On Tue, Jul 29, 2014 at 01:53:17PM +0000, Sterling Sahaydak wrote: > Hi Jakub, > > I'm not sure if simple access is what I need. > > I have setup in LDAP: > > cn=allowedusers, ou=Groups > - using attribute: memberUid - and adding the users uid here.
OK > > ou=Employees, ou=People > - in Employees have users with objectClass: inetOrgPerson, posixAccount OK > > ou=sudoers > - here have objectClass: sudoRole and creating cn= <username from Employees> > and sudoUser = <username> sudo has nothing to do with access control. > > and also have a LDAP Proxy to Active Directory: > (*Note: for now, I'm commenting this section out and not connecting, but > need to consider this to activate later) > - using this setup in slapd.conf: > database ldap > suffix "ou=Users,ou=adgroup,dc=ad,dc=something,dc=net" > uri ldap://ad1.something.net/ > rebind-as-user > idassert-bind bindmethod=simple > binddn="cn=bindingacctname,ou=users,ou=adgroup,dc=ad,dc=something,dc=net" > credentials="<password>" > mode=none > idassert-authzFrom "*" > chase-referrals yes > subordinate > > So, not sure if simple binding would be correct thing to do??? Again, not directly connected to access control. When you configured sssd.conf with the access_provider, what exactly were you trying to achieve? What are the expectations on who should be able to log in to the machine? _______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
