From 6fc597a48a49e313ab940c442dc06b3cd11392d4 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 5 Mar 2014 12:13:48 +0100 Subject: MAN: Clarify the GC support a bit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It should be noted that disabling GC does *not* disable lookups from trusted domains. Disabling GC might be a a good way for admins who wish to use POSIX attributes in trusted domains and the man page should hint this option. Reviewed-by: Pavel Březina (cherry picked from commit fdaaf2525e333af04ee9b48429b6766b5fd6cab6) --- src/man/sssd-ad.5.xml | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 8cd94d4ae..0554317f5 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -232,11 +232,19 @@ FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) By default, the SSSD connects to the Global - Catalog first to retrieve users and uses the - LDAP port to retrieve group memberships or - as a fallback. Disabling this option makes - the SSSD only connect to the LDAP port of the - current AD server. + Catalog first to retrieve users from trusted + domains and uses the LDAP port to retrieve + group memberships or as a fallback. Disabling + this option makes the SSSD only connect to + the LDAP port of the current AD server. + + + Please note that disabling Global Catalog support + does not disable retrieving users from trusted + domains. The SSSD would connect to the LDAP port + of trusted domains instead. However, Global + Catalog must be used in order to resolve + cross-domain group memberships. Default: true -- cgit