From 6263578b03a52b3ec3a2e33e097554241780fc20 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Tue, 14 May 2013 18:00:10 +0200 Subject: Adding option to disable retrieving large AD groups. This commit adds new option ldap_disable_range_retrieval with default value FALSE. If this option is enabled, large groups(>1500) will not be retrieved and behaviour will be similar like was before commit ae8d047122c "LDAP: Handle very large Active Directory groups" https://fedorahosted.org/sssd/ticket/1823 --- src/man/sssd-ldap.5.xml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'src/man') diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 79921330..37df5ec1 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1200,6 +1200,27 @@ + + ldap_disable_range_retrieval (boolean) + + + Disable Active Directory range retrieval. + + + Active Directory limits the number of members to be + retrieved in a single lookup using the MaxValRange + policy (which defaults to 1500 members). If a group + contains more members, the reply would include an + AD-specific range extension. This option disables + parsing of the range extension, therefore large + groups will appear as having no members. + + + Default: False + + + + ldap_sasl_minssf (integer) -- cgit