Index: src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java	(revision a80aafa644af318426a6b7f44b66b42875579510)
+++ src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java	(revision )
@@ -549,6 +549,34 @@
     }
 
     @Test
+    public void testLostMembershipLocalGroup() throws Exception {
+        // create a local group in the repository
+        Group gr = createTestGroup();
+
+        // sync an external user from the IDP into the repo and make it member
+        // of the test group
+        SyncResult result = syncCtx.sync(idp.listUsers().next());
+        User user = userManager.getAuthorizable(result.getIdentity().getId(), User.class);
+        gr.addMember(user);
+        root.commit();
+
+        // enforce synchronization of the user and it's group membership
+        syncCtx.setForceUserSync(true);
+        syncConfig.user().setMembershipExpirationTime(-1);
+
+        // 1. membership nesting is < 0 => membership not synchronized
+        syncConfig.user().setMembershipNestingDepth(-1);
+        syncCtx.sync(user.getID()).getStatus();
+        assertTrue(gr.isDeclaredMember(user));
+
+        // 2. membership nesting is > 0 => membership gets synchronized
+        syncConfig.user().setMembershipNestingDepth(1);
+        assertEquals(SyncResult.Status.UPDATE, syncCtx.sync(user.getID()).getStatus());
+
+        assertFalse(gr.isDeclaredMember(user));
+    }
+
+    @Test
     public void testLostMembershipDifferentIDP() throws Exception {
         // create a group in the repository which is marked as being external
         // and associated with another IPD.
\ No newline at end of file