On (27/05/17 04:29), Ali, Saqib wrote: >Hi Lukas, > >We don't have freeipa. Is it possible to do host based access control using >just ldap and sssd? > HBAC is implemented only with access_provider ipa. GPO is implemented only with access_provider ad.
It is not possible to use them with plain ldap. You might try use pam_hbac https://github.com/jhrozek/pam_hbac But it would still require "porting" ldap schema from freeIPA to your directory server. Maybe it would be simpler to migrate from LDAP -> freeIPA. I gave you few options and it is up to you to use the best approach. Maybe it would be the simplest to write your own python script which will parse sssd.conf and expand groups to list of users :-) LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
