From 9e9f8f0765b2e5b7e8701773599109220a85d442 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 19 May 2010 09:33:47 -0400 Subject: Add enumerate details to the manpage and examples --- src/examples/sssd.conf | 4 ++-- src/man/sssd.conf.5.xml | 20 +++++++++++++++++++- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/examples/sssd.conf b/src/examples/sssd.conf index 3b67daea..e93cf51b 100644 --- a/src/examples/sssd.conf +++ b/src/examples/sssd.conf @@ -55,10 +55,10 @@ reconnection_retries = 3 ; auth_provider = ldap ; ldap_schema = rfc2307 ; ldap_uri = ldap://ldap.mydomain.org -; ldap_user_search_base = dc=mydomain,dc=org +; ldap_search_base = dc=mydomain,dc=org ; ldap_tls_reqcert = demand ; cache_credentials = true -; enumerate = true +; enumerate = False # Example LDAP domain where the LDAP server is an Active Directory server. diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index c7071ab6..0e7c5723 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -435,6 +435,24 @@ Default: FALSE + + Note: Enabling enumeration has a moderate + performance impact on SSSD while enumeration + is running. It may take up to several minutes + after SSSD startup to fully complete enumerations. + During this time, individual requests for + information will go directly to LDAP, though it + may be slow, due to the heavy enumeration + processing. + + + Further, enabling enumeration may increase the time + necessary to detect network disconnection, as + longer timeouts are required to ensure that + enumeration lookups are completed successfully. + For more information, refer to the man pages for + the specific id_provider in use. + @@ -848,7 +866,7 @@ cache_credentials = true min_id = 10000 max_id = 20000 -enumerate = true +enumerate = False -- cgit