diff options
| author | Lukas Slebodnik <lslebodn@redhat.com> | 2013-05-14 18:00:10 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-05-23 11:45:38 +0200 |
| commit | 6263578b03a52b3ec3a2e33e097554241780fc20 (patch) | |
| tree | 44144d1017026806d48354780e5ef71ebfc6b04e /src/man | |
| parent | b0ab39364df453d4ec65d7d6e05a6530895ce3a6 (diff) | |
| download | sssd-6263578b03a52b3ec3a2e33e097554241780fc20.tar.gz sssd-6263578b03a52b3ec3a2e33e097554241780fc20.tar.bz2 sssd-6263578b03a52b3ec3a2e33e097554241780fc20.zip | |
Adding option to disable retrieving large AD groups.
This commit adds new option ldap_disable_range_retrieval with default value
FALSE. If this option is enabled, large groups(>1500) will not be retrieved and
behaviour will be similar like was before commit ae8d047122c
"LDAP: Handle very large Active Directory groups"
https://fedorahosted.org/sssd/ticket/1823
Diffstat (limited to 'src/man')
| -rw-r--r-- | src/man/sssd-ldap.5.xml | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 79921330..37df5ec1 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1201,6 +1201,27 @@ </varlistentry> <varlistentry> + <term>ldap_disable_range_retrieval (boolean)</term> + <listitem> + <para> + Disable Active Directory range retrieval. + </para> + <para> + Active Directory limits the number of members to be + retrieved in a single lookup using the MaxValRange + policy (which defaults to 1500 members). If a group + contains more members, the reply would include an + AD-specific range extension. This option disables + parsing of the range extension, therefore large + groups will appear as having no members. + </para> + <para> + Default: False + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ldap_sasl_minssf (integer)</term> <listitem> <para> |