On Tue, 2011-05-03 at 11:35 -0700, Ben Kevan wrote:
> My only issue now with the exception of the forced lowercase lookups > (SLES 11 does this by default for sAMAccount etc). Now I just need to > find out why id doesn't show that users are part of groups that are > posix compliant. > > https://fedorahosted.org/sssd/ticket/776 We are aware of the need for forcing lowercase lookups. It's on our TODO list. SSSD only shows users and groups that are BOTH POSIX compliant. Meaning that if you have a POSIX group that contains non-POSIX users, you won't see the non-POSIX users. We also have an issue where group nestings don't work properly if groups in the middle of the nest are non-POSIX, even if the users at the bottom of the nesting chain are. https://fedorahosted.org/sssd/ticket/833 > Also, does SSSD have a different implementation of determining who can > log into the system or not? Or should i continue utilizing > pam_listfile? SSSD has several options for managing access-control. The one closest to pam_listfile would be the 'simple' access provider. You would set: access_provider = simple in your /etc/sssd/sssd.conf in the [domain/default] section. Then read the sssd-simple(5) manpage for information on the simple_allow_users and simple_allow_groups options. We also have other access-control providers such as the 'ldap' access-control provider (access_provider = ldap) that you can use to base authentication against LDAP attributes such as 'authorizedService' or by an LDAP search. See sssd-ldap(5) for more details on the 'ldap_access_order' option.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
