Add ocis known issues

modules/ROOT/pages/ocis_release_notes.adoc

@@ -154,7 +154,7 @@ The Separate Trash Bin for Spaces introduces individual trash bins for each spac
 
 [discrete]
 === Deny Access
-The Deny Access feature, which is *experimental and not ready for production environments*, allows users to share folders with groups, but deny access to a single person in that group. Example: If you share the "Birthday Present" folder with all users in the organization, you want to exclude the one person whose birthday is coming up. This use case is now possible, but not yet production ready and disabled by default. To enable this feature, the https://doc.owncloud.com/ocis/next/deployment/services/s-list/frontend.html#environment-variables[variable] `FRONTEND_OCS_ENABLE_DENIALS` needs to be set to to `true`. Please contact {oc-support-url}[ownCloud Support] or give us your feedback via {oc-central-url}[ownCloud Central] so that we can finalize this long-awaited feature with the help of your testing.
+The Deny Access feature, which is *experimental and not ready for production environments*, allows users to share folders with groups, but deny access to a single person in that group. Example: If you share the "Birthday Present" folder with all users in the organization, you want to exclude the one person whose birthday is coming up. This use case is now possible, but not yet production ready and disabled by default. To enable this feature, the xref:{latest-ocis-version}@ocis:ROOT:deployment/services/s-list/frontend.adoc#environment-variables[variable] `FRONTEND_OCS_ENABLE_DENIALS` needs to be set to to `true`. Please contact {oc-support-url}[ownCloud Support] or give us your feedback via {oc-central-url}[ownCloud Central] so that we can finalize this long-awaited feature with the help of your testing.
 
 [discrete]
 === Other Notable Changes
@@ -209,7 +209,14 @@ Since the base block is a GRPC API, it is also possible to use it directly. Poli
 
 - Automatically emtpy the trashbin (off per default): Introduction of a new cli command to purge old trash-bin items. https://github.com/owncloud/ocis/pull/5500[#5500]
 
-// === Known Issues
+=== Known Issues
+
+- The environment variable xref:{latest-ocis-version}@ocis:ROOT:deployment/services/env-vars-special-scope.adoc[OCIS_LDAP_DISABLE_USER_MECHANISM] is an option to control the behavior for disabling users. The default value is `attribute` and requires configuration on the LDAP server. Enabling and disabling users is LDAP implementation specific.
++
+--
+- If you are using an external LDAP server you can either set `OCIS_LDAP_DISABLE_USER_MECHANISM` to `none` to disable it completely or to `attribute` in which case you need to set `OCIS_LDAP_USER_ENABLED_ATTRIBUTE` according to your external LDAP server's requirements.
+- Additionally and due to a bug recently discovered in the xref:{latest-ocis-version}@ocis:ROOT:deployment/services/s-list/idp.adoc[IDP] service, you must set `OCIS_LDAP_USER_ENABLED_ATTRIBUTE=""` to overwrite the default setting when `OCIS_LDAP_DISABLE_USER_MECHANISM` is set to `none`. This bug will be fixed in a subsequent release.
+--
 
 === Migrations