path: root/src
diff options
authorJakub Hrozek <>2014-02-24 19:42:23 +0100
committerJakub Hrozek <>2014-02-26 18:17:57 +0100
commit1e45bf20032b4d984e02487bb39cb61210063ea9 (patch)
tree157bec52824936a629fa1a9eb74b7b7d7838c39f /src
parent802220cc4ef437d8f169c51c7ce073a51f507b92 (diff)
MAN: Clarify the ldap_access_filter option further The memberof example was misleading and was making aministrators think that the ldap_access_filter can resolve nested group memberships. Reviewed-by: Sumit Bose <> Reviewed-by: Stephen Gallagher <> (cherry picked from commit 604d46e028ab62f83060fb88bdd3319a31aca2d1)
Diffstat (limited to 'src')
1 files changed, 5 insertions, 4 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index cc58544c3..b271a2b7f 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -1775,19 +1775,20 @@
and this option is not set, it will result in all
users being denied access.
Use access_provider = permit to change this default
- behavior.
+ behavior. Please note that this filter is applied on
+ the LDAP user entry only.
access_provider = ldap
-ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
+ldap_access_filter = (employeeType=admin)
This example means that access to this host is
- restricted to members of the "allowedusers" group
- in ldap.
+ restricted to users whose employeeType
+ attribute is set to "admin".
Offline caching for this feature is limited to