From a6bf2e8247271a5a25ea6cb548e29b90976be746 Mon Sep 17 00:00:00 2001
From: Art Lukyanchyk <artiom.lukyanchyk@hs-hannover.de>
Date: Thu, 18 Jan 2018 16:35:54 +0100
Subject: [PATCH] Add a note about generating group mapping

---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 50efd44..518d26e 100644
--- a/README.md
+++ b/README.md
@@ -73,10 +73,12 @@ If you have `nginx` serving pages to users, you might need to configure `x-frame
 
 
 #### Groups and Permissions
-To receive groups over SSO you need a group mapping (and of course a properly configured IdP). You can manage group mapping with `group_mapping` management command. Example:
+To receive groups over SSO you need a group mapping (and of course a properly configured IdP). You can manage group mapping with `group_mapping` management command:
     
     group_mapping add myproject_superusers "CN=MyProjectSuperusers,OU=Foo,OU=Bar,DC=fh-h,DC=de"
 
+To generate a working mapping for `hshinfo` groups, use `ssoauth_group_mapping` management command in `syncds` (you can find one on the `sync` server).
+
 *Groups are not mapped automatically. The reason is that automatic mapping can pose security risks. Imagine auto-mapping that expects group with name "Superusers"; an intruder could create new group with this name under any path they own and/or create an alias/reference and receive superuser permissions in your project.* 
 
 
-- 
GitLab