From c5b8303b6a37c0c708fad6b7f876a4c136b59fd7 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 23 Jan 2018 11:23:37 +0100
Subject: [PATCH 1/2] SDAP: Improve a DEBUG message about GC detection

It was not entirely clear what the message means. We should improve the
debug message to make it clear that all or none attributes should be
replicated to the Global Catalog.

This patch can be reverted once we fix
https://pagure.io/SSSD/sssd/issue/3538 and only use the GC to look up
the entry DN, not the entry itself.
---
 src/providers/ldap/sdap_async.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 76cfce207..1e77b1c3c 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -2720,7 +2720,11 @@ static void sdap_gc_posix_check_done(struct tevent_req *subreq)
 
     /* Positive hit is definitive, no need to search other bases */
     if (state->has_posix == true) {
-        DEBUG(SSSDBG_FUNC_DATA, "Server has POSIX attributes\n");
+        DEBUG(SSSDBG_FUNC_DATA, "Server has POSIX attributes. Global Catalog will "
+                                "be used for user and group lookups. Note that if "
+                                "only a subset of POSIX attributes is present "
+                                "in GC, the non-replicated attributes are "
+                                "currently not read from the LDAP port\n");
         tevent_req_done(req);
         return;
     }

From d29fb9ff245c6415102ded070cc92e5e9edfc9cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Thu, 12 Apr 2018 10:38:42 +0200
Subject: [PATCH 2/2] MAN: Improve docs about GC detection
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add the same note we have as part of our debug to the sssd-ad manual.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
---
 src/man/sssd-ad.5.xml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index be2593dca..f43c7fcf4 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -100,6 +100,9 @@ ldap_id_mapping = False
             domains in the forest sequentially. Please note that the
             <quote>cache_first</quote> option might be also helpful in
             speeding up domainless searches.
+            Note that if only a subset of POSIX attributes is present in
+            the Global Catalog, the non-replicated attributes are currently
+            not read from the LDAP port.
         </para>
         <para>
             Users, groups and other entities served by SSSD are always treated as