summaryrefslogtreecommitdiff
path: root/src/man
diff options
context:
space:
mode:
authorLukas Slebodnik <lslebodn@redhat.com>2013-05-14 18:00:10 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-05-23 11:45:38 +0200
commit6263578b03a52b3ec3a2e33e097554241780fc20 (patch)
tree44144d1017026806d48354780e5ef71ebfc6b04e /src/man
parentb0ab39364df453d4ec65d7d6e05a6530895ce3a6 (diff)
downloadsssd-6263578b03a52b3ec3a2e33e097554241780fc20.tar.gz
sssd-6263578b03a52b3ec3a2e33e097554241780fc20.tar.bz2
sssd-6263578b03a52b3ec3a2e33e097554241780fc20.zip
Adding option to disable retrieving large AD groups.
This commit adds new option ldap_disable_range_retrieval with default value FALSE. If this option is enabled, large groups(>1500) will not be retrieved and behaviour will be similar like was before commit ae8d047122c "LDAP: Handle very large Active Directory groups" https://fedorahosted.org/sssd/ticket/1823
Diffstat (limited to 'src/man')
-rw-r--r--src/man/sssd-ldap.5.xml21
1 files changed, 21 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 79921330..37df5ec1 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -1201,6 +1201,27 @@
</varlistentry>
<varlistentry>
+ <term>ldap_disable_range_retrieval (boolean)</term>
+ <listitem>
+ <para>
+ Disable Active Directory range retrieval.
+ </para>
+ <para>
+ Active Directory limits the number of members to be
+ retrieved in a single lookup using the MaxValRange
+ policy (which defaults to 1500 members). If a group
+ contains more members, the reply would include an
+ AD-specific range extension. This option disables
+ parsing of the range extension, therefore large
+ groups will appear as having no members.
+ </para>
+ <para>
+ Default: False
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>ldap_sasl_minssf (integer)</term>
<listitem>
<para>