Merge pull request #11079 from nextcloud/enh/ldap_check_group_command

Document new command ldap:check-group

admin_manual/configuration_server/occ_command.rst

@@ -946,6 +946,7 @@ you can run the following LDAP commands with ``occ``::
 
  ldap
   ldap:check-user               checks whether a user exists on LDAP.
+  ldap:check-group              checks whether a group exists on LDAP.
   ldap:create-empty-config      creates an empty LDAP configuration
   ldap:delete-config            deletes an existing LDAP configuration
   ldap:search                   executes a user or group search
@@ -990,6 +991,11 @@ use the ``--force`` option to force it to check all active LDAP connections::
 
  sudo -u www-data php occ ldap:check-user --force robert
 
+``ldap:check-group`` checks whether a group still exists in the LDAP directory.
+Use with ``--update`` to update the group membership cache on the Nextcloud side::
+
+ sudo -u www-data php occ ldap:check-group --update mygroup
+
 ``ldap:create-empty-config`` creates an empty LDAP configuration. The first
 one you create has ``configID`` ``s01``, and all subsequent configurations
 that you create are automatically assigned IDs::

admin_manual/configuration_user/user_auth_ldap.rst

@@ -796,6 +796,10 @@ in batches from all users again. Beside that they are also refreshed during a
 login for this user or can be fetched manually via the occ command 
 ``occ ldap:check-user --update USERID`` where ``USERID`` is Nextcloud's user id.
 
+For groups, a cache of memberships is stored in the database to be able to trigger
+events when a membership is added or removed. This cache is updated by a background
+job, and can be force updated using ``occ ldap:check-group --update GROUPID``.
+
 Caching
 ^^^^^^^