From 2c62da337e31217d03f5bf0f768b574d166bb2fe Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Tue, 12 Jun 2012 20:29:26 -0400 Subject: LDAP: Auto-detect support for the ldap match rule This patch extends the RootDSE lookup so that we will perform a second request to test whether the match rule syntax can be used. If both groups and initgroups are disabled in the configuration, this lookup request can be skipped. --- src/man/sssd-ldap.5.xml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'src/man') diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index e04befdb..d20d84bc 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -844,6 +844,12 @@ option disabled. It generally only provides a performance increase on very complex nestings. + + If this option is enabled, SSSD will use it if it + detects that the server supports it during initial + connection. So "True" here essentially means + "auto-detect". + Note: This feature is currently known to work only with Active Directory 2008 R1 and later. See @@ -865,6 +871,12 @@ up initgroups operations (most notably when dealing with complex or deep nested groups). + + If this option is enabled, SSSD will use it if it + detects that the server supports it during initial + connection. So "True" here essentially means + "auto-detect". + Note: This feature is currently known to work only with Active Directory 2008 R1 and later. See @@ -872,7 +884,7 @@ MSDN(TM) documentation for more details. - Default: False + Default: True -- cgit