From 9fd8065663084acaf88e7fe10a52c60e9a2a5411 Mon Sep 17 00:00:00 2001
From: Pavel Reichl <preichl@redhat.com>
Date: Thu, 10 Apr 2014 16:25:45 +0100
Subject: MAN: hint nested groups by simple access provider

sssd-ldap hints to use the simple access provider if a nested group membership
is needed. Add explicit notice in sssd-simple about support of nested group
membership.

Resolves:
https://fedorahosted.org/sssd/ticket/2308

Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
---
 src/man/sssd-ldap.5.xml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src/man/sssd-ldap.5.xml')

diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index ef6bd7448..d0f3467ea 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -1854,7 +1854,14 @@
                             users being denied access.
                             Use access_provider = permit to change this default
                             behavior. Please note that this filter is applied on
-                            the LDAP user entry only.
+                            the LDAP user entry only and thus filtering based
+                            on nested groups may not work (e.g. memberOf
+                            attribute on AD entries points only to direct
+                            parents). If filtering based on nested groups
+                            is required, please see
+                            <citerefentry>
+                              <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum>
+                            </citerefentry>.
                         </para>
                         <para>
                             Example:
-- 
cgit