On Thu, Jun 13, 2013 at 01:03:05PM +0200, Joke de Buhr wrote:
hi,
i'm using sssd (1.9.4 fedora 18).
i was wondering if sssd supports any kind of pattern in the ldap_access_filter directive to check access based on the pam service name being accessed.
for example:
ldap_access_filter memberOf=cn=$service,ou=services,...
i would like to check group membership rather than using an attribute like authorizedService.
nss-pam-ldapd [1] supports this kind of pattern expansion for example
[1] http://arthurdejong.org/nss-pam-ldapd/nslcd.conf.5
regards joke de buhr
Hi,
Currently it does not, feel free to file an upstream RFE at https://fedorahosted.org/sssd/newticket (requires a Fedora Account System login, you can get one at https://admin.fedoraproject.org/accounts/)