diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-24 19:42:23 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-26 18:17:57 +0100 |
commit | 1e45bf20032b4d984e02487bb39cb61210063ea9 (patch) | |
tree | 157bec52824936a629fa1a9eb74b7b7d7838c39f /src | |
parent | 802220cc4ef437d8f169c51c7ce073a51f507b92 (diff) | |
download | sssd-1e45bf20032b4d984e02487bb39cb61210063ea9.tar.gz sssd-1e45bf20032b4d984e02487bb39cb61210063ea9.tar.xz sssd-1e45bf20032b4d984e02487bb39cb61210063ea9.zip |
MAN: Clarify the ldap_access_filter option further
https://fedorahosted.org/sssd/ticket/2235
The memberof example was misleading and was making aministrators think
that the ldap_access_filter can resolve nested group memberships.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
(cherry picked from commit 604d46e028ab62f83060fb88bdd3319a31aca2d1)
Diffstat (limited to 'src')
-rw-r--r-- | src/man/sssd-ldap.5.xml | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index cc58544c3..b271a2b7f 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1775,19 +1775,20 @@ and this option is not set, it will result in all users being denied access. Use access_provider = permit to change this default - behavior. + behavior. Please note that this filter is applied on + the LDAP user entry only. </para> <para> Example: </para> <programlisting> access_provider = ldap -ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com +ldap_access_filter = (employeeType=admin) </programlisting> <para> This example means that access to this host is - restricted to members of the "allowedusers" group - in ldap. + restricted to users whose employeeType + attribute is set to "admin". </para> <para> Offline caching for this feature is limited to |