|
 |
905b4d |
From ad51468ac53ff073efeaf28733b596004433721d Mon Sep 17 00:00:00 2001
|
|
|
905b4d |
From: Dan Lavu <dlavu@redhat.com>
|
|
|
905b4d |
Date: Mon, 13 Oct 2014 15:06:53 -0400
|
|
|
905b4d |
Subject: [PATCH 19/22] MAN PAGE: modified sssd-ldap.5.xml for sssd ticket
|
|
|
905b4d |
#2451
|
|
|
905b4d |
|
|
|
905b4d |
https://fedorahosted.org/sssd/ticket/2451
|
|
|
905b4d |
|
|
|
905b4d |
Added a configuration example at the bottom for
|
|
|
905b4d |
'ldap_access_order = lockout'. Also added a line
|
|
|
905b4d |
to note that 'ldap_access_provider = ldap' must
|
|
|
905b4d |
be specified for this feature to work.
|
|
|
905b4d |
|
|
|
905b4d |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
905b4d |
---
|
|
|
905b4d |
src/man/sssd-ldap.5.xml | 26 +++++++++++++++++++++++++-
|
|
|
905b4d |
1 file changed, 25 insertions(+), 1 deletion(-)
|
|
|
905b4d |
|
|
|
905b4d |
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
|
|
|
905b4d |
index a21ffc12986c4af10f4c0a5950eb43b88dac9d47..9a9410b415a7419ee303aea6ec2f9f3d41509647 100644
|
|
|
905b4d |
--- a/src/man/sssd-ldap.5.xml
|
|
|
905b4d |
+++ b/src/man/sssd-ldap.5.xml
|
|
|
905b4d |
@@ -1449,7 +1449,7 @@
|
|
|
905b4d |
<listitem>
|
|
|
905b4d |
<para>
|
|
|
905b4d |
Specifies acceptable cipher suites. Typically this
|
|
|
905b4d |
- is a colon sperated list. See
|
|
|
905b4d |
+ is a colon sperated list. See
|
|
|
905b4d |
<citerefentry><refentrytitle>ldap.conf</refentrytitle>
|
|
|
905b4d |
<manvolnum>5</manvolnum></citerefentry> for format.
|
|
|
905b4d |
</para>
|
|
|
905b4d |
@@ -1922,6 +1922,9 @@ ldap_access_filter = (employeeType=admin)
|
|
|
905b4d |
attribute 'pwdAccountLockedTime' is present and has
|
|
|
905b4d |
value of '000001010000Z'. Please see the option
|
|
|
905b4d |
ldap_pwdlockout_dn.
|
|
|
905b4d |
+
|
|
|
905b4d |
+ Please note that 'access_provider = ldap' must
|
|
|
905b4d |
+ be set for this feature to work.
|
|
|
905b4d |
</para>
|
|
|
905b4d |
<para>
|
|
|
905b4d |
<emphasis>expire</emphasis>: use
|
|
|
905b4d |
@@ -2491,6 +2494,27 @@ ldap_access_filter = (employeeType=admin)
|
|
|
905b4d |
</programlisting>
|
|
|
905b4d |
</para>
|
|
|
905b4d |
</refsect1>
|
|
|
905b4d |
+ <refsect1 id='ldap_access_filter_example'>
|
|
|
905b4d |
+ <title>LDAP ACCESS FILTER EXAMPLE</title>
|
|
|
905b4d |
+ <para>
|
|
|
905b4d |
+ The following example assumes that SSSD is correctly
|
|
|
905b4d |
+ configured and to use the ldap_access_order=lockout.
|
|
|
905b4d |
+ </para>
|
|
|
905b4d |
+ <para>
|
|
|
905b4d |
+<programlisting>
|
|
|
905b4d |
+ [domain/LDAP]
|
|
|
905b4d |
+ id_provider = ldap
|
|
|
905b4d |
+ auth_provider = ldap
|
|
|
905b4d |
+ access_provider = ldap
|
|
|
905b4d |
+ ldap_access_order = lockout
|
|
|
905b4d |
+ ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org
|
|
|
905b4d |
+ ldap_uri = ldap://ldap.mydomain.org
|
|
|
905b4d |
+ ldap_search_base = dc=mydomain,dc=org
|
|
|
905b4d |
+ ldap_tls_reqcert = demand
|
|
|
905b4d |
+ cache_credentials = true
|
|
|
905b4d |
+</programlisting>
|
|
|
905b4d |
+ </para>
|
|
|
905b4d |
+ </refsect1>
|
|
|
905b4d |
|
|
|
905b4d |
<refsect1 id='notes'>
|
|
|
905b4d |
<title>NOTES</title>
|
|
|
905b4d |
--
|
|
|
905b4d |
1.9.3
|
|
|
905b4d |
|