diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2013-05-14 18:00:10 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-09 15:04:43 +0200 |
commit | 0b9e98122091c5bb6232ea4746decb6fbe2d68c0 (patch) | |
tree | eba8755e80ab04a315a0385d4cea46fac079ebbe /src/man/sssd-ldap.5.xml | |
parent | 6ed0eb3bf1b322a246aad6c3e02a7c3b4619d867 (diff) | |
download | sssd-0b9e98122091c5bb6232ea4746decb6fbe2d68c0.tar.gz sssd-0b9e98122091c5bb6232ea4746decb6fbe2d68c0.tar.xz sssd-0b9e98122091c5bb6232ea4746decb6fbe2d68c0.zip |
Adding option to disable retrieving large AD groups.sssd-1.9.2-113.el6
This commit adds new option ldap_disable_range_retrieval with default value
FALSE. If this option is enabled, large groups(>1500) will not be retrieved and
behaviour will be similar like was before commit ae8d047122c
"LDAP: Handle very large Active Directory groups"
https://fedorahosted.org/sssd/ticket/1823
Diffstat (limited to 'src/man/sssd-ldap.5.xml')
-rw-r--r-- | src/man/sssd-ldap.5.xml | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 562cbd8f2..d5ee221a1 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1201,6 +1201,27 @@ </varlistentry> <varlistentry> + <term>ldap_disable_range_retrieval (boolean)</term> + <listitem> + <para> + Disable Active Directory range retrieval. + </para> + <para> + Active Directory limits the number of members to be + retrieved in a single lookup using the MaxValRange + policy (which defaults to 1500 members). If a group + contains more members, the reply would include an + AD-specific range extension. This option disables + parsing of the range extension, therefore large + groups will appear as having no members. + </para> + <para> + Default: False + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ldap_sasl_minssf (integer)</term> <listitem> <para> |