From 74aa0bc6779af38018a03fd2cf4419fe85917904 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 07:31:45 +0200 Subject: Adding upstream version 2.9.4. Signed-off-by: Daniel Baumann --- src/man/sssd-simple.5.xml | 164 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 164 insertions(+) create mode 100644 src/man/sssd-simple.5.xml (limited to 'src/man/sssd-simple.5.xml') diff --git a/src/man/sssd-simple.5.xml b/src/man/sssd-simple.5.xml new file mode 100644 index 0000000..c7ac179 --- /dev/null +++ b/src/man/sssd-simple.5.xml @@ -0,0 +1,164 @@ + + + +SSSD Manual pages + + + + + sssd-simple + 5 + File Formats and Conventions + + + + sssd-simple + the configuration file for SSSD's 'simple' access-control + provider + + + + DESCRIPTION + + This manual page describes the configuration of the simple + access-control provider for + + sssd + 8 + . + For a detailed syntax reference, refer to the + FILE FORMAT section of the + + sssd.conf + 5 + manual page. + + + The simple access provider grants or denies access based on an + access or deny list of user or group names. The following rules + apply: + + + If all lists are empty, access is granted + + + + If any list is provided, the order of evaluation is + allow,deny. This means that any matching deny rule + will supersede any matched allow rule. + + + + + If either or both "allow" lists are provided, all + users are denied unless they appear in the list. + + + + + If only "deny" lists are provided, all users are + granted access unless they appear in the list. + + + + + + + + CONFIGURATION OPTIONS + Refer to the section DOMAIN SECTIONS of the + + sssd.conf + 5 + manual page for details on the configuration of an + SSSD domain. + + + simple_allow_users (string) + + + Comma separated list of users who are allowed to + log in. + + + + + + simple_deny_users (string) + + + Comma separated list of users who are explicitly + denied access. + + + + + simple_allow_groups (string) + + + Comma separated list of groups that are allowed to + log in. This applies only to groups within this + SSSD domain. Local groups are not evaluated. + + + + + + simple_deny_groups (string) + + + Comma separated list of groups that are explicitly + denied access. This applies only to groups within + this SSSD domain. Local groups are not evaluated. + + + + + + + Specifying no values for any of the lists is equivalent + to skipping it entirely. Beware of this while generating + parameters for the simple provider using automated scripts. + + + Please note that it is an configuration error if both, + simple_allow_users and simple_deny_users, are defined. + + + + + EXAMPLE + + The following example assumes that SSSD is correctly + configured and example.com is one of the domains in the + [sssd] section. This examples shows only + the simple access provider-specific options. + + + +[domain/example.com] +access_provider = simple +simple_allow_users = user1, user2 + + + + + + NOTES + + The complete group membership hierarchy is resolved + before the access check, thus even nested groups can be + included in the access lists. Please be aware that the + ldap_group_nesting_level option may impact the + results and should be set to a sufficient value. + ( + sssd-ldap5 + ) option. + + + + + + + -- cgit v1.2.3