ehlo, I am opened to any better phrasing :-)
LS
>From 6672a9df8a090da3f8702f693a4257e7af803ac0 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik <lsleb...@redhat.com> Date: Fri, 7 Nov 2014 14:19:54 +0100 Subject: [PATCH] MAN: Clarify usage of groups search base with tokengroups Resolves: https://fedorahosted.org/sssd/ticket/2448 --- src/man/sssd-ldap.5.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 7c9335836c1208f381c5c9e12e3823641dd3e952..fbff7db7510fed07b02981aa1ce6475b2d13f556 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -2482,6 +2482,17 @@ ldap_access_filter = (employeeType=admin) <term>ldap_group_search_base (string)</term> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="include/ldap_search_bases.xml" /> </varlistentry> + </variablelist> + <variablelist> + <note> + <para> + If the option <quote>ldap_use_tokengroups</quote> is + enabled for searches against an Active Directory + Server this option might not reduce groups + based on value of this option. It is recommended to + disable token groups in such case. + </para> + </note> <varlistentry condition="with_sudo"> <term>ldap_sudo_search_base (string)</term> -- 2.1.0
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
