From e37cbdd9be139b9949024c94ae21c12b36a6c180 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 2 Oct 2013 17:48:49 +0200
Subject: AD: Add a new option ad_access_filter

This patch just adds the option, it doesn't do anything useful yet.

Related:
https://fedorahosted.org/sssd/ticket/2082
---
 src/man/sssd-ad.5.xml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'src/man')

diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index b05605aef..4c9a54aae 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -168,6 +168,30 @@ ldap_id_mapping = False
                     </listitem>
                 </varlistentry>
 
+                <varlistentry>
+                    <term>ad_access_filter (boolean)</term>
+                    <listitem>
+                        <para>
+                            This option specifies LDAP access control
+                            filter that the user must match in order
+                            to be allowed access. Please note that the
+                            <quote>access_filter</quote> option must be
+                            explicitly set to <quote>ad</quote> in order
+                            for this option to have an effect.
+                        </para>
+                        <para>
+                            Example:
+                        </para>
+                        <programlisting>
+access_provider = ad
+ad_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
+                        </programlisting>
+                        <para>
+                            Default: Not set
+                        </para>
+                    </listitem>
+                </varlistentry>
+
                 <varlistentry>
                     <term>dyndns_update (boolean)</term>
                     <listitem>
-- 
cgit