From 1e7ead0d6097e38606d1e3e62223cf14432f0c01 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 20 Sep 2010 13:09:02 -0400
Subject: [PATCH] Add an example for creating an HBAC service and service group.

Try to tie in the hbacsvc and hbacsvcgroup plugins better through an
example.

ticket 159
---
 ipalib/plugins/hbac.py |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/ipalib/plugins/hbac.py b/ipalib/plugins/hbac.py
index b336f6a..00743ae 100644
--- a/ipalib/plugins/hbac.py
+++ b/ipalib/plugins/hbac.py
@@ -59,6 +59,15 @@ EXAMPLES:
    ipa hbac-add-user --users=john john_sshd
    ipa hbac-add-service --hbacsvcs=sshd john_sshd
 
+ Create a rule for a new service group. This lets the user john access
+ the any FTP service on any machine from any machine:
+   ipa hbacsvcgroup-add ftpers
+   ipa hbacsvc-add sftp
+   ipa hbacsvcgroup-add-member --hbacsvcs=ftp,sftp ftpers
+   ipa hbac-add --type=allow --hostcat=all --srchostcat=all john_ftp
+   ipa hbac-add-user --users=john john_ftp
+   ipa hbac-add-service --hbacsvcgroups=ftpers john_ftp
+
  Disable a named HBAC rule:
    ipa hbac-disable test1
 
-- 
1.7.2.1