From 8071976af46cdd29980f1a11f8a6d6f00ab050ed Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Jun 22 2018 09:39:00 +0000
Subject: MAN: Document the re_expression needed to suport @-signs in the groupnames


In the 2.0 release we will be able to change the default regular
expression that will allow to consume @-signs in the name, but
since the 1.x branches need to stay backwards compatible, let's
only document the regex for now.

Related:
https://pagure.io/SSSD/sssd/issue/3219

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>

---

diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 558c97e..ed3c100 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -2630,6 +2630,15 @@ pam_account_locked_message = Account locked, please contact help desk.
                             the <quote>@</quote> sign, the domain everything
                             after that"
                         </para>
+                        <para>
+                            NOTE: Some Active Directory groups, typically
+                            those used for MS Exchange contain an
+                            <quote>@</quote> sign in the name, which
+                            clashes with the default re_expression value for
+                            the AD and IPA providers. To support these groups,
+                            consider changing the re_expression value to:
+                            <quote>((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+$))</quote>.
+                        </para>
                     </listitem>
                 </varlistentry>
                 <varlistentry>