On Fri, Nov 11, 2011 at 02:06:45PM +0530, Nitesh Mehare wrote:
Jakub,
The group entry looks like this
cn=idsldap,ou=People,o=sample
cn=idsldap
objectclass=posixgroup
objectclass=top
gidnumber=201
memberuid=nitpta2
memberuid=nitinst
memberuid=nitinst1
memberuid=nitback1
The group entry is under ou=people and any user is made member of a group
by adding the memberuid attribute so i have kept ldap_schema as rfc2307
Thanks
Then the schema is correct, but I don't think the access filter you are
using can work because with the rfc2307 schema the user lacks the memberof
attribute your filter uses to determine access.
Instead of using the "ldap" access control provider, I would suggest
using the "simple" provider. To allow only members of the "idsldap"
group:
access_provider = simple
simple_allow_groups = idsldap
See man "sssd-simple" for more information.