From 3c1899348804713b49ba9c1f2bc782892c47c2fa Mon Sep 17 00:00:00 2001 From: Pavel Reichl Date: Mon, 12 May 2014 22:45:00 +0000 Subject: MAN: Detailed ldap_group_nesting_level option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves: https://fedorahosted.org/sssd/ticket/2294 Reviewed-by: Lukáš Slebodník Reviewed-by: Jakub Hrozek --- src/man/sssd-ldap.5.xml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'src/man/sssd-ldap.5.xml') diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 6426fe4fc..3738dc3ba 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -927,6 +927,22 @@ SSSD will follow. This option has no effect on the RFC2307 schema. + + Note: This option specifies the guaranteed level of + nested groups to be processed for any lookup. However, + nested groups beyond this limit + may be returned if previous + lookups already resolved the deeper nesting levels. + Also, subsequent lookups for other groups may enlarge + the result set for original lookup if re-queried. + + + If ldap_group_nesting_level is set to 0 then no + nested groups are processed at all. However, when + connected to Active-Directory Server 2008 and later + it is furthermore required to disable usage of + Token-Groups by setting ldap_use_tokengroups to false. + Default: 2 -- cgit