From 781d231a12eb0c772353cc15e2c3ae1e7545e663 Mon Sep 17 00:00:00 2001
From: AmitKumar <amitkuma@redhat.com>
Date: Tue, 18 Jul 2017 21:03:04 +0530
Subject: [PATCH 103/115] MAN: Improve description of 'trusted domain section'
 in sssd.conf's man page
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PR generated to include explaination for ipa ad trust sssd configuration
where ad has a child domain. Explanation is added to 'TRUSTED DOMAIN
SECTION'. Also an example is included to better understanding.

Resolves: https://pagure.io/SSSD/sssd/issue/3399

Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/man/sssd.conf.5.xml | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index c26f4a3bac1f009d19d9a5a3a49ad7370ac72791..11a347d29f47923cb87f6adedbf346bde1c19593 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -3059,6 +3059,8 @@ ldap_user_extra_attrs = phone:telephoneNumber
             Some options used in the domain section can also be used in the
             trusted domain section, that is, in a section called
             <quote>[domain/<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</replaceable>]</quote>.
+            Where DOMAIN_NAME is the actual joined-to base domain. Please refer
+            to examples below for explanation.
             Currently supported options in the trusted domain section are:
         </para>
             <para>ldap_search_base,</para>
@@ -3077,9 +3079,9 @@ ldap_user_extra_attrs = phone:telephoneNumber
     </refsect1>
 
     <refsect1 id='example'>
-        <title>EXAMPLE</title>
+        <title>EXAMPLES</title>
         <para>
-            The following example shows a typical SSSD config. It does
+            1. The following example shows a typical SSSD config. It does
             not describe configuration of the domains themselves - refer to
             documentation on configuring domains for more details.
 <programlisting>
@@ -3107,6 +3109,17 @@ cache_credentials = true
 min_id = 10000
 max_id = 20000
 enumerate = False
+</programlisting>
+        </para>
+        <para>
+            2. The following example shows configuration of IPA AD trust where
+            the AD forest consists of two domains in a parent-child structure.
+            Suppose IPA domain (ipa.com) has trust with AD domain(ad.com).
+            ad.com has child domain (child.ad.com). To enable shortnames in
+            the child domain the following configuration should be used.
+<programlisting>
+[domain/ipa.com/child.ad.com]
+use_fully_qualified_names = false
 </programlisting>
         </para>
     </refsect1>
-- 
2.14.1