Greetings, My company restricts which AD entities have access to a Domain User's MemberOf attribute. This is done precisely as described by this institution here: https://itconnect.uw.edu/wares/msinf/design/arch/group-member-privacy/
Self can read own MemberOf. We've never seen an impact on Windows clients. However for SSSD the effect is obvious: "Domain Users" is the only Group returned. It appears to be that SSSD uses the permissions of the Computer account for this operation. Is there any configurable alternative to use the User's own permissions to resolve MemberOf on a user? Regards, Eugene
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
