1 files changed, 10 insertions, 4 deletions

diff --git a/doc/ipa/sch-ipa.txt b/doc/ipa/sch-ipa.txt
index f560580..106e6cc 100644
--- a/doc/ipa/sch-ipa.txt
+++ b/doc/ipa/sch-ipa.txt
@@ -47,6 +47,11 @@ Plugin allows to expose users and groups from trusted domains. These users
 and groups are available on the compatibility trees and can be used for
 querying their attributes and authenticating against them.
 
+Schema Compatibility Plugin relies on SSSD to discover users from trusted
+domains. NSS module provided by SSSD (libnss_sss.so.2) is loaded explicitly by
+Schema Compatibility Plugin and all calls are directed to SSSD instead of using
+generic NSSWITCH API.
+
 Additionally, authentication against IPA users is also supported, provided
 that the Schema Compatibility Plugin is given an ordering preference in
 the Directory Server configuration. By default, all Directory server plugins
@@ -70,10 +75,11 @@ schema-compat-nsswitch-min-id: <value>
 specifies that the minimal numeric id of the user or group should be not less
 than the value. Defaults to 1000.
 
-When FreeIPA 3.3 is in use, ipa-adtrust-install utility will automatically configure
-the Schema Compatibility Plugin to allow serving users and groups from trusted domains.
-No additional configuration is needed. ipa-adtrust-install, however, will not set the
-minimal numeric id for user or group.
+When FreeIPA 3.3 or later is in use, ipa-adtrust-install utility will
+automatically configure the Schema Compatibility Plugin to allow serving users
+and groups from trusted domains. No additional configuration is needed.
+ipa-adtrust-install, however, will not set the minimal numeric id for user or
+group.
 
 == Authentication of the trusted domains' users ==