Hi, I've implemented sssd with id, auth and access provider as ldap. So I am using a binding account and didn't joined the domain with the server.
In general everything works. Only members of mentioned SG within the sssd.conf can login to the server, just as I wish to. However, as sudo user I can run something as following sudo su - UserThatIsNotAllowed So I (a sudo user) can switch to any user that is within the search base I've specified in the sssd.conf But these users are not allowed to use the server. I understand that not the user himself is logging in but I actually don't want sudo users to be able to switch to users that aren't allowed on the server. I'd like that it is only allowed to switch to users that are allowed on the server on local accounts of course. Is this a normal behaviour? Can it be changed? Thank you! Jannis
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
