#Permit access with recursive group ad_access_filter = DOM:glop.com:(memberOf:1.2.840.113556.1.4.1941:=cn= rights-srv-realm-allowed,CN=Users,DC=glop,DC=com)
I never encountered any issue with local users and AD users. On Wed, Jun 10, 2020, 7:57 AM Sangster, Mark <[email protected]> wrote: > Many thanks, I will hunt for that. > > > > Any advice on the local/remote user controls? > > > > *From:* Personne <[email protected]> > *Sent:* 10 June 2020 15:47 > *To:* End-user discussions about the System Security Services Daemon < > [email protected]> > *Subject:* [SSSD-users] Re: Access Filters > > > > CAUTION: External email. Ensure this message is from a trusted source > before clicking links/attachments. > > > > I had the exact same problem a week or 2 ago, look at the documentation or > my previous emails you will have the answer. > > > > On Wed, Jun 10, 2020, 5:43 AM Sangster, Mark <[email protected]> > wrote: > > Hello, > > I was attempting to utilise the AD provider for access control, however I > cannot make it work with members of nested groups. i.e. when using the > LDAP_MATCHING_RULE_IN_CHAIN. > > This functions: > > access_provider = ldap > ldap_sasl_authid = SERVER$@DOMAIN > ldap_access_filter = > (memberOf:1.2.840.113556.1.4.1941:=CN=ServerGroup,OU=Groups,DC=DOMAIN) > > This doesn’t: > > access_provider = ad > ad_access_filter = > (memberOf:1.2.840.113556.1.4.1941:=CN=ServerGroup,OU=Groups,DC=DOMAIN) > > Have I missed anything? > > It would also be useful if it is possible to allow local users access > alongside the remote users. e.g. allow both “domain_account” and > “local_account” access. Is that possible? > > Thanks > Mark > > ------------------------------------------------------------------------ > Mark Sangster > Server Infrastructure Specialist > > Information Technology Services | University of Aberdeen > t: +44 (0)1224 27-3315 | e: mailto:[email protected] | u: > http://www.abdn.ac.uk/it/ > > > The University of Aberdeen is a charity registered in Scotland, No > SC013683. > Tha Oilthigh Obar Dheathain na charthannas clàraichte ann an Alba, Àir. > SC013683. > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > > > > The University of Aberdeen is a charity registered in Scotland, No > SC013683. > Tha Oilthigh Obar Dheathain na charthannas clàraichte ann an Alba, Àir. > SC013683. > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
