Add notes on LDAP group membership xlat to upgrade doc

author Nick Porter <nick@portercomputing.co.uk>

Fri, 25 Aug 2023 16:52:12 +0000 (17:52 +0100)

committer Nick Porter <nick@portercomputing.co.uk>

Tue, 29 Aug 2023 10:20:05 +0000 (11:20 +0100)
author Nick Porter <nick@portercomputing.co.uk>
Fri, 25 Aug 2023 16:52:12 +0000 (17:52 +0100)
committer Nick Porter <nick@portercomputing.co.uk>
Tue, 29 Aug 2023 10:20:05 +0000 (11:20 +0100)
diff --git a/doc/antora/modules/installation/pages/upgrade.adoc b/doc/antora/modules/installation/pages/upgrade.adoc

index 808418407c9244c6b39ae8f385729ead6b0d19bb..f7cbb5599ce00f8478bcd2821c93dca77cad8517 100644 (file)
--- a/doc/antora/modules/installation/pages/upgrade.adoc
+++ b/doc/antora/modules/installation/pages/upgrade.adoc
@@ -824,6 +824,26 @@ The `expiration` module has been replaced with an `unlang` policy.
  The policy is located in `raddb/policy.d/time`.  The `Expiration`
  attribute should continue to work the same as with v3.
  
+=== rlm_ldap
+
+The `ldap` module provides an expansion `%{ldap.memberof:<name>}` instead of
+`LDAP-Group` for dynamically testing group membership.  The old method of
+
+```
+LDAP-Group == "foo"
+```
+
+will no longer work.
+
+The cacheing of group membership into attributes in the `control` list is
+still available, so
+
+```
+&control.LDAP-Group[*] == "foo"
+```
+can also be used to test membership after having called the `ldap` module,
+if `cacheable_name` or `cacheable_dn` are enabled.
+
  === rlm_mschap
  
  The `winbind_*` configuration options are now in a `winbind`
author	Nick Porter <nick@portercomputing.co.uk>
	Fri, 25 Aug 2023 16:52:12 +0000 (17:52 +0100)
committer	Nick Porter <nick@portercomputing.co.uk>
	Tue, 29 Aug 2023 10:20:05 +0000 (11:20 +0100)