diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 05:31:45 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 05:31:45 +0000 |
| commit | 74aa0bc6779af38018a03fd2cf4419fe85917904 (patch) | |
| tree | 9cb0681aac9a94a49c153d5823e7a55d1513d91f /src/man/sssd-simple.5.xml | |
| parent | Initial commit. (diff) | |
| download | sssd-74aa0bc6779af38018a03fd2cf4419fe85917904.tar.xz sssd-74aa0bc6779af38018a03fd2cf4419fe85917904.zip | |
Adding upstream version 2.9.4.upstream/2.9.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/man/sssd-simple.5.xml')
| -rw-r--r-- | src/man/sssd-simple.5.xml | 164 |
1 files changed, 164 insertions, 0 deletions
diff --git a/src/man/sssd-simple.5.xml b/src/man/sssd-simple.5.xml new file mode 100644 index 0000000..c7ac179 --- /dev/null +++ b/src/man/sssd-simple.5.xml @@ -0,0 +1,164 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" +"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> +<reference> +<title>SSSD Manual pages</title> +<refentry> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" /> + + <refmeta> + <refentrytitle>sssd-simple</refentrytitle> + <manvolnum>5</manvolnum> + <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo> + </refmeta> + + <refnamediv id='name'> + <refname>sssd-simple</refname> + <refpurpose>the configuration file for SSSD's 'simple' access-control + provider</refpurpose> + </refnamediv> + + <refsect1 id='description'> + <title>DESCRIPTION</title> + <para> + This manual page describes the configuration of the simple + access-control provider for + <citerefentry> + <refentrytitle>sssd</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry>. + For a detailed syntax reference, refer to the + <quote>FILE FORMAT</quote> section of the + <citerefentry> + <refentrytitle>sssd.conf</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> manual page. + </para> + <para> + The simple access provider grants or denies access based on an + access or deny list of user or group names. The following rules + apply: + <itemizedlist> + <listitem> + <para>If all lists are empty, access is granted</para> + </listitem> + <listitem> + <para> + If any list is provided, the order of evaluation is + allow,deny. This means that any matching deny rule + will supersede any matched allow rule. + </para> + </listitem> + <listitem> + <para> + If either or both "allow" lists are provided, all + users are denied unless they appear in the list. + </para> + </listitem> + <listitem> + <para> + If only "deny" lists are provided, all users are + granted access unless they appear in the list. + </para> + </listitem> + </itemizedlist> + </para> + </refsect1> + + <refsect1 id='configuration-options'> + <title>CONFIGURATION OPTIONS</title> + <para>Refer to the section <quote>DOMAIN SECTIONS</quote> of the + <citerefentry> + <refentrytitle>sssd.conf</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> manual page for details on the configuration of an + SSSD domain. + <variablelist> + <varlistentry> + <term>simple_allow_users (string)</term> + <listitem> + <para> + Comma separated list of users who are allowed to + log in. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>simple_deny_users (string)</term> + <listitem> + <para> + Comma separated list of users who are explicitly + denied access. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>simple_allow_groups (string)</term> + <listitem> + <para> + Comma separated list of groups that are allowed to + log in. This applies only to groups within this + SSSD domain. Local groups are not evaluated. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>simple_deny_groups (string)</term> + <listitem> + <para> + Comma separated list of groups that are explicitly + denied access. This applies only to groups within + this SSSD domain. Local groups are not evaluated. + </para> + </listitem> + </varlistentry> + </variablelist> + </para> + <para> + Specifying no values for any of the lists is equivalent + to skipping it entirely. Beware of this while generating + parameters for the simple provider using automated scripts. + </para> + <para> + Please note that it is an configuration error if both, + simple_allow_users and simple_deny_users, are defined. + </para> + </refsect1> + + <refsect1 id='example'> + <title>EXAMPLE</title> + <para> + The following example assumes that SSSD is correctly + configured and example.com is one of the domains in the + <replaceable>[sssd]</replaceable> section. This examples shows only + the simple access provider-specific options. + </para> + <para> +<programlisting> +[domain/example.com] +access_provider = simple +simple_allow_users = user1, user2 +</programlisting> + </para> + </refsect1> + + <refsect1 id='notes'> + <title>NOTES</title> + <para> + The complete group membership hierarchy is resolved + before the access check, thus even nested groups can be + included in the access lists. Please be aware that the + <quote>ldap_group_nesting_level</quote> option may impact the + results and should be set to a sufficient value. + (<citerefentry> + <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>) option. + </para> + </refsect1> + + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/seealso.xml" /> + +</refentry> +</reference> |