I'm trying to set up sssd with access_provider = ldap. I'm having a little trouble getting the ldap_access_filter working the way I want to.
The way I want to do it is to create a Resource Group in AD that contains the Unix Team group and then whichever users need access to the system. So we'd have, say:
cn=Server1AccessGroup,ou=Groups,…. member: cn=Unix Team,ou=Groups,… member: cn=User A,… member: cn=User B,…
Is there a way to craft the ldap_access_filter based on the above such that the members of Unix Team and then the two users will be allowed access?
As an ancillary question to this, I'd like some clarification of how ldap_access_filter works exactly. Is it simply that the user's DN who is trying to login needs to match a result of the query specified in the access filter line?
Thanks!
-- Greg Wojtak Senior Unix Systems Engineer Office: (313) 373-4306 Mobile: (734) 718-8472
sssd-users@lists.fedorahosted.org