From 1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 9 Dec 2010 10:14:04 -0500
Subject: Add group support to the simple access provider

This patch adds simple_allow_groups and simple_deny_groups options
to the simple access provider. It makes it possible to grant or
deny access based on a user's group memberships within the domain.

This patch makes one minor change to previous functionality: now
all deny rules will supersede allow rules. Previously, if both
simple_allow_users and simple_deny_users were set with the same
value, the allow would win.

https://fedorahosted.org/sssd/ticket/440
---
 src/config/etc/sssd.api.d/sssd-simple.conf | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/config/etc/sssd.api.d/sssd-simple.conf')

diff --git a/src/config/etc/sssd.api.d/sssd-simple.conf b/src/config/etc/sssd.api.d/sssd-simple.conf
index 13fbeb9e..e14ea45d 100644
--- a/src/config/etc/sssd.api.d/sssd-simple.conf
+++ b/src/config/etc/sssd.api.d/sssd-simple.conf
@@ -3,3 +3,5 @@
 [provider/simple/access]
 simple_allow_users = str, None, false
 simple_deny_users = str, None, false
+simple_allow_groups = str, None, false
+simple_deny_groups = str, None, false
-- 
cgit