/man/idmap_sss.8.xml
index b819304fb..a316c32a3 100644
--- a/src/man/idmap_sss.8.xml
+++ b/src/man/idmap_sss.8.xml
@@ -48,12 +48,28 @@
<programlisting format="linespecific">
[global]
-security = domain
-workgroup = MAIN
+security = ads
+workgroup = <AD-DOMAIN-SHORTNAME>
-idmap config * : backend = sss
-idmap config * : range = 200000-2147483647
+idmap config <AD-DOMAIN-SHORTNAME> : backend = sss
+idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647
+
+idmap config * : backend = tdb
+idmap config * : range = 100000-199999
</programlisting>
+
+ <para>
+ Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain
+ name of the AD domain. If multiple AD domains should be used each
+ domain needs an <literal>idmap config</literal> line with
+ <literal>backend = sss</literal> and a line with a suitable
+ <literal>range</literal>.
+ </para>
+ <para>
+ Since Winbind requires a writeable default backend and idmap_sss is
+ read-only the example includes <literal>backend = tdb</literal> as
+ default.
+ </para>
</refsect1>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/seealso.xml" />
--
2.19.1