From 8d0b064dcb3ba7424e4f45047bba98b4bce9f60d Mon Sep 17 00:00:00 2001
From: Drew Blessing <drew@blessing.io>
Date: Fri, 14 Jul 2017 12:44:39 +0000
Subject: Add AD matching rule filter and more information

---
 doc/administration/auth/ldap.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'doc/administration')

diff --git a/doc/administration/auth/ldap.md b/doc/administration/auth/ldap.md
index 725fc1f6076..c8987dea5e2 100644
--- a/doc/administration/auth/ldap.md
+++ b/doc/administration/auth/ldap.md
@@ -228,9 +228,14 @@ Tip: If you want to limit access to the nested members of an Active Directory
 group you can use the following syntax:
 
 ```
-(memberOf=CN=My Group,DC=Example,DC=com)
+(memberOf:1.2.840.113556.1.4.1941=CN=My Group,DC=Example,DC=com)
 ```
 
+Find more information about this "LDAP_MATCHING_RULE_IN_CHAIN" filter at 
+https://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx. Support for
+nested members in the user filter should not be confused with 
+[group sync nested groups support (EE only)](https://docs.gitlab.com/ee/administration/auth/ldap-ee.html#supported-ldap-group-types-attributes).
+
 Please note that GitLab does not support the custom filter syntax used by
 omniauth-ldap.
 
-- 
cgit v1.2.1