Hello,

I had a few hours of good time importing and syncing users from our FreeIPA directory.

The documentation is a little out of date (the screenshots do not include the feature "Lookup using user attribute") which is really useful as we are using nested groups and Authentik would have to recurse through those - both user and group members of a group use the same LDAP attribute - member.

On the other hand, user entries in the directory have ALL the groups they are member of, even indirect, in the attribute memberOf.

The other problem I had was that the "User membership attribute" HAS to be set to distinguishedName, not just dn as I've mistakenly set it, but that is my error (and is missing from the docs too, so I'd like to fix that :)

I'll submit a PR shortly.