there has to be better way than that :) ---- <https://twitter.com/secure_UX>
On Fri, May 26, 2017 at 12:09 PM, Striker Leggette <[email protected]> wrote: > It sounds like you may just want to modify the system so that when it > audits, it knows to parse sssd.conf for allowed_users and allowed_groups. > I am not sure of an easier way to do this. > > On 05/26/2017 03:05 PM, Ali, Saqib wrote: > > The reason we want to get a list of "allowed" users is for Auditing. We > have system that goes out and checks allowed users on a system and > cross-validates that against a central DB. > > So we just need a way to get a list of users that would be allowed to > login given the *simple_allow_groups *config in sssd.conf file. > > > > ---- > <https://twitter.com/secure_UX> > > > On Fri, May 26, 2017 at 12:00 PM, Striker Leggette < > [email protected]> wrote: > >> What you may want to do is start limiting the search base for users and >> groups if you want to limit visibility. I proposed an RFE to make this >> easier in SSSD, but it is not something that has much focus at this point. >> >> On 05/26/2017 02:47 PM, Ali, Saqib wrote: >> >> We are using SSSD for authentication using LDAP. And I filter the user >> access using *simple_allow_groups* as follows: >> >> access_provider = simple >> simple_allow_groups = Computer Admins >> >> Is it possible to get a list of ONLY allowed users using *getent*? >> >> There is an option enumeration, but this lists all users. >> >> I am only interested in the allowed users. >> >> >> _______________________________________________ >> sssd-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> >> >> >> _______________________________________________ >> sssd-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> >> > >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
