From ad51468ac53ff073efeaf28733b596004433721d Mon Sep 17 00:00:00 2001 From: Dan Lavu Date: Mon, 13 Oct 2014 15:06:53 -0400 Subject: [PATCH 19/22] MAN PAGE: modified sssd-ldap.5.xml for sssd ticket #2451 https://fedorahosted.org/sssd/ticket/2451 Added a configuration example at the bottom for 'ldap_access_order = lockout'. Also added a line to note that 'ldap_access_provider = ldap' must be specified for this feature to work. Reviewed-by: Jakub Hrozek --- src/man/sssd-ldap.5.xml | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index a21ffc12986c4af10f4c0a5950eb43b88dac9d47..9a9410b415a7419ee303aea6ec2f9f3d41509647 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1449,7 +1449,7 @@ Specifies acceptable cipher suites. Typically this - is a colon sperated list. See + is a colon sperated list. See ldap.conf 5 for format. @@ -1922,6 +1922,9 @@ ldap_access_filter = (employeeType=admin) attribute 'pwdAccountLockedTime' is present and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. + + Please note that 'access_provider = ldap' must + be set for this feature to work. expire: use @@ -2491,6 +2494,27 @@ ldap_access_filter = (employeeType=admin) + + LDAP ACCESS FILTER EXAMPLE + + The following example assumes that SSSD is correctly + configured and to use the ldap_access_order=lockout. + + + + [domain/LDAP] + id_provider = ldap + auth_provider = ldap + access_provider = ldap + ldap_access_order = lockout + ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org + ldap_uri = ldap://ldap.mydomain.org + ldap_search_base = dc=mydomain,dc=org + ldap_tls_reqcert = demand + cache_credentials = true + + + NOTES -- 1.9.3