|
 |
ced1f5 |
From 251e4914e55c6b66ab6eabd3b3e2e2b7b49029e3 Mon Sep 17 00:00:00 2001
|
|
|
ced1f5 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
ced1f5 |
Date: Sun, 19 Nov 2017 22:31:44 +0100
|
|
|
ced1f5 |
Subject: [PATCH 83/83] MAN: Document how the Global Catalog is used currently
|
|
|
ced1f5 |
MIME-Version: 1.0
|
|
|
ced1f5 |
Content-Type: text/plain; charset=UTF-8
|
|
|
ced1f5 |
Content-Transfer-Encoding: 8bit
|
|
|
ced1f5 |
|
|
|
ced1f5 |
The existing documentation was outdated. Remove it and document what the
|
|
|
ced1f5 |
current patchset adds.
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Related:
|
|
|
ced1f5 |
https://pagure.io/SSSD/sssd/issue/3468
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
ced1f5 |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
ced1f5 |
(cherry picked from commit a72919af8347b5bbc65a3b1fb3e5d31447240b24)
|
|
|
ced1f5 |
---
|
|
|
ced1f5 |
src/man/sssd-ad.5.xml | 13 ++++++++++---
|
|
|
ced1f5 |
1 file changed, 10 insertions(+), 3 deletions(-)
|
|
|
ced1f5 |
|
|
|
ced1f5 |
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
|
|
|
ced1f5 |
index 649042d587de3d3600fff59866681e302c721af8..c4a3fc2b5780eb0f15935a2c38f48418c5f7bb52 100644
|
|
|
ced1f5 |
--- a/src/man/sssd-ad.5.xml
|
|
|
ced1f5 |
+++ b/src/man/sssd-ad.5.xml
|
|
|
ced1f5 |
@@ -84,9 +84,16 @@
|
|
|
ced1f5 |
<programlisting>
|
|
|
ced1f5 |
ldap_id_mapping = False
|
|
|
ced1f5 |
</programlisting>
|
|
|
ced1f5 |
- In order to retrieve users and groups using POSIX attributes from trusted
|
|
|
ced1f5 |
- domains, the AD administrator must make sure that the POSIX attributes
|
|
|
ced1f5 |
- are replicated to the Global Catalog.
|
|
|
ced1f5 |
+ If POSIX attributes should be used, it is recommended for
|
|
|
ced1f5 |
+ performance reasons that the attributes are also replicated
|
|
|
ced1f5 |
+ to the Global Catalog. If POSIX attributes are replicated,
|
|
|
ced1f5 |
+ SSSD will attempt to locate the domain of a requested
|
|
|
ced1f5 |
+ numerical ID with the help of the Global Catalog and only
|
|
|
ced1f5 |
+ search that domain. In contrast, if POSIX attributes are not
|
|
|
ced1f5 |
+ replicated to the Global Catalog, SSSD must search all the
|
|
|
ced1f5 |
+ domains in the forest sequentially. Please note that that the
|
|
|
ced1f5 |
+ <quote>cache_first</quote> option might be also helpful in
|
|
|
ced1f5 |
+ speeding up domainless searches.
|
|
|
ced1f5 |
</para>
|
|
|
ced1f5 |
<para>
|
|
|
ced1f5 |
Users, groups and other entities served by SSSD are always treated as
|
|
|
ced1f5 |
--
|
|
|
ced1f5 |
2.14.3
|
|
|
ced1f5 |
|