diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2010-12-20 16:05:14 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-12-21 17:05:51 -0500 |
commit | 2a2f642aae37e3f41cbbda162a74c2b946a4521f (patch) | |
tree | 146d6b2ec11a27fb0830a4c48f65cc36a07cef01 /src/man | |
parent | 6ff6ccd3eec35217708870b0fe7a6362e97de95f (diff) | |
download | sssd-2a2f642aae37e3f41cbbda162a74c2b946a4521f.tar.gz sssd-2a2f642aae37e3f41cbbda162a74c2b946a4521f.tar.bz2 sssd-2a2f642aae37e3f41cbbda162a74c2b946a4521f.zip |
Add authorizedService support
https://fedorahosted.org/sssd/ticket/670
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/sssd-ldap.5.xml | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 3406dc46..7a733462 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -524,6 +524,27 @@ </varlistentry> <varlistentry> + <term>ldap_user_authorized_service (string)</term> + <listitem> + <para> + If access_provider=ldap and + ldap_access_order=authorized_service, SSSD will + use the presence of the authorizedService + attribute in the user's LDAP entry to determine + access privilege. + </para> + <para> + An explicit deny (!svc) is resolved first. Second, + SSSD searches for explicit allow (svc) and finally + for allow_all (*). + </para> + <para> + Default: authorizedService + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ldap_group_object_class (string)</term> <listitem> <para> @@ -1109,6 +1130,11 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com ldap_account_expire_policy </para> <para> + <emphasis>authorized_service</emphasis>: use + the authorizedService attribute to determine + access + </para> + <para> Default: filter </para> <para> |