Hi guys,
the quickstart documentation (which is a very nice piece of documentation) does setup the memberOf plugin. http://www.port389.org/docs/389ds/howto/quickstart.html
However the SSSD part does not mention that you need to have that plugin enabled on the server, otherwise you will not get a working login. At least, I could not get this to work without the plugin.
"dsidm localhost client_config sssd.conf server_admins" This creates a sssd.conf that contains the following ldap filter:
ldap_access_filter = (memberOf=cn=server_admins,ou=groups,dc=example,dc=org)
I have opened a PR against the wiki mentioning this in the SSSD part. https://github.com/marcus2376/389wiki/pull/33
Kind Regards, Johannes
389-users@lists.fedoraproject.org