We are currently using legacy ldap, with access.conf to control login rights.
With RHEL7, I'm planning to implement sssd, and I've been successful, minus the netgroup filter. #simple_allow_netgroup = rhel7satellite6_machine #ldap_access_filter = memberOf=cn=rhel7satellite6_machine,ou=Machines,ou=Netgroups,dc=ds,dc=west,dc=com ldap_access_filter = (&(objectclass=nisnetgroup)(cn=rhel7satellite6_machine,ou=Machines,ou=Netgroups,dc=ds,dc=west,dc=com)) #ldap_uri = ldaps://den06ds03.ds.west.com,ldaps://den06ds02.ds.west.com,ldaps://oma00ds01.ds.west.com Based on everything I've read, the only way to filter on a netgroup of users is to use the "memberof" plugin. I was hoping to learn from someone with more experience in this area if this is indeed the only way to solve this, or if there might be some way to configure the filter that will work this manner without modifying the directory schema.
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
