Many thanks, I will hunt for that. Any advice on the local/remote user controls?
From: Personne <[email protected]> Sent: 10 June 2020 15:47 To: End-user discussions about the System Security Services Daemon <[email protected]> Subject: [SSSD-users] Re: Access Filters CAUTION: External email. Ensure this message is from a trusted source before clicking links/attachments. I had the exact same problem a week or 2 ago, look at the documentation or my previous emails you will have the answer. On Wed, Jun 10, 2020, 5:43 AM Sangster, Mark <[email protected]<mailto:[email protected]>> wrote: Hello, I was attempting to utilise the AD provider for access control, however I cannot make it work with members of nested groups. i.e. when using the LDAP_MATCHING_RULE_IN_CHAIN. This functions: access_provider = ldap ldap_sasl_authid = SERVER$@DOMAIN ldap_access_filter = (memberOf:1.2.840.113556.1.4.1941:=CN=ServerGroup,OU=Groups,DC=DOMAIN) This doesn’t: access_provider = ad ad_access_filter = (memberOf:1.2.840.113556.1.4.1941:=CN=ServerGroup,OU=Groups,DC=DOMAIN) Have I missed anything? It would also be useful if it is possible to allow local users access alongside the remote users. e.g. allow both “domain_account” and “local_account” access. Is that possible? Thanks Mark ------------------------------------------------------------------------ Mark Sangster Server Infrastructure Specialist Information Technology Services | University of Aberdeen t: +44 (0)1224 27-3315 | e: mailto:[email protected]<mailto:[email protected]> | u: http://www.abdn.ac.uk/it/ The University of Aberdeen is a charity registered in Scotland, No SC013683. Tha Oilthigh Obar Dheathain na charthannas clàraichte ann an Alba, Àir. SC013683. _______________________________________________ sssd-users mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] The University of Aberdeen is a charity registered in Scotland, No SC013683. Tha Oilthigh Obar Dheathain na charthannas clàraichte ann an Alba, Àir. SC013683.
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
