3 files changed, 7 insertions, 1 deletions

diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 6b759d83..7b9d96c9 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -151,6 +151,9 @@ option_strings = {
     # [provider/ldap/auth]
     'ldap_pwd_policy' : _('Policy to evaluate the password expiration'),
 
+    # [provider/ldap/access]
+    'ldap_access_filter' : _('LDAP filter to determine access privileges'),
+
     # [provider/simple/access]
     'simple_allow_users' : _('Comma separated list of allowed users'),
     'simple_deny_users' : _('Comma separated list of prohibited users'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 61c2f949..04d438e0 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -687,7 +687,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
         control_provider_dict = {
             'ipa': ['id', 'auth', 'access', 'chpass'],
             'local': ['id', 'auth', 'chpass'],
-            'ldap': ['id', 'auth', 'chpass'],
+            'ldap': ['id', 'auth', 'access', 'chpass'],
             'krb5': ['auth', 'chpass'],
             'proxy': ['id', 'auth'],
             'simple': ['access'],
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index abcb5199..7f0c3606 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -67,5 +67,8 @@ ldap_force_upper_case_realm = bool, None, false
 [provider/ldap/auth]
 ldap_pwd_policy = str, None, false
 
+[provider/ldap/access]
+ldap_access_filter = str, None, false
+
 [provider/ldap/chpass]