From 35480afaefafb77b28d35b29039989ab888aafe9 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 6 May 2010 10:09:41 -0400
Subject: Add ldap_access_filter option

This option (applicable to access_provider=ldap) allows the admin
to set an additional LDAP search filter that must match in order
for a user to be granted access to the system.

Common examples for this would be limiting access to users by in a
particular group, for example:
ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
---
 src/config/etc/sssd.api.d/sssd-ldap.conf | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/config/etc/sssd.api.d/sssd-ldap.conf')

diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index abcb5199d..7f0c36069 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -67,5 +67,8 @@ ldap_force_upper_case_realm = bool, None, false
 [provider/ldap/auth]
 ldap_pwd_policy = str, None, false
 
+[provider/ldap/access]
+ldap_access_filter = str, None, false
+
 [provider/ldap/chpass]
 
-- 
cgit