File 0006-MAN-Detailed-ldap_group_nesting_level-option.patch of Package sssd.5306
From e97a7f5bfbb6de33fd722cf613dbaea042126ca6 Mon Sep 17 00:00:00 2001
From: Pavel Reichl <preichl@redhat.com>
Date: Mon, 12 May 2014 22:45:00 +0000
Subject: [PATCH] MAN: Detailed ldap_group_nesting_level option
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Resolves:
https://fedorahosted.org/sssd/ticket/2294
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 3c1899348804713b49ba9c1f2bc782892c47c2fa)
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index b271a2b..9c3eae0 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -880,6 +880,22 @@
RFC2307 schema.
</para>
<para>
+ Note: This option specifies the guaranteed level of
+ nested groups to be processed for any lookup. However,
+ nested groups beyond this limit
+ <emphasis>may be</emphasis> returned if previous
+ lookups already resolved the deeper nesting levels.
+ Also, subsequent lookups for other groups may enlarge
+ the result set for original lookup if re-queried.
+ </para>
+ <para>
+ If ldap_group_nesting_level is set to 0 then no
+ nested groups are processed at all. However, when
+ connected to Active-Directory Server 2008 and later
+ it is furthermore required to disable usage of
+ Token-Groups by setting ldap_use_tokengroups to false.
+ </para>
+ <para>
Default: 2
</para>
</listitem>
--
2.7.1
