diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2015-12-09 13:03:51 +0100 |
|---|---|---|
| committer | Lukas Slebodnik <lslebodn@redhat.com> | 2015-12-11 16:34:13 +0100 |
| commit | 773153893431bb9344259ba161d57e97f359678c (patch) | |
| tree | 685f7a0e527e8ea7304edeb14bd0e7787b94331c | |
| parent | 565e6d91814884054ec0dc4d770804d7bf472d3f (diff) | |
| download | sssd-773153893431bb9344259ba161d57e97f359678c.tar.gz sssd-773153893431bb9344259ba161d57e97f359678c.tar.xz sssd-773153893431bb9344259ba161d57e97f359678c.zip | |
MAN: Clarify when should TGs be disabled for group nesting restriction
Resolves:
https://fedorahosted.org/sssd/ticket/2796
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Striker Leggette <striker@redhat.com>
| -rw-r--r-- | src/man/sssd-ldap.5.xml | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 123ac3fac..66b9024bc 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -963,9 +963,11 @@ <para> If ldap_group_nesting_level is set to 0 then no nested groups are processed at all. However, when - connected to Active-Directory Server 2008 and later + connected to Active-Directory Server 2008 + and later using <quote>id_provider=ad</quote> it is furthermore required to disable usage of - Token-Groups by setting ldap_use_tokengroups to false. + Token-Groups by setting ldap_use_tokengroups + to false in order to restrict group nesting. </para> <para> Default: 2 |