Comment cleanup

1 files changed, 8 insertions, 7 deletions

diff --git a/src/back-sch.c b/src/back-sch.c
index f3ac7d9..63ee110 100644
--- a/src/back-sch.c
+++ b/src/back-sch.c
@@ -221,23 +221,24 @@ backend_set_config_read_config(struct plugin_state *state, Slapi_Entry *e,
 		ret.check_nsswitch = SCH_NSSWITCH_NONE;
 	}
 
-	/* Make sure we don't return system users/groups
-	 * by limiting lower bound on searches.
-	 * If config value cannot be parsed or not specified, default to 1000.
-	 * It is OK to specify something lower in the config as some Linux distributions force lower limit to 500 */
+	/* Make sure we don't return system users/groups by limiting lower
+	 * bound on the UIDs and GIDs of entries we'll pull in from the
+	 * nsswitch databases.  If the configured value cannot be parsed or
+	 * there's none specified, default to 1000. */
 	ret.nsswitch_min_id = 1000; /* default in Fedora */
 	if (nsswitch_min_id != NULL) {
 		errno = 0;
 		ret.nsswitch_min_id = strtoul(nsswitch_min_id, &strp, 10);
 		if ((errno != 0) || ((strp != NULL) && (*strp != '\0'))) {
-			/* enforce id in case of an error or too low limit */
 			ret.nsswitch_min_id = 1000;
 		}
 	}
 
 	if (ret.check_nsswitch != SCH_NSSWITCH_NONE) {
-		/* Auto-populate attributes based on selected NSSWITCH tree
-		 * and add special attribute to track whether the entry requires PAM-based bind */
+		/* If we're adding nsswitch-based entries to this map, make
+		 * sure that we copy the schema-compat-origin and SID
+		 * attributes, so that we can read the former during the BIND
+		 * callback. */
 		backend_shr_add_strlist(&ret.attribute_format, "objectClass=extensibleObject");
 		backend_shr_add_strlist(&ret.attribute_format, "schema-compat-origin=%{schema-compat-origin}");
 		backend_shr_add_strlist(&ret.attribute_format, "ipaNTSecurityIdentifier=%{ipaNTSecurityIdentifier}");