Hi Stephen,
We are using sssd to authenticate against AD with using Kerberos and LDAP.
The idea is to filter users who are allowed to login based on a LDAP
filter. In the AD there are computer objects created with the same name as
the hostname of the Linux client.
The filter must be something like is;
If the computer object is a member of the group where the user is memberOf
then allow the user to login.
So what we want is to authenticate linux clients based on computer objects
in the AD. (We are not using winbind)
When using the ldap_access_filter it's not possible to create a LDAP query
neither with the ldap_group_search_filter.
Is it possible with sssd to meet our requirements?
The following ldapsearch gives the right output;
ldapsearch -h test.local -s sub -x -b ",ou=Groups,dc=test,dc=local"
"(&(member=cn=`hostname`,cn=Computers,dc=test,dc=local))"
Thanx and Regards
Thomas Jagt
IIRC nothing like this is possible at the moment. The only similar thing I can
think of is using 'host' attribute on user object.
Jan