[prev in list] [next in list] [prev in thread] [next in thread]
List: sssd-users
Subject: Re: [SSSD-users] sssd Ubuntu 14.04 LTS
From: Jakub Hrozek <jhrozek () redhat ! com>
Date: 2015-03-26 15:17:34
Message-ID: 20150326151734.GV30085 () hendrix ! arn ! redhat ! com
[Download RAW message or body]
On Thu, Mar 26, 2015 at 04:32:53PM +0200, Timo Aaltonen wrote:
> On 26.03.2015 16:19, Ludger Koehler wrote:
> > Hi Timo,
> >
> > sorry but i have a Question.
> >
> > We use Ubuntu 14.04 LTS Server with sssd-ad to authenticate over Windows
> > 2008 R2 AD and it works.
> > But there is one Problem, "ad_access_filter" don't work.
> >
> > in sssd.conf the parameter
> > access_provider = ad
> > ad_access_filter =
> > DOM:(&(objectCategory=Group)(objectClass=samaccountname)(|(ou=group1)(ou=group2)(ou=group3)))
> >
> > is set.
> >
> > Other Filter like
> > ad_access_filter =
> > (|(memberOf=cn=group1,ou=gruppen,ou=examle,dc=test,dc=de)(memberOf=cn=group2,ou=gr \
> > uppen,ou=example,dc=test,dc=de)(memberOf=cn=group3,ou=gruppen,ou=example,dc=test,dc=de))
> >
> > don't work too.
> >
> > Do you have an idea, whats the Problem or is it a Bug?
>
> I guess the sssd-users list is better for questions like these, I don't
> know the answer off-hand.
>
> (sssd version in 14.04 is still at 1.11.5 btw, if relevant here)
My first suggestion would be to not use the filter based access control
options, but rather the simple access provider
access_provider = simple
simple_allow_groups = group1, group2
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic