diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-02 17:48:49 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-25 22:04:11 +0200 |
commit | e37cbdd9be139b9949024c94ae21c12b36a6c180 (patch) | |
tree | 2be4509270ad5ab5e31e9a98b2cb9d809770d0eb /src | |
parent | 88ee068181e2b35730f6bc2c71a63c21c476cdd7 (diff) | |
download | sssd-e37cbdd9be139b9949024c94ae21c12b36a6c180.tar.gz sssd-e37cbdd9be139b9949024c94ae21c12b36a6c180.tar.xz sssd-e37cbdd9be139b9949024c94ae21c12b36a6c180.zip |
AD: Add a new option ad_access_filter
This patch just adds the option, it doesn't do anything useful yet.
Related:
https://fedorahosted.org/sssd/ticket/2082
Diffstat (limited to 'src')
-rw-r--r-- | src/config/etc/sssd.api.d/sssd-ad.conf | 1 | ||||
-rw-r--r-- | src/man/sssd-ad.5.xml | 24 | ||||
-rw-r--r-- | src/providers/ad/ad_common.h | 1 | ||||
-rw-r--r-- | src/providers/ad/ad_opts.h | 1 |
4 files changed, 27 insertions, 0 deletions
diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf index 120c82752..9f606f6c4 100644 --- a/src/config/etc/sssd.api.d/sssd-ad.conf +++ b/src/config/etc/sssd.api.d/sssd-ad.conf @@ -4,6 +4,7 @@ ad_server = str, None, false ad_backup_server = str, None, false ad_hostname = str, None, false ad_enable_dns_sites = bool, None, false +ad_access_filter = str, None, false ldap_uri = str, None, false ldap_backup_uri = str, None, false ldap_search_base = str, None, false diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index b05605aef..4c9a54aae 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -169,6 +169,30 @@ ldap_id_mapping = False </varlistentry> <varlistentry> + <term>ad_access_filter (boolean)</term> + <listitem> + <para> + This option specifies LDAP access control + filter that the user must match in order + to be allowed access. Please note that the + <quote>access_filter</quote> option must be + explicitly set to <quote>ad</quote> in order + for this option to have an effect. + </para> + <para> + Example: + </para> + <programlisting> +access_provider = ad +ad_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com + </programlisting> + <para> + Default: Not set + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>dyndns_update (boolean)</term> <listitem> <para> diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index 98aeb2165..b8b73c042 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -41,6 +41,7 @@ enum ad_basic_opt { AD_KEYTAB, AD_KRB5_REALM, AD_ENABLE_DNS_SITES, + AD_ACCESS_FILTER, AD_OPTS_BASIC /* opts counter */ }; diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h index f3b6cd616..8022a1627 100644 --- a/src/providers/ad/ad_opts.h +++ b/src/providers/ad/ad_opts.h @@ -35,6 +35,7 @@ struct dp_option ad_basic_opts[] = { { "krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ad_enable_dns_sites", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, + { "ad_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING}, DP_OPTION_TERMINATOR }; |