It sounds like you may just want to modify the system so that when it
audits, it knows to parse sssd.conf for allowed_users and
allowed_groups. I am not sure of an easier way to do this.
On 05/26/2017 03:05 PM, Ali, Saqib wrote:
The reason we want to get a list of "allowed" users is for Auditing.
We have system that goes out and checks allowed users on a system and
cross-validates that against a central DB.
So we just need a way to get a list of users that would be allowed to
login given the *simple_allow_groups *config in sssd.conf file.
----
<https://twitter.com/secure_UX>
On Fri, May 26, 2017 at 12:00 PM, Striker Leggette
<[email protected] <mailto:[email protected]>> wrote:
What you may want to do is start limiting the search base for
users and groups if you want to limit visibility. I proposed an
RFE to make this easier in SSSD, but it is not something that has
much focus at this point.
On 05/26/2017 02:47 PM, Ali, Saqib wrote:
We are using SSSD for authentication using LDAP. And I filter the
user access using *simple_allow_groups* as follows:
|access_provider = simple simple_allow_groups = Computer Admins |
Is it possible to get a list of ONLY allowed users using *getent*?
There is an option enumeration, but this lists all users.
I am only interested in the allowed users.
_______________________________________________
sssd-users mailing list [email protected]
<mailto:[email protected]>
To unsubscribe send an email [email protected]
<mailto:[email protected]>
_______________________________________________
sssd-users mailing list -- [email protected]
<mailto:[email protected]>
To unsubscribe send an email to
[email protected]
<mailto:[email protected]>
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
