MAN PAGE: modified sssd-ldap.5.xml for sssd ticket #2451

https://fedorahosted.org/sssd/ticket/2451 Added a configuration example at the bottom for 'ldap_access_order = lockout'. Also added a line to note that 'ldap_access_provider = ldap' must be specified for this feature to work. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
author: Dan Lavu <dlavu@redhat.com> 2014-10-13 15:06:53 -0400
committer: Jakub Hrozek <jhrozek@redhat.com> 2014-10-22 16:40:16 +0200
commit: 03b02ec99ea4be8e6f41c70dbe91d7175d5b63ea (patch)
tree: 691df5a7bb16ca669e767d5d88f3029506f6647c
parent: 9ec9f2dd850eef9e124f9064121e1909230a9888 (diff)
download: sssd-03b02ec99ea4be8e6f41c70dbe91d7175d5b63ea.tar.gz
sssd-03b02ec99ea4be8e6f41c70dbe91d7175d5b63ea.tar.xz
sssd-03b02ec99ea4be8e6f41c70dbe91d7175d5b63ea.zip
1 files changed, 25 insertions, 1 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index a21ffc129..9a9410b41 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -1449,7 +1449,7 @@
                     <listitem>
                         <para>
                             Specifies acceptable cipher suites.  Typically this
-                            is a colon sperated list.  See 
+                            is a colon sperated list.  See
                             <citerefentry><refentrytitle>ldap.conf</refentrytitle>
                             <manvolnum>5</manvolnum></citerefentry> for format.
                         </para>
@@ -1922,6 +1922,9 @@ ldap_access_filter = (employeeType=admin)
                             attribute 'pwdAccountLockedTime' is present and has
                             value of '000001010000Z'. Please see the option
                             ldap_pwdlockout_dn.
+
+                            Please note that 'access_provider = ldap' must
+                            be set for this feature to work.
                         </para>
                         <para>
                             <emphasis>expire</emphasis>: use
@@ -2491,6 +2494,27 @@ ldap_access_filter = (employeeType=admin)
 </programlisting>
         </para>
     </refsect1>
+    <refsect1 id='ldap_access_filter_example'>
+        <title>LDAP ACCESS FILTER EXAMPLE</title>
+        <para>
+            The following example assumes that SSSD is correctly
+            configured and to use the ldap_access_order=lockout.
+        </para>
+        <para>
+<programlisting>
+    [domain/LDAP]
+    id_provider = ldap
+    auth_provider = ldap
+    access_provider = ldap
+    ldap_access_order = lockout
+    ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org
+    ldap_uri = ldap://ldap.mydomain.org
+    ldap_search_base = dc=mydomain,dc=org
+    ldap_tls_reqcert = demand
+    cache_credentials = true
+</programlisting>
+        </para>
+    </refsect1>
 
     <refsect1 id='notes'>
         <title>NOTES</title>
author	Dan Lavu <dlavu@redhat.com>	2014-10-13 15:06:53 -0400
committer	Jakub Hrozek <jhrozek@redhat.com>	2014-10-22 16:40:16 +0200
commit	03b02ec99ea4be8e6f41c70dbe91d7175d5b63ea (patch)
tree	691df5a7bb16ca669e767d5d88f3029506f6647c
parent	9ec9f2dd850eef9e124f9064121e1909230a9888 (diff)
download	sssd-03b02ec99ea4be8e6f41c70dbe91d7175d5b63ea.tar.gz sssd-03b02ec99ea4be8e6f41c70dbe91d7175d5b63ea.tar.xz sssd-03b02ec99ea4be8e6f41c70dbe91d7175d5b63ea.zip