dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Files

  1.   905b4de0e68274ed1d28be199df37121524b2919
  2.   SOURCES
  3.   0019-MAN-PAGE-modified-sssd-ldap.5.xml-for-sssd-ticket-24.patch
Blob Blame History Raw 
From ad51468ac53ff073efeaf28733b596004433721d Mon Sep 17 00:00:00 2001
From: Dan Lavu <dlavu@redhat.com>
Date: Mon, 13 Oct 2014 15:06:53 -0400
Subject: [PATCH 19/22] MAN PAGE: modified sssd-ldap.5.xml for sssd ticket
 #2451

https://fedorahosted.org/sssd/ticket/2451

Added a configuration example at the bottom for
'ldap_access_order = lockout'. Also added a line
to note that 'ldap_access_provider = ldap' must
be specified for this feature to work.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/man/sssd-ldap.5.xml | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index a21ffc12986c4af10f4c0a5950eb43b88dac9d47..9a9410b415a7419ee303aea6ec2f9f3d41509647 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -1449,7 +1449,7 @@
                     <listitem>
                         <para>
                             Specifies acceptable cipher suites.  Typically this
-                            is a colon sperated list.  See 
+                            is a colon sperated list.  See
                             <citerefentry><refentrytitle>ldap.conf</refentrytitle>
                             <manvolnum>5</manvolnum></citerefentry> for format.
                         </para>
@@ -1922,6 +1922,9 @@ ldap_access_filter = (employeeType=admin)
                             attribute 'pwdAccountLockedTime' is present and has
                             value of '000001010000Z'. Please see the option
                             ldap_pwdlockout_dn.
+
+                            Please note that 'access_provider = ldap' must
+                            be set for this feature to work.
                         </para>
                         <para>
                             <emphasis>expire</emphasis>: use
@@ -2491,6 +2494,27 @@ ldap_access_filter = (employeeType=admin)
 </programlisting>
         </para>
     </refsect1>
+    <refsect1 id='ldap_access_filter_example'>
+        <title>LDAP ACCESS FILTER EXAMPLE</title>
+        <para>
+            The following example assumes that SSSD is correctly
+            configured and to use the ldap_access_order=lockout.
+        </para>
+        <para>
+<programlisting>
+    [domain/LDAP]
+    id_provider = ldap
+    auth_provider = ldap
+    access_provider = ldap
+    ldap_access_order = lockout
+    ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org
+    ldap_uri = ldap://ldap.mydomain.org
+    ldap_search_base = dc=mydomain,dc=org
+    ldap_tls_reqcert = demand
+    cache_credentials = true
+</programlisting>
+        </para>
+    </refsect1>
 
     <refsect1 id='notes'>
         <title>NOTES</title>
-- 
1.9.3

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation