On Wed, Jul 04, 2018 at 05:26:59PM -0400, Tom wrote: > Hey All, > > If I want sssd to lookup if I belong in any groups or nested groups based on > a string ( wildcard) in a group, what be my best options? > > I would like to keep the ad_access_filter to a minimum and grant access if a > user is part of a subgroup. > > If user is in B and B is in A, allow access as long as A appears on the > filter list for example.
Assuming you are using AD maybe the special AD LDAP extension with the OID 1.2.840.113556.1.4.1941 is what you are looking for, see the ad_access_filter option in man sssd-ad and https://msdn.microsoft.com/en-us/library/cc223367.aspx for details. HTH bye, Sumit > > Cheers, > Tom > > Sent from my iPhone > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected]/message/633P4FU2JYLIAGKB4K3XOJPL4RDXZW3U/ _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]/message/JODPG7CNVV7DG327SXZ6TPB2LLSHIUGS/
