SSSD experts - Is it possible to simplify ldap searches like the one below to specify the group name without it's full path: ``` ldap_user_search_base="DC=example,DC=internal?subtree?(|(memberOf=CN=project-users,OU=2,OU=1,DC=example,DC=internal)(memberOf=CN=project-admins,OU=2,OU=1,DC=example,DC=internal)) ```
Doing so would simplify configurations and prevent issues when objects are moved within the directory: *p.s. for access_provider, the following has worked to simplify part of our config. Likely means less load on LDAP. I'm assuming it's safe.* ```` id_provider=ldap access_provider=simple simple_allow_groups=group1, group2 ``` -- Sean Roberts
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
