From aeebc19ac1468050b9ba0246f6738343acb70213 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Thu, 26 Nov 2015 17:09:29 +0100 Subject: [PATCH] MAN: Clarify that subdomains always use service discovery https://fedorahosted.org/sssd/ticket/2881 Some users expected that setting ad_server=some.server would pin SSSD to some.server even for trusted domains. That's not the case. --- src/man/sssd-ad.5.xml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 127e96582d71e8216db88d37a16d37d01748131d..096477fa7bb90c152e99e1cff0c55f8fecc24c71 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -44,7 +44,9 @@ The AD provider is able to provide identity information and authentication for entities from trusted domains as well. Currently - only trusted domains in the same forest are recognized. + only trusted domains in the same forest are recognized. Please + also note that servers from trusted domains are always + auto-discovered. The AD provider accepts the same options used by the @@ -121,10 +123,17 @@ ldap_id_mapping = False connect in order of preference. For more information on failover and server redundancy, see the FAILOVER section. + + This is optional if autodiscovery is enabled. For more information on service discovery, refer to the SERVICE DISCOVERY section. + + Note: trusted domains always auto-discover servers + even if the primary domain uses a hardcoded + ad_server option value. + -- 2.4.3