Bug 1233200

Summary: man sssd.conf should clarify details about subdomain_inherit option.
Product: Red Hat Enterprise Linux 7 Reporter: Nirupama Karandikar <nkarandi>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED ERRATA QA Contact: Steeve Goveas <sgoveas>
Severity: low Docs Contact:
Priority: low    
Version: 7.3CC: grajaiya, jgalipea, jhrozek, lslebodn, mkosek, mzidek, nsoman, pbrezina, sgoveas
Target Milestone: rc   
Target Release: 7.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.14.0-0.1.alpha.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-04 07:11:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nirupama Karandikar 2015-06-18 12:23:19 UTC 
Description of problem:
man sssd.conf should clarify details about subdomain_inherit option.

Version-Release number of selected component (if applicable):
sssd-1.12.4-46.el6

How reproducible:
Always

Actual results:

subdomain_inherit (string)
           Specifies a list of configuration parameters that should be inherited by a subdomain. Please note that only selected parameters can be inherited.

Expected results:

The man pages should clarify details about "subdomain_inherit" option.

The "subdomain_inherit" option works only with IPA server with AD trust setup. This option do not work with any other provider.
Comment 2 Jakub Hrozek 2015-06-19 15:52:00 UTC 
(In reply to Nirupama Karandikar from comment #0)
> The "subdomain_inherit" option works only with IPA server with AD trust
> setup. This option do not work with any other provider.

This wouldn't be correct. The option does what it says, it applies config options from main domain to a subdomain. The other issue is that not all subdomains respect all options equally and you're right we should come up with a better description. We'll come up with a better wording..
Comment 3 Jakub Hrozek 2015-06-19 15:54:13 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2683
Comment 4 Jakub Hrozek 2015-10-11 20:18:00 UTC 
It's better to fix minor issues in RHEL-7 first.
Comment 5 Jakub Hrozek 2015-11-30 16:47:30 UTC 
master: 8ff199fca4e7b474d3b92759db96ff87ac5fb8cb
Comment 6 Mike McCune 2016-03-28 23:36:13 UTC 
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Comment 9 Steeve Goveas 2016-09-07 09:39:29 UTC 
Version sssd-1.14.0-27.el7.x86_64
Better description. Thanks! marking verified.

       subdomain_inherit (string)
           Specifies a list of configuration parameters that should be inherited by a subdomain. Please note that only selected parameters can be
           inherited. Currently the following options can be inherited:

           ignore_group_members

           ldap_purge_cache_timeout

           ldap_use_tokengroups

           ldap_user_principal

           ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab is not set explicitly)

           Example:

               subdomain_inherit = ldap_purge_cache_timeout

           Default: none

           Note: This option only works with the IPA and AD provider.
Comment 11 errata-xmlrpc 2016-11-04 07:11:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2476.html