From 35480afaefafb77b28d35b29039989ab888aafe9 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 6 May 2010 10:09:41 -0400
Subject: Add ldap_access_filter option

This option (applicable to access_provider=ldap) allows the admin
to set an additional LDAP search filter that must match in order
for a user to be granted access to the system.

Common examples for this would be limiting access to users by in a
particular group, for example:
ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
---
 src/providers/ldap/sdap.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/providers/ldap/sdap.h')

diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 917e6010..d698b55b 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -152,6 +152,7 @@ enum sdap_basic_opt {
     SDAP_ACCOUNT_CACHE_EXPIRATION,
     SDAP_DNS_SERVICE_NAME,
     SDAP_KRB5_TICKET_LIFETIME,
+    SDAP_ACCESS_FILTER,
 
     SDAP_OPTS_BASIC /* opts counter */
 };
-- 
cgit