Add group support to the simple access provider

This patch adds simple_allow_groups and simple_deny_groups options to the simple access provider. It makes it possible to grant or deny access based on a user's group memberships within the domain. This patch makes one minor change to previous functionality: now all deny rules will supersede allow rules. Previously, if both simple_allow_users and simple_deny_users were set with the same value, the allow would win. https://fedorahosted.org/sssd/ticket/440
author: Stephen Gallagher <sgallagh@redhat.com> 2010-12-09 10:14:04 -0500
committer: Stephen Gallagher <sgallagh@redhat.com> 2010-12-13 07:30:24 -0500
commit: 1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb (patch)
tree: 6e1e86dfbddffac5a89201f26dd4be9ed92eaab1 /src/config
parent: 583a018d792c7a28762ecfba74ef1adc48724f22 (diff)
download: sssd-1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb.tar.gz
sssd-1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb.tar.xz
sssd-1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/config/etc/sssd.api.d/sssd-simple.conf b/src/config/etc/sssd.api.d/sssd-simple.conf
index 13fbeb9e9..e14ea45d9 100644
--- a/src/config/etc/sssd.api.d/sssd-simple.conf
+++ b/src/config/etc/sssd.api.d/sssd-simple.conf
@@ -3,3 +3,5 @@
 [provider/simple/access]
 simple_allow_users = str, None, false
 simple_deny_users = str, None, false
+simple_allow_groups = str, None, false
+simple_deny_groups = str, None, false
author	Stephen Gallagher <sgallagh@redhat.com>	2010-12-09 10:14:04 -0500
committer	Stephen Gallagher <sgallagh@redhat.com>	2010-12-13 07:30:24 -0500
commit	1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb (patch)
tree	6e1e86dfbddffac5a89201f26dd4be9ed92eaab1 /src/config
parent	583a018d792c7a28762ecfba74ef1adc48724f22 (diff)
download	sssd-1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb.tar.gz sssd-1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb.tar.xz sssd-1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb.zip