diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2010-05-06 10:09:41 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-05-16 13:28:43 -0400 |
commit | fa26de3b1a8993a1c5a4b071851e5e5ff7ec2ce6 (patch) | |
tree | 7ce1399b2df00674a166ab1d6e387368667a6c70 /src/man | |
parent | 67421f2d62ceffb070070245a436bc46252b9420 (diff) | |
download | sssd-fa26de3b1a8993a1c5a4b071851e5e5ff7ec2ce6.tar.gz sssd-fa26de3b1a8993a1c5a4b071851e5e5ff7ec2ce6.tar.xz sssd-fa26de3b1a8993a1c5a4b071851e5e5ff7ec2ce6.zip |
Add ldap_access_filter option
This option (applicable to access_provider=ldap) allows the admin
to set an additional LDAP search filter that must match in order
for a user to be granted access to the system.
Common examples for this would be limiting access to users by in a
particular group, for example:
ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/sssd-ldap.5.xml | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index c119e7f3f..3aa989636 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -644,6 +644,45 @@ </listitem> </varlistentry> + <varlistentry> + <term>ldap_access_filter (string)</term> + <listitem> + <para> + If using access_provider = ldap, this option is + mandatory. It specifies an LDAP search filter + criteria that must be met for the user to be + granted access on this host. If + access_provider = ldap and this option is + not set, it will result in all users being + denied access. Use access_provider = allow to + change this default behavior. + </para> + <para> + Example: + </para> + <programlisting> +access_provider = ldap +ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com + </programlisting> + <para> + This example means that access to this host is + restricted to members of the "allowedusers" group + in ldap. + </para> + <para> + Offline caching for this feature is limited to + determining whether the user's last online login + was granted access permission. If they were + granted access during their last login, they will + continue to be granted access while offline and + vice-versa. + </para> + <para> + Default: Empty + </para> + </listitem> + </varlistentry> + </variablelist> </para> </refsect1> |