diff options
| author | Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> | 2015-09-30 18:34:44 +0300 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-10-07 15:48:36 +0200 |
| commit | bf4ddcde94fc36b44bc9cbcc5d56e6e35776bfc9 (patch) | |
| tree | 2514cd27febbaea2cd13cf1de2e09a6c16636248 | |
| parent | 27293426dca1bf9140dc6ed277f7129a44a68a62 (diff) | |
| download | sssd-bf4ddcde94fc36b44bc9cbcc5d56e6e35776bfc9.tar.gz sssd-bf4ddcde94fc36b44bc9cbcc5d56e6e35776bfc9.tar.xz sssd-bf4ddcde94fc36b44bc9cbcc5d56e6e35776bfc9.zip | |
man: Note filter_groups are not affecting nesting
Note that the "filter_groups" option doesn't affect nested member
inheritance, on the sssd.conf(5) manpage.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
| -rw-r--r-- | src/man/sssd.conf.5.xml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 5a7bdc91b..573f421a7 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -590,6 +590,14 @@ subdomain_inherit = ldap_purge_cache_timeout to filter only users from the particular domain. </para> <para> + NOTE: The filter_groups option doesn't affect + inheritance of nested group members, since + filtering happens after they are propagated for + returning via NSS. E.g. a group having a member + group filtered out will still have the member + users of the latter listed. + </para> + <para> Default: root </para> </listitem> |