From 35480afaefafb77b28d35b29039989ab888aafe9 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Thu, 6 May 2010 10:09:41 -0400 Subject: Add ldap_access_filter option This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com --- src/providers/ldap/sdap_access.h | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 src/providers/ldap/sdap_access.h (limited to 'src/providers/ldap/sdap_access.h') diff --git a/src/providers/ldap/sdap_access.h b/src/providers/ldap/sdap_access.h new file mode 100644 index 00000000..5dbe8646 --- /dev/null +++ b/src/providers/ldap/sdap_access.h @@ -0,0 +1,39 @@ +/* + SSSD + + sdap_access.h + + Authors: + Stephen Gallagher + + Copyright (C) 2010 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef SDAP_ACCESS_H_ +#define SDAP_ACCESS_H_ + +#include "providers/dp_backend.h" + +#define SYSDB_LDAP_ACCESS "ldap_access_allow" + +struct sdap_access_ctx { + struct sdap_id_ctx *id_ctx; + const char *filter; +}; + +void ldap_pam_access_handler(struct be_req *breq); + +#endif /* SDAP_ACCESS_H_ */ -- cgit