diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-02 17:48:49 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-25 21:02:43 +0200 |
commit | 8a05fd320a44636d120a18eb7e9956c7b35b3138 (patch) | |
tree | 58f77c880ecea276ab4323f465b743001894d04e | |
parent | dd2f33603228005a44675f1484c294ea647dbce3 (diff) | |
download | sssd-8a05fd320a44636d120a18eb7e9956c7b35b3138.tar.gz sssd-8a05fd320a44636d120a18eb7e9956c7b35b3138.tar.xz sssd-8a05fd320a44636d120a18eb7e9956c7b35b3138.zip |
AD: Add a new option ad_access_filter
This patch just adds the option, it doesn't do anything useful yet.
Related:
https://fedorahosted.org/sssd/ticket/2082
-rw-r--r-- | src/config/etc/sssd.api.d/sssd-ad.conf | 1 | ||||
-rw-r--r-- | src/man/sssd-ad.5.xml | 24 | ||||
-rw-r--r-- | src/providers/ad/ad_common.h | 1 | ||||
-rw-r--r-- | src/providers/ad/ad_opts.h | 1 |
4 files changed, 27 insertions, 0 deletions
diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf index 120c82752..9f606f6c4 100644 --- a/src/config/etc/sssd.api.d/sssd-ad.conf +++ b/src/config/etc/sssd.api.d/sssd-ad.conf @@ -4,6 +4,7 @@ ad_server = str, None, false ad_backup_server = str, None, false ad_hostname = str, None, false ad_enable_dns_sites = bool, None, false +ad_access_filter = str, None, false ldap_uri = str, None, false ldap_backup_uri = str, None, false ldap_search_base = str, None, false diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 3aa865ab1..41bd3ba05 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -169,6 +169,30 @@ ldap_id_mapping = False </varlistentry> <varlistentry> + <term>ad_access_filter (boolean)</term> + <listitem> + <para> + This option specifies LDAP access control + filter that the user must match in order + to be allowed access. Please note that the + <quote>access_filter</quote> option must be + explicitly set to <quote>ad</quote> in order + for this option to have an effect. + </para> + <para> + Example: + </para> + <programlisting> +access_provider = ad +ad_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com + </programlisting> + <para> + Default: Not set + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>dyndns_update (boolean)</term> <listitem> <para> diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index 98aeb2165..b8b73c042 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -41,6 +41,7 @@ enum ad_basic_opt { AD_KEYTAB, AD_KRB5_REALM, AD_ENABLE_DNS_SITES, + AD_ACCESS_FILTER, AD_OPTS_BASIC /* opts counter */ }; diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h index f3b6cd616..8022a1627 100644 --- a/src/providers/ad/ad_opts.h +++ b/src/providers/ad/ad_opts.h @@ -35,6 +35,7 @@ struct dp_option ad_basic_opts[] = { { "krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ad_enable_dns_sites", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, + { "ad_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING}, DP_OPTION_TERMINATOR }; |