summaryrefslogtreecommitdiffstats
path: root/src/man/sssd-ad.5.xml
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2014-03-05 12:13:48 +0100
committerJakub Hrozek <jhrozek@redhat.com>2014-03-11 18:49:20 +0100
commit6fc597a48a49e313ab940c442dc06b3cd11392d4 (patch)
tree0766ba36e6116dfdc07747fba994068a4f8ffa32 /src/man/sssd-ad.5.xml
parentfe2bbd629a72c786d6125066e5bb75005f4cccc7 (diff)
downloadsssd-6fc597a48a49e313ab940c442dc06b3cd11392d4.tar.gz
sssd-6fc597a48a49e313ab940c442dc06b3cd11392d4.tar.xz
sssd-6fc597a48a49e313ab940c442dc06b3cd11392d4.zip
MAN: Clarify the GC support a bit
It should be noted that disabling GC does *not* disable lookups from trusted domains. Disabling GC might be a a good way for admins who wish to use POSIX attributes in trusted domains and the man page should hint this option. Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit fdaaf2525e333af04ee9b48429b6766b5fd6cab6)
Diffstat (limited to 'src/man/sssd-ad.5.xml')
-rw-r--r--src/man/sssd-ad.5.xml18
1 files changed, 13 insertions, 5 deletions
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index 8cd94d4ae..0554317f5 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -232,11 +232,19 @@ FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)
<listitem>
<para>
By default, the SSSD connects to the Global
- Catalog first to retrieve users and uses the
- LDAP port to retrieve group memberships or
- as a fallback. Disabling this option makes
- the SSSD only connect to the LDAP port of the
- current AD server.
+ Catalog first to retrieve users from trusted
+ domains and uses the LDAP port to retrieve
+ group memberships or as a fallback. Disabling
+ this option makes the SSSD only connect to
+ the LDAP port of the current AD server.
+ </para>
+ <para>
+ Please note that disabling Global Catalog support
+ does not disable retrieving users from trusted
+ domains. The SSSD would connect to the LDAP port
+ of trusted domains instead. However, Global
+ Catalog must be used in order to resolve
+ cross-domain group memberships.
</para>
<para>
Default: true