Document that krb5-sync doesn't use instance configuration

The krb5-sync command-line utility does what it's told and ignores the instance configuration and the ad_base_instance support. Document this.
author: Russ Allbery <eagle@eyrie.org> 2013-12-11 19:22:07 -0800
committer: Russ Allbery <eagle@eyrie.org> 2013-12-11 19:22:07 -0800
commit: 779d0c4ace8234f7873813f6daf184d1ef09bf21 (patch)
tree: 7c57c4341570d6bfd6245dcad22d03de6140c7d4
parent: db8cb7c101f9665e6dc2e63a9d2ef0582670c4f4 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/tools/krb5-sync.pod b/tools/krb5-sync.pod
index fb058bd..85be5d2 100644
--- a/tools/krb5-sync.pod
+++ b/tools/krb5-sync.pod
@@ -86,6 +86,13 @@ specifies the base tree inside Active Directory where account information
 is stored.  Omit the trailing C<dc=> part; it will be added automatically
 from C<ad_realm>.
 
+Be aware that the C<ad_instances>, C<ad_base_instance>, and
+C<ad_queue_only> configuration options that are used by the krb5-sync
+plugin are ignored by B<krb5-sync>.  The B<krb5-sync> command will push
+changes to whatever principal it was given, regardless of the normal
+limits on instances, and does not do any of the principal remapping
+configured with C<ad_base_instance>.
+
 =head1 OPTIONS
 
 =over 4
author	Russ Allbery <eagle@eyrie.org>	2013-12-11 19:22:07 -0800
committer	Russ Allbery <eagle@eyrie.org>	2013-12-11 19:22:07 -0800
commit	779d0c4ace8234f7873813f6daf184d1ef09bf21 (patch)
tree	7c57c4341570d6bfd6245dcad22d03de6140c7d4
parent	db8cb7c101f9665e6dc2e63a9d2ef0582670c4f4 (diff)