Ty Sent from my iPhone
> On Jul 5, 2018, at 3:25 AM, Sumit Bose <[email protected]> wrote: > >> On Wed, Jul 04, 2018 at 05:26:59PM -0400, Tom wrote: >> Hey All, >> >> If I want sssd to lookup if I belong in any groups or nested groups based on >> a string ( wildcard) in a group, what be my best options? >> >> I would like to keep the ad_access_filter to a minimum and grant access if a >> user is part of a subgroup. >> >> If user is in B and B is in A, allow access as long as A appears on the >> filter list for example. > > Assuming you are using AD maybe the special AD LDAP extension with the > OID 1.2.840.113556.1.4.1941 is what you are looking for, see the > ad_access_filter option in man sssd-ad and > https://msdn.microsoft.com/en-us/library/cc223367.aspx for details. > > HTH > > bye, > Sumit > >> >> Cheers, >> Tom >> >> Sent from my iPhone >> _______________________________________________ >> sssd-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedoraproject.org/archives/list/[email protected]/message/633P4FU2JYLIAGKB4K3XOJPL4RDXZW3U/ > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected]/message/JODPG7CNVV7DG327SXZ6TPB2LLSHIUGS/ _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]/message/5WEFC2IPCHE25SVCZWLHKLTZQBVYCZAB/
