[SSSD-users] Re: ad_access_filter and splitting group listing with backslash

[Michal Židek]

On 09/27/2018 10:55 PM, Tom wrote:

FYI tested this and though it doesn’t work for ad_access_filter it does for the 
ldap_access_filter .   Any reason why one works but not the other?

Hi,

I would like to see logs in this case in order to
undrestand where the issue may be.

If the sssd does not even start and logs show that the option
could not be parsed then it could be an issue in libini.

If it fails later then maybe we handle the multiline option
badly in SSSD.

Also I am not sure what 'doesn't work' in this context means. Is
the filter not effective or is SSSD failing to start/do some
operation?

Thanks,
Michal

Cheers,
Tom

Sent from my iPhone

On Sep 26, 2018, at 12:11 AM, TomK <tomk...@mdevsys.com> wrote:

Hey All,

Given this example below which spans the entire line:

ad_access_filter = (|(memberOf=CN=group-of 
-admins,OU=XYZ,DC=blah,DC=blah,DC=blah)(memberOf=CN=group-of 
-managers,OU=XYZ,DC=blah,DC=blah,DC=blah)(memberOf=CN=group-of 
-minions,OU=XYZ,DC=blah,DC=blah,DC=blah)(memberOf=CN=group-of 
-analysts,OU=XYZ,DC=blah,DC=blah,DC=blah)(memberOf=CN=group-of 
-limited,OU=XYZ,DC=blah,DC=blah,DC=blah)(memberOf=CN=group-of 
-viewers,OU=XYZ,DC=blah,DC=blah,DC=blah))

Has anyone tried to use a backslash to split the line like this?

ad_access_filter = (| \
(memberOf=CN=group-of-admins,OU=XYZ,DC=blah,DC=blah,DC=blah) \
(memberOf=CN=group-of-managers,OU=XYZ,DC=blah,DC=blah,DC=blah) \
(memberOf=CN=group-of-minions,OU=XYZ,DC=blah,DC=blah,DC=blah) \
(memberOf=CN=group-of-analysts,OU=XYZ,DC=blah,DC=blah,DC=blah) \
(memberOf=CN=group-of-limited,OU=XYZ,DC=blah,DC=blah,DC=blah) \
(memberOf=CN=group-of-viewers,OU=XYZ,DC=blah,DC=blah,DC=blah))

Or would the backslashes get interpreted when SSSD reads the file?

--
Cheers,
Tom K.
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org