Hi,
I need this because users use a SSH Gateway to authenticate to Linux
machines across more than 20 domains and so its a bit a pain of
maintaining all the domains configuration in the sssd.conf
So having a domain section that just match the domain the user
authenticate with could make much more easier and more portable as well
as easy automated config deployment
At this point you just need to make sure your LDAP search path as the
same structure across all domains as well as the binding users... and
static config etc...
Beside that, you can dynamically define the ldap server if you have a
decent DNS Forwarder setup and use the regex matches to craft the ldap
base path
example: ldaps://domain.internal will resolve the AD servers dynamically
from the DNSFW so you don't even need to know the AD servers name and
this means you don't have to edit / maintain the sssd config every time
an AD is added somewhere or decommissioned but you still have repeat the
domain section in the config file for all domains which make the config
file a bit dirt went you have multiples domains.
So i think it would be very interesting if we could use the matches from
the regex re_expression as internal variables in the config file.
I though that this was possible already.
Thank you
Nerigal
On 2019-06-03 03:36, Jakub Hrozek wrote:
> On Fri, May 31, 2019 at 10:10:12AM -0400, Nerigal wrote:
>
>> Hi,
>>
>> Is it possible to make the domain section match the domain used by the
>> user to authenticate using the re_expression =
>> (?P<name>[^@]+)@?(?P<domain>[^@]*$)
>>
>> So the domain section would look like
>>
>> [domain/$domain]
>>
>> ...
>
> I don't think so, why do you need this? The domains need to be hardcoded
> anyway..
> _______________________________________________
> sssd-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
