diff --git a/0001-Sanitize-search-filters-for-nested-group-lookups.patch b/0001-Sanitize-search-filters-for-nested-group-lookups.patch
new file mode 100644
index 0000000..58b9544
--- /dev/null
+++ b/0001-Sanitize-search-filters-for-nested-group-lookups.patch
@@ -0,0 +1,73 @@
+From 979943195da209bdc28efd5e90a19f888f4b88ed Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh@redhat.com>
+Date: Mon, 31 Jan 2011 13:00:56 -0500
+Subject: [PATCH] Sanitize search filters for nested group lookups
+
+---
+ src/providers/ldap/sdap_async_accounts.c |   20 +++++++++++++++++---
+ 1 files changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c
+index 648f9a734eca60401c07d2b0d0fa432751c9ab73..5b6d3d74ac1496fe6a4266c327d0111e12e24b64 100644
+--- a/src/providers/ldap/sdap_async_accounts.c
++++ b/src/providers/ldap/sdap_async_accounts.c
+@@ -3409,6 +3409,7 @@ errno_t save_rfc2307bis_user_memberships(
+ {
+     errno_t ret, tret;
+     char *member_dn;
++    char *sanitized_dn;
+     char *filter;
+     const char **attrs;
+     size_t reply_count, i;
+@@ -3447,12 +3448,18 @@ errno_t save_rfc2307bis_user_memberships(
+         ret = ENOMEM;
+         goto error;
+     }
++    ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn);
++    if (ret != EOK) {
++        goto error;
++    }
++    talloc_free(member_dn);
+ 
+-    filter = talloc_asprintf(tmp_ctx, "(member=%s)", member_dn);
++    filter = talloc_asprintf(tmp_ctx, "(member=%s)", sanitized_dn);
+     if (!filter) {
+         ret = ENOMEM;
+         goto error;
+     }
++    talloc_free(sanitized_dn);
+ 
+     ret = sysdb_search_groups(tmp_ctx, state->sysdb, state->dom,
+                               filter, attrs, &reply_count, &replies);
+@@ -3874,6 +3881,7 @@ static errno_t rfc2307bis_nested_groups_update_sysdb(
+     const char *name;
+     bool in_transaction = false;
+     char *member_dn;
++    char *sanitized_dn;
+     char *filter;
+     const char **attrs;
+     size_t reply_count, i;
+@@ -3918,12 +3926,18 @@ static errno_t rfc2307bis_nested_groups_update_sysdb(
+         goto error;
+     }
+ 
+-    filter = talloc_asprintf(tmp_ctx, "(member=%s)", member_dn);
++    ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn);
++    if (ret != EOK) {
++        goto error;
++    }
++    talloc_free(member_dn);
++
++    filter = talloc_asprintf(tmp_ctx, "(member=%s)", sanitized_dn);
+     if (!filter) {
+         ret = ENOMEM;
+         goto error;
+     }
+-    talloc_free(member_dn);
++    talloc_free(sanitized_dn);
+ 
+     ret = sysdb_search_groups(tmp_ctx, state->sysdb, state->dom,
+                               filter, attrs,
+-- 
+1.7.3.5
+
diff --git a/sssd.spec b/sssd.spec
index 1f72daf..14913b2 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -5,7 +5,7 @@
 
 Name: sssd
 Version: 1.5.1
-Release: 2%{?dist}
+Release: 3%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -14,6 +14,7 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 ### Patches ###
+Patch0001: 0001-Sanitize-search-filters-for-nested-group-lookups.patch
 
 ### Dependencies ###
 
@@ -73,6 +74,7 @@ BuildRequires: bind-utils
 BuildRequires: keyutils-libs-devel
 BuildRequires: libnl-devel
 BuildRequires: nscd
+BuildRequires: gettext-devel
 
 %description
 Provides a set of daemons to manage access to remote directories and
@@ -106,6 +108,10 @@ use with ldap_default_authtok_type = obfuscated_password.
 %prep
 %setup -q
 
+autoreconf -ivf
+
+%patch0001 -p1
+
 %build
 %configure \
     --with-db-path=%{dbpath} \
@@ -167,6 +173,20 @@ do
     echo %{python_sitelib}/`basename $file` >> sssd.lang
 done
 
+touch sssd_tools.lang
+for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`
+do
+    lang=`echo $man | cut -c 1-2`
+    case `basename $man` in
+        sss_*)
+            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
+        ;;
+        *)
+            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
+            ;;
+    esac
+done
+
 %clean
 rm -rf $RPM_BUILD_ROOT
 
@@ -200,10 +220,7 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitearch}/pysss.so
 %{python_sitelib}/*.py*
 
-%lang(cs)       %{_mandir}/cs/man[58]/*
-%lang(uk)       %{_mandir}/uk/man[58]/*
-
-%files client
+%files client -f sssd_tools.lang
 %defattr(-,root,root,-)
 %doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
 /%{_lib}/libnss_sss.so.2
@@ -253,6 +270,10 @@ fi
 %postun client -p /sbin/ldconfig
 
 %changelog
+* Tue Feb 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-3
+- Fix nested group member filter sanitization for RFC2307bis
+- Put translated tool manpages into the sssd-tools subpackage
+
 * Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-2
 - Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during
 - rpmbuild