summaryrefslogtreecommitdiff
path: root/src/man/sssd-ldap.5.xml
diff options
context:
space:
mode:
Diffstat (limited to 'src/man/sssd-ldap.5.xml')
-rw-r--r--src/man/sssd-ldap.5.xml26
1 files changed, 26 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 3406dc46..7a733462 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -524,6 +524,27 @@
</varlistentry>
<varlistentry>
+ <term>ldap_user_authorized_service (string)</term>
+ <listitem>
+ <para>
+ If access_provider=ldap and
+ ldap_access_order=authorized_service, SSSD will
+ use the presence of the authorizedService
+ attribute in the user's LDAP entry to determine
+ access privilege.
+ </para>
+ <para>
+ An explicit deny (!svc) is resolved first. Second,
+ SSSD searches for explicit allow (svc) and finally
+ for allow_all (*).
+ </para>
+ <para>
+ Default: authorizedService
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>ldap_group_object_class (string)</term>
<listitem>
<para>
@@ -1109,6 +1130,11 @@ ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
ldap_account_expire_policy
</para>
<para>
+ <emphasis>authorized_service</emphasis>: use
+ the authorizedService attribute to determine
+ access
+ </para>
+ <para>
Default: filter
</para>
<para>