diff options
author | Dan Lavu <dlavu@redhat.com> | 2014-10-13 15:06:53 -0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-22 16:40:16 +0200 |
commit | 03b02ec99ea4be8e6f41c70dbe91d7175d5b63ea (patch) | |
tree | 691df5a7bb16ca669e767d5d88f3029506f6647c /src/man | |
parent | 9ec9f2dd850eef9e124f9064121e1909230a9888 (diff) | |
download | sssd-03b02ec99ea4be8e6f41c70dbe91d7175d5b63ea.tar.gz sssd-03b02ec99ea4be8e6f41c70dbe91d7175d5b63ea.tar.xz sssd-03b02ec99ea4be8e6f41c70dbe91d7175d5b63ea.zip |
MAN PAGE: modified sssd-ldap.5.xml for sssd ticket #2451
https://fedorahosted.org/sssd/ticket/2451
Added a configuration example at the bottom for
'ldap_access_order = lockout'. Also added a line
to note that 'ldap_access_provider = ldap' must
be specified for this feature to work.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/sssd-ldap.5.xml | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index a21ffc129..9a9410b41 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1449,7 +1449,7 @@ <listitem> <para> Specifies acceptable cipher suites. Typically this - is a colon sperated list. See + is a colon sperated list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for format. </para> @@ -1922,6 +1922,9 @@ ldap_access_filter = (employeeType=admin) attribute 'pwdAccountLockedTime' is present and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. + + Please note that 'access_provider = ldap' must + be set for this feature to work. </para> <para> <emphasis>expire</emphasis>: use @@ -2491,6 +2494,27 @@ ldap_access_filter = (employeeType=admin) </programlisting> </para> </refsect1> + <refsect1 id='ldap_access_filter_example'> + <title>LDAP ACCESS FILTER EXAMPLE</title> + <para> + The following example assumes that SSSD is correctly + configured and to use the ldap_access_order=lockout. + </para> + <para> +<programlisting> + [domain/LDAP] + id_provider = ldap + auth_provider = ldap + access_provider = ldap + ldap_access_order = lockout + ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org + ldap_uri = ldap://ldap.mydomain.org + ldap_search_base = dc=mydomain,dc=org + ldap_tls_reqcert = demand + cache_credentials = true +</programlisting> + </para> + </refsect1> <refsect1 id='notes'> <title>NOTES</title> |