From 2a2f642aae37e3f41cbbda162a74c2b946a4521f Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Mon, 20 Dec 2010 16:05:14 -0500 Subject: Add authorizedService support https://fedorahosted.org/sssd/ticket/670 --- src/man/sssd-ldap.5.xml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'src/man') diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 3406dc469..7a7334622 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -523,6 +523,27 @@ + + ldap_user_authorized_service (string) + + + If access_provider=ldap and + ldap_access_order=authorized_service, SSSD will + use the presence of the authorizedService + attribute in the user's LDAP entry to determine + access privilege. + + + An explicit deny (!svc) is resolved first. Second, + SSSD searches for explicit allow (svc) and finally + for allow_all (*). + + + Default: authorizedService + + + + ldap_group_object_class (string) @@ -1108,6 +1129,11 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com expire: use ldap_account_expire_policy + + authorized_service: use + the authorizedService attribute to determine + access + Default: filter -- cgit