Add LDAP access control based on NDS attributes

author: Sumit Bose <sbose@redhat.com> 2010-12-21 15:45:37 +0100
committer: Stephen Gallagher <sgallagh@redhat.com> 2011-07-08 15:20:38 -0400
commit: 37e7e93f1996cf50677cf59fd8af6938dd5d85b2 (patch)
tree: 0c7c2facfde01680e1f362fa8ec281c4ab3a6ac3 /src/man
parent: f7cfc227904771bccfda4f03f552923794dbb0c0 (diff)
download: sssd-37e7e93f1996cf50677cf59fd8af6938dd5d85b2.tar.gz
sssd-37e7e93f1996cf50677cf59fd8af6938dd5d85b2.tar.xz
sssd-37e7e93f1996cf50677cf59fd8af6938dd5d85b2.zip
1 files changed, 50 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index e554cac42..7c364abea 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -493,6 +493,47 @@
                 </varlistentry>
 
                 <varlistentry>
+                    <term>ldap_user_nds_login_disabled (string)</term>
+                    <listitem>
+                        <para>
+                            When using ldap_account_expire_policy=nds, this
+                            attribute determines if access is allowed or not.
+                        </para>
+                        <para>
+                            Default: loginDisabled
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                    <term>ldap_user_nds_login_expiration_time (string)</term>
+                    <listitem>
+                        <para>
+                            When using ldap_account_expire_policy=nds, this
+                            attribute determines until which date access is
+                            granted.
+                        </para>
+                        <para>
+                            Default: loginDisabled
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                    <term>ldap_user_nds_login_allowed_time_map (string)</term>
+                    <listitem>
+                        <para>
+                            When using ldap_account_expire_policy=nds, this
+                            attribute determines the hours of a day in a week
+                            when access is granted.
+                        </para>
+                        <para>
+                            Default: loginAllowedTimeMap
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
                     <term>ldap_user_principal (string)</term>
                     <listitem>
                         <para>
@@ -1296,6 +1337,15 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
                             access is allowed or not.
                         </para>
                         <para>
+                            <emphasis>nds</emphasis>: the values of
+                            ldap_user_nds_login_allowed_time_map,
+                            ldap_user_nds_login_disabled and
+                            ldap_user_nds_login_expiration_time are used to
+                            check if access is allowed. If both attributes are
+                            missing access is granted.
+                            <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/experimental.xml" />
+                        </para>
+                        <para>
                             Default: Empty
                         </para>
                     </listitem>
author	Sumit Bose <sbose@redhat.com>	2010-12-21 15:45:37 +0100
committer	Stephen Gallagher <sgallagh@redhat.com>	2011-07-08 15:20:38 -0400
commit	37e7e93f1996cf50677cf59fd8af6938dd5d85b2 (patch)
tree	0c7c2facfde01680e1f362fa8ec281c4ab3a6ac3 /src/man
parent	f7cfc227904771bccfda4f03f552923794dbb0c0 (diff)
download	sssd-37e7e93f1996cf50677cf59fd8af6938dd5d85b2.tar.gz sssd-37e7e93f1996cf50677cf59fd8af6938dd5d85b2.tar.xz sssd-37e7e93f1996cf50677cf59fd8af6938dd5d85b2.zip