From 7bdaf2a712d73763e7c3d25f6bb544b18f7028eb Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 29 Apr 2011 15:59:17 +0200
Subject: Use dereference when processing RFC2307bis nested groups

Instead of issuing N LDAP requests when processing a group with N users,
utilize the dereference functionality to pull down all the members in a
single LDAP request.

https://fedorahosted.org/sssd/ticket/799
---
 src/man/sssd-ldap.5.xml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'src/man/sssd-ldap.5.xml')

diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 49c9e491..42ea848a 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -868,6 +868,29 @@
                     </listitem>
                 </varlistentry>
 
+                <varlistentry>
+                    <term>ldap_deref_threshold (integer)</term>
+                    <listitem>
+                        <para>
+                            Specify the number of group members that must be
+                            missing from the internal cache in order to trigger
+                            a dereference lookup. If less members are missing,
+                            they are looked up individually.
+                        </para>
+                        <para>
+                            A dereference lookup is a means of fetching all
+                            group members in a single LDAP call.
+                            Different LDAP servers may implement different
+                            dereference methods. The currently supported
+                            servers are 389/RHDS, OpenLDAP and Active
+                            Directory.
+                        </para>
+                        <para>
+                            Default: 10
+                        </para>
+                    </listitem>
+                </varlistentry>
+
                 <varlistentry>
                     <term>ldap_tls_reqcert (string)</term>
                     <listitem>
-- 
cgit