Hello, I've been using sssd for quite a while now without issue, but today I'm having that problem
My IDP is Active Directory, I'm having a "user1" member of a "group1", and that "group1" is member of multiple groups, on of them is called "access_server1" I'm trying to apply ad_access_filter with nested group, and therefore require to recurse the groups I have tried: ad_access_filter = memberOf=cn=access_server1,cn=Users,dc=glop,dc=com but it does not work because of this https://confluence.atlassian.com/crowdkb/active-directory-user-filter-does-not-search-nested-groups-715130424.html Then I tried to apply what is in this article and my LDAP filter is: ad_access_filter = (memberOf:1.2.840.113556.1.4.1941:=cn=access_server1 ,cn=Users,dc=glop,dc=com) But it still does not work I got this beautiful error message in the sssd log file (Tue May 19 00:07:55 2020) [sssd[be[glop.com]]] [parse_filter] (0x0020): Keyword in filter [(memberOf:1.2.840.113556.1.4.1941:=CN=access_server1,CN=Users,DC=glop,DC=com)] *did not match expected format* (Tue May 19 00:07:55 2020) [sssd[be[glop.com]]] [ad_parse_access_filter] (0x0080): Access filter [(memberOf:1.2.840.113556.1.4.1941:=CN=access_server1,CN=Users,DC=glop,DC=com)] *could not be parsed, skipping* (Tue May 19 00:07:55 2020) [sssd[be[glop.com]]] [sdap_access_send] (0x0400): Performing access check for user [[email protected]] Thanks for your help
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
