> Hi Stephen, > > We are using sssd to authenticate against AD with using Kerberos and LDAP. > The idea is to filter users who are allowed to login based on a LDAP > filter. In the AD there are computer objects created with the same name as > the hostname of the Linux client. > > The filter must be something like is; > If the computer object is a member of the group where the user is memberOf > then allow the user to login. > > So what we want is to authenticate linux clients based on computer objects > in the AD. (We are not using winbind) > > When using the ldap_access_filter it's not possible to create a LDAP query > neither with the ldap_group_search_filter. > > Is it possible with sssd to meet our requirements? > > The following ldapsearch gives the right output; > ldapsearch -h test.local -s sub -x -b ",ou=Groups,dc=test,dc=local" > "(&(member=cn=`hostname`,cn=Computers,dc=test,dc=local))" > > Thanx and Regards > > Thomas Jagt
IIRC nothing like this is possible at the moment. The only similar thing I can think of is using 'host' attribute on user object. Jan
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
