From 2461079ba20a42f47d7cf7982664f654c9286b59 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Sun, 9 Jun 2013 12:14:07 +0200 Subject: man: document the need to set ldap_access_order https://fedorahosted.org/sssd/ticket/1789 ldap_access_order must be set in order to non-default access control options to work. This patch amends the sssd-ldap man page to document this fact with all non-default ldap_access_order options. --- src/man/sssd-ldap.5.xml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 37df5ec1b..97b5fdc57 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -716,6 +716,13 @@ SSSD searches for explicit allow (svc) and finally for allow_all (*). + + Please note that the ldap_access_order + configuration option must include + authorized_service in order for the + ldap_user_authorized_service option + to work. + Default: authorizedService @@ -736,6 +743,13 @@ SSSD searches for explicit allow (host) and finally for allow_all (*). + + Please note that the ldap_access_order + configuration option must + include host in order for the + ldap_user_authorized_host option + to work. + Default: host @@ -1758,6 +1772,13 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com missing access is granted. + + Please note that the ldap_access_order + configuration option must + include expire in order for the + ldap_account_expire_policy option + to work. + Default: Empty -- cgit