From ba4a81e933deebb416603369b447ead6ebaa040d Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 29 Nov 2013 11:39:09 +0100
Subject: AD: Add a new option to turn off GC lookups

SSSD now defaults to using GC by default. For some environments, for
instance those that don't or can't replicate the POSIX attributes to
Global Catalog, this might not be desirable.

This patch introduces a new option ad_enable_gc, that is enabled by
default. Setting this option to false makes the SSSD contact only the
LDAP port of AD DCs.
---
 src/man/sssd-ad.5.xml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'src/man')

diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index 0484af3e..b763e42e 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -227,6 +227,23 @@ FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)
                     </listitem>
                 </varlistentry>
 
+                <varlistentry>
+                    <term>ad_enable_gc (boolean)</term>
+                    <listitem>
+                        <para>
+                            By default, the SSSD connects to the Global
+                            Catalog first to retrieve users and uses the
+                            LDAP port to retrieve group memberships or
+                            as a fallback. Disabling this option makes
+                            the SSSD only connect to the LDAP port of the
+                            current AD server.
+                        </para>
+                        <para>
+                            Default: true
+                        </para>
+                    </listitem>
+                </varlistentry>
+
                 <varlistentry>
                     <term>dyndns_update (boolean)</term>
                     <listitem>
-- 
cgit