diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-24 19:42:23 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-02-26 18:15:55 +0100 |
| commit | 604d46e028ab62f83060fb88bdd3319a31aca2d1 (patch) | |
| tree | ee351f7e226079d3a2ba3987fa6b996f69403741 | |
| parent | 90afedb00608547ae1f32aa7aafd552c4b306909 (diff) | |
| download | sssd-604d46e028ab62f83060fb88bdd3319a31aca2d1.tar.gz sssd-604d46e028ab62f83060fb88bdd3319a31aca2d1.tar.xz sssd-604d46e028ab62f83060fb88bdd3319a31aca2d1.zip | |
MAN: Clarify the ldap_access_filter option further
https://fedorahosted.org/sssd/ticket/2235
The memberof example was misleading and was making aministrators think
that the ldap_access_filter can resolve nested group memberships.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
| -rw-r--r-- | src/man/sssd-ldap.5.xml | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 9e572836d..f93b418c4 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1775,19 +1775,20 @@ and this option is not set, it will result in all users being denied access. Use access_provider = permit to change this default - behavior. + behavior. Please note that this filter is applied on + the LDAP user entry only. </para> <para> Example: </para> <programlisting> access_provider = ldap -ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com +ldap_access_filter = (employeeType=admin) </programlisting> <para> This example means that access to this host is - restricted to members of the "allowedusers" group - in ldap. + restricted to users whose employeeType + attribute is set to "admin". </para> <para> Offline caching for this feature is limited to |