sssd filter options
by Mayberry, Alexander
We are currently using legacy ldap, with access.conf to control login rights.
With RHEL7, I'm planning to implement sssd, and I've been successful, minus the netgroup filter.
#simple_allow_netgroup = rhel7satellite6_machine
#ldap_access_filter = memberOf=cn=rhel7satellite6_machine,ou=Machines,ou=Netgroups,dc=ds,dc=west,dc=com
ldap_access_filter = (&(objectclass=nisnetgroup)(cn=rhel7satellite6_machine,ou=Machines,ou=Netgroups,dc=ds,dc=west,dc=com))
#ldap_uri = ldaps://den06ds03.ds.west.com,ldaps://den06ds02.ds.west.com,ldaps://oma00...
Based on everything I've read, the only way to filter on a netgroup of users is to use the "memberof" plugin. I was hoping to learn from someone with more experience in this area if this is indeed the only way to solve this, or if there might be some way to configure the filter that will work this manner without modifying the directory schema.
8 years, 10 months
Setting up 389-ds-console over a existing 389-ds
by Carlos Raúl Laguna
It is possible to setup the management console in a existing server, if so,
how?
Description: A few server where deploy only with 389-ds-base. OS -
CentOS7.1 a few of this packages seem to be missing from the repositories
and therefor installed after. Regards
8 years, 10 months
authenticated time stamp
by Chase Miller
Hello 389 Group,
Is there an object class/attribute that I can add to a user's entry that
will capture their last authenticated time stamp. I want to capture this
so I can go delete users that have not authenticated after so many days.
Chase
8 years, 10 months
