diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2010-05-06 10:09:41 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-05-27 14:44:14 -0400 |
| commit | 35480afaefafb77b28d35b29039989ab888aafe9 (patch) | |
| tree | 60789844987297b64c9dc237bdd4501e4b5df86f /src/config | |
| parent | 8bb6aa3fd81a3c195b92270ddf189296abae65eb (diff) | |
| download | sssd-35480afaefafb77b28d35b29039989ab888aafe9.tar.gz sssd-35480afaefafb77b28d35b29039989ab888aafe9.tar.bz2 sssd-35480afaefafb77b28d35b29039989ab888aafe9.zip | |
Add ldap_access_filter option
This option (applicable to access_provider=ldap) allows the admin
to set an additional LDAP search filter that must match in order
for a user to be granted access to the system.
Common examples for this would be limiting access to users by in a
particular group, for example:
ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
Diffstat (limited to 'src/config')
| -rw-r--r-- | src/config/SSSDConfig.py | 3 | ||||
| -rwxr-xr-x | src/config/SSSDConfigTest.py | 2 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ldap.conf | 3 |
3 files changed, 7 insertions, 1 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index 6b759d83..7b9d96c9 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -151,6 +151,9 @@ option_strings = { # [provider/ldap/auth] 'ldap_pwd_policy' : _('Policy to evaluate the password expiration'), + # [provider/ldap/access] + 'ldap_access_filter' : _('LDAP filter to determine access privileges'), + # [provider/simple/access] 'simple_allow_users' : _('Comma separated list of allowed users'), 'simple_deny_users' : _('Comma separated list of prohibited users'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 61c2f949..04d438e0 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -687,7 +687,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): control_provider_dict = { 'ipa': ['id', 'auth', 'access', 'chpass'], 'local': ['id', 'auth', 'chpass'], - 'ldap': ['id', 'auth', 'chpass'], + 'ldap': ['id', 'auth', 'access', 'chpass'], 'krb5': ['auth', 'chpass'], 'proxy': ['id', 'auth'], 'simple': ['access'], diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index abcb5199..7f0c3606 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -67,5 +67,8 @@ ldap_force_upper_case_realm = bool, None, false [provider/ldap/auth] ldap_pwd_policy = str, None, false +[provider/ldap/access] +ldap_access_filter = str, None, false + [provider/ldap/chpass] |