From 251e4914e55c6b66ab6eabd3b3e2e2b7b49029e3 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Sun, 19 Nov 2017 22:31:44 +0100 Subject: [PATCH 83/83] MAN: Document how the Global Catalog is used currently MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The existing documentation was outdated. Remove it and document what the current patchset adds. Related: https://pagure.io/SSSD/sssd/issue/3468 Reviewed-by: Pavel Březina Reviewed-by: Sumit Bose (cherry picked from commit a72919af8347b5bbc65a3b1fb3e5d31447240b24) --- src/man/sssd-ad.5.xml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 649042d587de3d3600fff59866681e302c721af8..c4a3fc2b5780eb0f15935a2c38f48418c5f7bb52 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -84,9 +84,16 @@ ldap_id_mapping = False - In order to retrieve users and groups using POSIX attributes from trusted - domains, the AD administrator must make sure that the POSIX attributes - are replicated to the Global Catalog. + If POSIX attributes should be used, it is recommended for + performance reasons that the attributes are also replicated + to the Global Catalog. If POSIX attributes are replicated, + SSSD will attempt to locate the domain of a requested + numerical ID with the help of the Global Catalog and only + search that domain. In contrast, if POSIX attributes are not + replicated to the Global Catalog, SSSD must search all the + domains in the forest sequentially. Please note that that the + cache_first option might be also helpful in + speeding up domainless searches. Users, groups and other entities served by SSSD are always treated as -- 2.14.3