I accomplish this with the pam_access module and an appropriate access.conf file on my Red Hat flavored machines.



From: "Enrico Morelli" <morelli@cerm.unifi.it>
To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Sent: Wednesday, April 27, 2016 8:21:00 AM
Subject: [389-users] Login restrictions

Is it possible to restrict login only to to whom bound to a
determinated group?

I tried to use the following lines in sssd.conf but doesn't works:

access_provider = ldap
ldap_access_order = filter
ldap_access_filter = (gidNumber=900)

  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  Via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
  phone: +39 055 457 4269
  fax:   +39 055 457 4927
389-users mailing list


Patrick Landry
Director, UCSS
University of Louisiana at Lafayette