>From e164ed61b32907e06795103d899bc52188450ff8 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 25 Feb 2014 17:09:00 +0100
Subject: [PATCH] MAN: Clarify that changing ID mapping options might require
 purging the cache

https://fedorahosted.org/sssd/ticket/2252

Currently SSSD chokes when IDs of users change, we don't support ID
changes yet. Because some users were confused about the failures, this
patch adds additional clarification.
---
 src/man/include/ldap_id_mapping.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/man/include/ldap_id_mapping.xml b/src/man/include/ldap_id_mapping.xml
index 9dda399243bfd1725509c239d3358f2ef7501014..a10dcd52a1687c4d97211ebdabc77095bbfccf5a 100644
--- a/src/man/include/ldap_id_mapping.xml
+++ b/src/man/include/ldap_id_mapping.xml
@@ -12,6 +12,17 @@
         need to use manually-assigned values, ALL values must be
         manually-assigned.
     </para>
+    <para>
+        Please note that changing the ID mapping related configuration
+        options will cause user and group IDs to change. At the moment,
+        SSSD does not support changing IDs, so the SSSD database must be
+        removed. Because cached passwords are also stored in the database,
+        removing the database should only be performed while the SSSD
+        is online, otherwise users might get locked out. Moreover, the
+        change of IDs might neccessitate to adjust other system properties
+        such as file and directory ownership, so it's advisable to plan
+        ahead and test the ID mapping configuration thoroughly.
+    </para>
 
     <refsect2 id='idmap_algorithm'>
         <title>Mapping Algorithm</title>
-- 
1.8.5.3