Add host access control support

https://fedorahosted.org/sssd/ticket/746

1 files changed, 24 insertions, 0 deletions

diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 58665eb4..2a39732b 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -587,6 +587,26 @@
                 </varlistentry>
 
                 <varlistentry>
+                    <term>ldap_user_authorized_host (string)</term>
+                    <listitem>
+                        <para>
+                            If access_provider=ldap and
+                            ldap_access_order=host, SSSD will use the presence
+                            of the host attribute in the user's LDAP entry to
+                            determine access privilege.
+                        </para>
+                        <para>
+                            An explicit deny (!host) is resolved first. Second,
+                            SSSD searches for explicit allow (host) and finally
+                            for allow_all (*).
+                        </para>
+                        <para>
+                            Default: host
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
                     <term>ldap_group_object_class (string)</term>
                     <listitem>
                         <para>
@@ -1249,6 +1269,10 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
                             access
                         </para>
                         <para>
+                            <emphasis>host</emphasis>: use the host attribute
+                            to determine access
+                        </para>
+                        <para>
                             Default: filter
                         </para>
                         <para>