Add ldap_access_filter option

This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
author: Stephen Gallagher <sgallagh@redhat.com> 2010-05-06 10:09:41 -0400
committer: Stephen Gallagher <sgallagh@redhat.com> 2010-05-27 14:44:14 -0400
commit: 35480afaefafb77b28d35b29039989ab888aafe9 (patch)
tree: 60789844987297b64c9dc237bdd4501e4b5df86f /src/config/SSSDConfig.py
parent: 8bb6aa3fd81a3c195b92270ddf189296abae65eb (diff)
download: sssd-35480afaefafb77b28d35b29039989ab888aafe9.tar.gz
sssd-35480afaefafb77b28d35b29039989ab888aafe9.tar.xz
sssd-35480afaefafb77b28d35b29039989ab888aafe9.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 6b759d83c..7b9d96c9e 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -151,6 +151,9 @@ option_strings = {
     # [provider/ldap/auth]
     'ldap_pwd_policy' : _('Policy to evaluate the password expiration'),
 
+    # [provider/ldap/access]
+    'ldap_access_filter' : _('LDAP filter to determine access privileges'),
+
     # [provider/simple/access]
     'simple_allow_users' : _('Comma separated list of allowed users'),
     'simple_deny_users' : _('Comma separated list of prohibited users'),
author	Stephen Gallagher <sgallagh@redhat.com>	2010-05-06 10:09:41 -0400
committer	Stephen Gallagher <sgallagh@redhat.com>	2010-05-27 14:44:14 -0400
commit	35480afaefafb77b28d35b29039989ab888aafe9 (patch)
tree	60789844987297b64c9dc237bdd4501e4b5df86f /src/config/SSSDConfig.py
parent	8bb6aa3fd81a3c195b92270ddf189296abae65eb (diff)
download	sssd-35480afaefafb77b28d35b29039989ab888aafe9.tar.gz sssd-35480afaefafb77b28d35b29039989ab888aafe9.tar.xz sssd-35480afaefafb77b28d35b29039989ab888aafe9.zip