Hello,
I was attempting to utilise the AD provider for access control, however I cannot make it work with members of nested groups. i.e. when using the LDAP_MATCHING_RULE_IN_CHAIN.
This functions:
access_provider = ldap ldap_sasl_authid = SERVER$@DOMAIN ldap_access_filter = (memberOf:1.2.840.113556.1.4.1941:=CN=ServerGroup,OU=Groups,DC=DOMAIN)
This doesn’t:
access_provider = ad ad_access_filter = (memberOf:1.2.840.113556.1.4.1941:=CN=ServerGroup,OU=Groups,DC=DOMAIN)
Have I missed anything?
It would also be useful if it is possible to allow local users access alongside the remote users. e.g. allow both “domain_account” and “local_account” access. Is that possible?
Thanks Mark
------------------------------------------------------------------------ Mark Sangster Server Infrastructure Specialist
Information Technology Services | University of Aberdeen t: +44 (0)1224 27-3315 | e: mailto:mark@abdn.ac.uk | u: http://www.abdn.ac.uk/it/
The University of Aberdeen is a charity registered in Scotland, No SC013683. Tha Oilthigh Obar Dheathain na charthannas clàraichte ann an Alba, Àir. SC013683.
sssd-users@lists.fedorahosted.org