On Thu, Oct 20, 2016 at 11:14:10AM -0000, Aleksey Maksimov wrote:
Hello SSSD guru`s!
Is there anyone have such experience? There may be some recommendations or instructions?
With the use of mod_authnz_pam
https://www.adelton.com/apache/mod_authnz_pam/
and Require pam-account pam_service_name, with PAM service configured to use pam_sss.so, you get SSSD invoked for authorization.
You can then configure SSSD any way it suits your environment -- use GPOs, or potentially HBAC if you have trust setup with IPA server.
More information about this setup (though not talking about AD specifically) can be found at
https://www.freeipa.org/page/Web_App_Authentication
Hope this helps,