Hey All,
If I want sssd to lookup if I belong in any groups or nested groups based on a string ( wildcard) in a group, what be my best options?
I would like to keep the ad_access_filter to a minimum and grant access if a user is part of a subgroup.
If user is in B and B is in A, allow access as long as A appears on the filter list for example.
Cheers, Tom
Sent from my iPhone
On Wed, Jul 04, 2018 at 05:26:59PM -0400, Tom wrote:
Hey All,
If I want sssd to lookup if I belong in any groups or nested groups based on a string ( wildcard) in a group, what be my best options?
I would like to keep the ad_access_filter to a minimum and grant access if a user is part of a subgroup.
If user is in B and B is in A, allow access as long as A appears on the filter list for example.
Assuming you are using AD maybe the special AD LDAP extension with the OID 1.2.840.113556.1.4.1941 is what you are looking for, see the ad_access_filter option in man sssd-ad and https://msdn.microsoft.com/en-us/library/cc223367.aspx for details.
HTH
bye, Sumit
Cheers, Tom
Sent from my iPhone _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted....
Ty
Sent from my iPhone
On Jul 5, 2018, at 3:25 AM, Sumit Bose sbose@redhat.com wrote:
On Wed, Jul 04, 2018 at 05:26:59PM -0400, Tom wrote: Hey All,
If I want sssd to lookup if I belong in any groups or nested groups based on a string ( wildcard) in a group, what be my best options?
I would like to keep the ad_access_filter to a minimum and grant access if a user is part of a subgroup.
If user is in B and B is in A, allow access as long as A appears on the filter list for example.
Assuming you are using AD maybe the special AD LDAP extension with the OID 1.2.840.113556.1.4.1941 is what you are looking for, see the ad_access_filter option in man sssd-ad and https://msdn.microsoft.com/en-us/library/cc223367.aspx for details.
HTH
bye, Sumit
Cheers, Tom
Sent from my iPhone _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted....
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted....
sssd-users@lists.fedorahosted.org