diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-03-05 12:13:48 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-03-11 18:46:31 +0100 |
commit | fdaaf2525e333af04ee9b48429b6766b5fd6cab6 (patch) | |
tree | dbf597196ea7560f9e4c02f48121a16677f700b0 /src/man | |
parent | bb8a08118db0916bf8252a9481c16271ec20acd3 (diff) | |
download | sssd-fdaaf2525e333af04ee9b48429b6766b5fd6cab6.tar.gz sssd-fdaaf2525e333af04ee9b48429b6766b5fd6cab6.tar.xz sssd-fdaaf2525e333af04ee9b48429b6766b5fd6cab6.zip |
MAN: Clarify the GC support a bit
It should be noted that disabling GC does *not* disable lookups from
trusted domains. Disabling GC might be a a good way for admins who wish
to use POSIX attributes in trusted domains and the man page should hint
this option.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/sssd-ad.5.xml | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 9b39e081c..1e38c13a9 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -232,11 +232,19 @@ FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) <listitem> <para> By default, the SSSD connects to the Global - Catalog first to retrieve users and uses the - LDAP port to retrieve group memberships or - as a fallback. Disabling this option makes - the SSSD only connect to the LDAP port of the - current AD server. + Catalog first to retrieve users from trusted + domains and uses the LDAP port to retrieve + group memberships or as a fallback. Disabling + this option makes the SSSD only connect to + the LDAP port of the current AD server. + </para> + <para> + Please note that disabling Global Catalog support + does not disable retrieving users from trusted + domains. The SSSD would connect to the LDAP port + of trusted domains instead. However, Global + Catalog must be used in order to resolve + cross-domain group memberships. </para> <para> Default: true |