sssd-simple 5 File Formats and Conventions sssd-simple the configuration file for SSSD's 'simple' access-control provider This manual page describes the configuration of the simple access-control provider for sssd 8 . For a detailed syntax reference, refer to the FILE FORMAT section of the sssd.conf 5 manual page. The simple access provider grants or denies access based on an access or deny list of user names. Here to following rules apply: If both lists are empty, access is granted If simple_allow_users is set, only users from this list are allowed access. This setting supersedes the simple_deny_users list (which would be redundant). If the simple_allow_users list is empty, users are allowed access unless they appear in the simple_deny_users list Refer to the section DOMAIN SECTIONS of the sssd.conf 5 manual page for details on the configuration of an SSSD domain. simple_allow_users (string) Comma separated list of users who are allowed to log in. simple_deny_users (string) Comma separated list of users who are rejected if simple_allow_users is not set. Please note that it is an configuration error if both, simple_allow_users and simple_deny_users, are defined. The following example assumes that SSSD is correctly configured and example.com is one of the domains in the [sssd] section. This examples shows only the simple access provider-specific options. [domain/example.com] access_provider = simple simple_allow_users = user1, user2 sssd.conf5 , sssd8