From 618430a7d80da3e613cf7edb91aaaa60c2c6b953 Mon Sep 17 00:00:00 2001
From: Mark Craig <mark.craig@forgerock.com>
Date: Thu, 24 Nov 2011 16:16:53 +0000
Subject: [PATCH] Mention capabilities provided by enhancement for OpenDJ-221

---
 opendj3/src/main/docbkx/admin-guide/chap-groups.xml |   13 +++++++++++++
 1 files changed, 13 insertions(+), 0 deletions(-)

diff --git a/opendj3/src/main/docbkx/admin-guide/chap-groups.xml b/opendj3/src/main/docbkx/admin-guide/chap-groups.xml
index a13587e..04fea6f 100644
--- a/opendj3/src/main/docbkx/admin-guide/chap-groups.xml
+++ b/opendj3/src/main/docbkx/admin-guide/chap-groups.xml
@@ -368,5 +368,18 @@
 uniqueMember: uid=ahunter,ou=People,dc=example,dc=com
 uniqueMember: uid=bjensen,ou=People,dc=example,dc=com
 uniqueMember: uid=tmorris,ou=People,dc=example,dc=com</screen>
+
+ <para>You can also configure the referential integrity plugin to check that
+ new entries added to groups actually exist in the directory by setting the
+ <literal>check-references</literal> property to <literal>true</literal>. You
+ can specify additional criteria once you have activated the check. To ensure
+ that entries added must match a filter, set the
+ <literal>check-references-filter-criteria</literal> to identify the attribute
+ and the filter. For example, you can specify that group members must be person
+ entries by setting <literal>check-references-filter-criteria</literal> to
+ <literal>member:(objectclass=person)</literal>. To ensure that entries must
+ be located in the same naming context, set
+ <literal>check-references-scope-criteria</literal> to
+ <literal>naming-context</literal>.</para>
  </section>
 </chapter>

--
Gitblit v1.10.0