Add authorizedService support

https://fedorahosted.org/sssd/ticket/670
author: Stephen Gallagher <sgallagh@redhat.com> 2010-12-20 16:05:14 -0500
committer: Stephen Gallagher <sgallagh@redhat.com> 2010-12-21 17:05:51 -0500
commit: 2a2f642aae37e3f41cbbda162a74c2b946a4521f (patch)
tree: 146d6b2ec11a27fb0830a4c48f65cc36a07cef01 /src/man
parent: 6ff6ccd3eec35217708870b0fe7a6362e97de95f (diff)
download: sssd-2a2f642aae37e3f41cbbda162a74c2b946a4521f.tar.gz
sssd-2a2f642aae37e3f41cbbda162a74c2b946a4521f.tar.xz
sssd-2a2f642aae37e3f41cbbda162a74c2b946a4521f.zip
1 files changed, 26 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 3406dc469..7a7334622 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -524,6 +524,27 @@
                 </varlistentry>
 
                 <varlistentry>
+                    <term>ldap_user_authorized_service (string)</term>
+                    <listitem>
+                        <para>
+                            If access_provider=ldap and
+                            ldap_access_order=authorized_service, SSSD will
+                            use the presence of the authorizedService
+                            attribute in the user's LDAP entry to determine
+                            access privilege.
+                        </para>
+                        <para>
+                            An explicit deny (!svc) is resolved first. Second,
+                            SSSD searches for explicit allow (svc) and finally
+                            for allow_all (*).
+                        </para>
+                        <para>
+                            Default: authorizedService
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
                     <term>ldap_group_object_class (string)</term>
                     <listitem>
                         <para>
@@ -1109,6 +1130,11 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
                             ldap_account_expire_policy
                         </para>
                         <para>
+                            <emphasis>authorized_service</emphasis>: use
+                            the authorizedService attribute to determine
+                            access
+                        </para>
+                        <para>
                             Default: filter
                         </para>
                         <para>
author	Stephen Gallagher <sgallagh@redhat.com>	2010-12-20 16:05:14 -0500
committer	Stephen Gallagher <sgallagh@redhat.com>	2010-12-21 17:05:51 -0500
commit	2a2f642aae37e3f41cbbda162a74c2b946a4521f (patch)
tree	146d6b2ec11a27fb0830a4c48f65cc36a07cef01 /src/man
parent	6ff6ccd3eec35217708870b0fe7a6362e97de95f (diff)
download	sssd-2a2f642aae37e3f41cbbda162a74c2b946a4521f.tar.gz sssd-2a2f642aae37e3f41cbbda162a74c2b946a4521f.tar.xz sssd-2a2f642aae37e3f41cbbda162a74c2b946a4521f.zip