Hi all,
For simple access provider, is there a way to configure it to deny every user from the domain(LDAP) by using some combinations of simple_allow_* and simple_deny_* ?
I'm developing a base sssd configuration for the users to modify, right now the default is: simple_allow_group = (empty string here)
This will allow everyone to login, but I want to keep the default config to deny every user from LDAP considering security.
Thanks, Aaron
On 12/02/2015 12:57 AM, aaron wang wrote:
Hi all,
For simple access provider, is there a way to configure it to deny every user from the domain(LDAP) by using some combinations of simple_allow_* and simple_deny_* ?
I'm developing a base sssd configuration for the users to modify, right now the default is: simple_allow_group = (empty string here)
This will allow everyone to login, but I want to keep the default config to deny every user from LDAP considering security.
Thanks, Aaron
Hello, I'm not sure I understand but aren't you looking rather for access_provider = deny ? See man sssd.conf for details.
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
On Wed, Dec 02, 2015 at 09:05:26AM +0100, Pavel Reichl wrote:
On 12/02/2015 12:57 AM, aaron wang wrote:
Hi all,
For simple access provider, is there a way to configure it to deny every user from the domain(LDAP) by using some combinations of simple_allow_* and simple_deny_* ?
I'm developing a base sssd configuration for the users to modify, right now the default is: simple_allow_group = (empty string here)
This will allow everyone to login, but I want to keep the default config to deny every user from LDAP considering security.
Thanks, Aaron
Hello, I'm not sure I understand but aren't you looking rather for access_provider = deny ? See man sssd.conf for details.
Yes, alternatively, if you want to keep the simple access provider and later programmatically add users/groups to allow, you can try this trick: simple_allow_group = ,
(That's what realmd uses, IIRC)
sssd-users@lists.fedorahosted.org