From a09a7a03f5b330cc45a0007a56d4789116a91e46 Mon Sep 17 00:00:00 2001

From: amitkuma <amitkuma@redhat.com>

Date: Tue, 6 Feb 2018 16:27:00 +0530

Subject: [PATCH 100/100] MAN: Explain how does auto_private_groups affect

 subdomains

Fix explains how auto_private_groups affects subdomains.

a. POSIX sudomains, gets inherited to subdomain.

b. ID-mapping subdomains, already enabled.

Resolves: https://pagure.io/SSSD/sssd/issue/3627

Reviewed-by: Rob Crittenden <rcritten@redhat.com>

(cherry picked from commit 52ae76737f2df3012d67f6a0b5052c86022bffdd)

---

 src/man/sssd.conf.5.xml | 11 ++++++++++-

 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml

index 47da07c33bdcfbf2fa94ff932492e9ea4bbfe846..8d06f57539e3fc55189234aab2aea950ba14713a 100644

--- a/src/man/sssd.conf.5.xml

+++ b/src/man/sssd.conf.5.xml

@@ -2830,7 +2830,16 @@ subdomain_inherit = ldap_purge_cache_timeout

                             If this option is enabled, SSSD will automatically

                             create user private groups based on user's

                             UID number. The GID number is ignored in this case.

-                        </para>

+		        </para>

+			<para>

+			    For POSIX subdomains, setting the option in the main

+			    domain is inherited in the subdomain.

+			</para>

+			<para>

+			    For ID-mapping subdomains, auto_private_groups is

+			    already enabled for the subdomains and setting it to

+			    false will not have any effect for the subdomain.

+			</para>

                         <para>

                             NOTE: Because the GID number and the user private group

                             are inferred frm the UID number, it is not supported

-- 

2.14.3