Merge branch 'ldap_nested_group_note' into 'master'

Add a note about LDAP nested group resolution. For LDAP sync, nested groups must fall within the configured `group_base`. A customer recently ran in to this issue. It's not immediately obvious but at least we can make a note in the documentation. See merge request !872

Merge branch 'ldap_nested_group_note' into 'master'
Add a note about LDAP nested group resolution. For LDAP sync, nested groups must fall within the configured `group_base`. A customer recently ran in to this issue. It's not immediately obvious but at least we can make a note in the documentation. See merge request !872
a7c8e5c4 · Drew Blessing · 6db676d8 · 556fb662 · a7c8e5c4
Commit a7c8e5c4 authored Nov 15, 2016 by Drew Blessing
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

doc/administration/auth/ldap-ee.md doc/administration/auth/ldap-ee.md +6 -0

No files found.
--- a/doc/administration/auth/ldap-ee.md
+++ b/doc/administration/auth/ldap-ee.md
@@ -143,6 +143,12 @@ Other LDAP servers should work, too.
 Active Directory also supports nested groups. Group sync will recursively
 resolve membership if `active_directory: true` is set in the configuration file.

+> **Note:** Nested group membership will only be resolved if the nested group
+  also falls within the configured `group_base`. For example, if GitLab sees a
+  nested group with DN `cn=nested_group,ou=special_groups,dc=example,dc=com` but
+  the configured `group_base` is `ou=groups,dc=example,dc=com`, `cn=nested_group`
+  will be ignored.
+
 ### Queries

 - Each LDAP group is queried a maximum of one time with base `group_base` and