URL: https://github.com/SSSD/sssd/pull/60 Author: taupehat Title: #60: Document ad_access_filter search for nested groups Action: opened
PR body: """ Short doc fix and example to demonstrate how to ensure ad_access_filter includes nested group membership. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/60/head:pr60 git checkout pr60
From 1c1a849a72ef0dd8778b009e9964fe2b0c8beaa6 Mon Sep 17 00:00:00 2001 From: taupehat <[email protected]> Date: Wed, 19 Oct 2016 09:42:34 -0700 Subject: [PATCH] ad_access_filter search for nested groups Includes instructions and example --- src/man/sssd-ad.5.xml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 8a2f4ad..b52cae0 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -235,6 +235,12 @@ ad_enabled_domains = sales.example.com, eng.example.com <quote>?</quote> character, similarly to how search bases work. </para> + <para> + Nested group membership must be searched for using + a special OID <quote>:1.2.840.113556.1.4.1941:</quote>. + If you do not use this OID then nested group membership + will not be resolved. See example below. + </para> <para> The most specific match is always used. For example, if the option specified filter @@ -255,6 +261,9 @@ DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com) # apply filter on forest called EXAMPLE.COM only: FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) + +# apply filter for a member of a nested group in dom1: +DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com) </programlisting> <para> Default: Not set
_______________________________________________ sssd-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
