From d492b570f93108c65088462fea7a6a87d091f953 Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun, 23 Jan 2011 20:59:42 +0000
Subject: name pam_check_service_attr and pam_check_host_attr options in manual
 page and indicate how pam_authz_search replaces them

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1366 ef36b2f9-881f-0410-afb5-c4e39611909c
---
 man/nslcd.conf.5.xml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
index 0d901aa..7af8a10 100644
--- a/man/nslcd.conf.5.xml
+++ b/man/nslcd.conf.5.xml
@@ -691,10 +691,14 @@
        expressions below.
       </para>
       <para>
-       For example, to check that the user has a proper authorizedService
-       value if the attribute is present:
-       <literal>(&amp;(objectClass=posixAccount)(uid=$username)
-       (|(authorizedService=$service)(!(authorizedService=*))))</literal>
+       For example, to check that the user has a proper <literal>authorizedService</literal>
+       value if the attribute is present (this emulates the
+       <option>pam_check_service_attr</option> option in PADL's pam_ldap):
+       <literallayout><literal>(&amp;(objectClass=posixAccount)(uid=$username)(|(authorizedService=$service)(!(authorizedService=*))))</literal></literallayout>
+      </para>
+      <para>
+       The <option>pam_check_host_attr</option> option can be emulated with:
+       <literallayout><literal>(&amp;(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(!(host=*))))</literal></literallayout>
       </para>
       <para>
        The default behaviour is not to do this extra search and always
-- 
cgit v1.2.3