I had the exact same problem a week or 2 ago, look at the documentation or my previous emails you will have the answer.
On Wed, Jun 10, 2020, 5:43 AM Sangster, Mark <[email protected]> wrote: > Hello, > > I was attempting to utilise the AD provider for access control, however I > cannot make it work with members of nested groups. i.e. when using the > LDAP_MATCHING_RULE_IN_CHAIN. > > This functions: > > access_provider = ldap > ldap_sasl_authid = SERVER$@DOMAIN > ldap_access_filter = > (memberOf:1.2.840.113556.1.4.1941:=CN=ServerGroup,OU=Groups,DC=DOMAIN) > > This doesn’t: > > access_provider = ad > ad_access_filter = > (memberOf:1.2.840.113556.1.4.1941:=CN=ServerGroup,OU=Groups,DC=DOMAIN) > > Have I missed anything? > > It would also be useful if it is possible to allow local users access > alongside the remote users. e.g. allow both “domain_account” and > “local_account” access. Is that possible? > > Thanks > Mark > > ------------------------------------------------------------------------ > Mark Sangster > Server Infrastructure Specialist > > Information Technology Services | University of Aberdeen > t: +44 (0)1224 27-3315 | e: mailto:[email protected] | u: > http://www.abdn.ac.uk/it/ > > > The University of Aberdeen is a charity registered in Scotland, No > SC013683. > Tha Oilthigh Obar Dheathain na charthannas clàraichte ann an Alba, Àir. > SC013683. > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
