rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0098-MAN-Clarify-the-ldap_access_filter-option-further.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   b0333597cd050e257584476ed01caea9e6e90813
  2.   SOURCES
  3.   0098-MAN-Clarify-the-ldap_access_filter-option-further.patch
Blob History Raw
2fc102 
From af16267fc9d681fc4230fa82a9fe86de9491c8fd Mon Sep 17 00:00:00 2001
2fc102 
From: Jakub Hrozek <jhrozek@redhat.com>
2fc102 
Date: Mon, 24 Feb 2014 19:42:23 +0100
2fc102 
Subject: [PATCH 98/99] MAN: Clarify the ldap_access_filter option further
2fc102
2fc102 
https://fedorahosted.org/sssd/ticket/2235
2fc102
2fc102 
The memberof example was misleading and was making aministrators think
2fc102 
that the ldap_access_filter can resolve nested group memberships.
2fc102
2fc102 
Reviewed-by: Sumit Bose <sbose@redhat.com>
2fc102 
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
2fc102 
(cherry picked from commit 604d46e028ab62f83060fb88bdd3319a31aca2d1)
2fc102 
---
2fc102 
 src/man/sssd-ldap.5.xml | 9 +++++----
2fc102 
 1 file changed, 5 insertions(+), 4 deletions(-)
2fc102
2fc102 
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
2fc102 
index cc58544c38e8ffa779f0a1b22a69caaf3f193ce1..b271a2b7fa8b19ac3e4475bd8ca634b0414f5ea4 100644
2fc102 
--- a/src/man/sssd-ldap.5.xml
2fc102 
+++ b/src/man/sssd-ldap.5.xml
2fc102 
@@ -1775,19 +1775,20 @@
2fc102 
                             and this option is not set, it will result in all
2fc102 
                             users being denied access.
2fc102 
                             Use access_provider = permit to change this default
2fc102 
-                            behavior.
2fc102 
+                            behavior. Please note that this filter is applied on
2fc102 
+                            the LDAP user entry only.
2fc102 
                         </para>
2fc102 
                         <para>
2fc102 
                             Example:
2fc102 
                         </para>
2fc102 
                         <programlisting>
2fc102 
 access_provider = ldap
2fc102 
-ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com
2fc102 
+ldap_access_filter = (employeeType=admin)
2fc102 
                         </programlisting>
2fc102 
                         <para>
2fc102 
                             This example means that access to this host is
2fc102 
-                            restricted to members of the "allowedusers" group
2fc102 
-                            in ldap.
2fc102 
+                            restricted to users whose employeeType
2fc102 
+                            attribute is set to "admin".
2fc102 
                         </para>
2fc102 
                         <para>
2fc102 
                             Offline caching for this feature is limited to
2fc102 
--
2fc102 
1.8.5.3
2fc102

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation