Hello,
I've been using sssd for quite a while now without issue, but today I'm having that problem
My IDP is Active Directory, I'm having a "user1" member of a "group1", and that "group1" is member of multiple groups, on of them is called "access_server1"
I'm trying to apply ad_access_filter with nested group, and therefore require to recurse the groups
I have tried:
ad_access_filter = memberOf=cn=access_server1,cn=Users,dc=glop,dc=com but it does not work because of this https://confluence.atlassian.com/crowdkb/active-directory-user-filter-does-n...
Then I tried to apply what is in this article and my LDAP filter is:
ad_access_filter = (memberOf:1.2.840.113556.1.4.1941:=cn=access_server1 ,cn=Users,dc=glop,dc=com) But it still does not work
I got this beautiful error message in the sssd log file
(Tue May 19 00:07:55 2020) [sssd[be[glop.com]]] [parse_filter] (0x0020): Keyword in filter [(memberOf:1.2.840.113556.1.4.1941:=CN=access_server1,CN=Users,DC=glop,DC=com)] *did not match expected format* (Tue May 19 00:07:55 2020) [sssd[be[glop.com]]] [ad_parse_access_filter] (0x0080): Access filter [(memberOf:1.2.840.113556.1.4.1941:=CN=access_server1,CN=Users,DC=glop,DC=com)] *could not be parsed, skipping* (Tue May 19 00:07:55 2020) [sssd[be[glop.com]]] [sdap_access_send] (0x0400): Performing access check for user [user1@glop.com]
Thanks for your help
sssd-users@lists.fedorahosted.org