summaryrefslogtreecommitdiff
path: root/src/man
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2010-12-20 16:05:14 -0500
committerStephen Gallagher <sgallagh@redhat.com>2010-12-21 17:05:51 -0500
commit2a2f642aae37e3f41cbbda162a74c2b946a4521f (patch)
tree146d6b2ec11a27fb0830a4c48f65cc36a07cef01 /src/man
parent6ff6ccd3eec35217708870b0fe7a6362e97de95f (diff)
downloadsssd-2a2f642aae37e3f41cbbda162a74c2b946a4521f.tar.gz
sssd-2a2f642aae37e3f41cbbda162a74c2b946a4521f.tar.bz2
sssd-2a2f642aae37e3f41cbbda162a74c2b946a4521f.zip
Add authorizedService support
https://fedorahosted.org/sssd/ticket/670
Diffstat (limited to 'src/man')
-rw-r--r--src/man/sssd-ldap.5.xml26
1 files changed, 26 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 3406dc46..7a733462 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -524,6 +524,27 @@
</varlistentry>
<varlistentry>
+ <term>ldap_user_authorized_service (string)</term>
+ <listitem>
+ <para>
+ If access_provider=ldap and
+ ldap_access_order=authorized_service, SSSD will
+ use the presence of the authorizedService
+ attribute in the user's LDAP entry to determine
+ access privilege.
+ </para>
+ <para>
+ An explicit deny (!svc) is resolved first. Second,
+ SSSD searches for explicit allow (svc) and finally
+ for allow_all (*).
+ </para>
+ <para>
+ Default: authorizedService
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>ldap_group_object_class (string)</term>
<listitem>
<para>
@@ -1109,6 +1130,11 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
ldap_account_expire_policy
</para>
<para>
+ <emphasis>authorized_service</emphasis>: use
+ the authorizedService attribute to determine
+ access
+ </para>
+ <para>
Default: filter
</para>
<para>