Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Include multi-domain important info in himmelblau.conf man #316

Merged
merged 4 commits into from
Dec 9, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions man/man5/himmelblau.conf.5
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,22 @@ A comma-separated list of configured domains. This parameter is
.B REQUIRED
for successful authentication. If this option is not specified, no users will be permitted to authenticate. The first user to authenticate to each domain will become the owner of the device object in the directory.


If multiple domains are specified, you
.B MUST
define an
.B idmap_range
for each domain to avoid conflicts in user and group ID mappings. Overlapping ID ranges will cause the idmapper to throw a critical error and stop the daemon. This safeguard ensures that two users are not mistakenly mapped to the same UID.

.EXAMPLES
domains = example.com,example2.com

[example.com]
idmap_range = 5000000-5999999

[example2.com]
idmap_range = 6000000-6999999

.TP
.B debug
.RE
Expand Down Expand Up @@ -254,6 +267,16 @@ shell = /bin/bash
.RE
Specifies the range of IDs to be used for the user and group mappings.

When this option is modified, you
.B SHOULD
run:
.RS
.IP
sudo aad-tool cache-clear --really
.RE

To ensure that old cached ID mappings are cleared, preventing potential UID overlaps caused by stale cache data.

.EXAMPLES
idmap_range = 5000000-5999999

Expand Down Expand Up @@ -351,6 +374,16 @@ shell = /bin/bash
.RE
Overrides the `idmap_range` value for this domain.

When this option is modified, you
.B SHOULD
run:
.RS
.IP
sudo aad-tool cache-clear --really
.RE

To ensure that old cached ID mappings are cleared, preventing potential UID overlaps caused by stale cache data.

.EXAMPLES
[example.com]
idmap_range = 5000000-5999999
Expand Down
Loading
Loading