On 07/16/2015 10:46 AM, Ondrej Valousek wrote:
Ok, I could do this, but it involves changing sssd configuration.
The GPO is much nicer solution - is it now working? It is not clear from the
documentation whether it is still a "wish list" or not...
It is in sssd 1.12.
But it is disabled by default you need to configure it anyways.
O.
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Dmitri Pal
Sent: 16 July 2015 16:42
To: End-user discussions about the System Security Services Daemon
<sssd-users(a)lists.fedorahosted.org>
Subject: Re: [SSSD-users] Reject new users form logging in
On 07/16/2015 10:24 AM, Lukas Slebodnik wrote:
> On (16/07/15 14:07), Ondrej Valousek wrote:
>> Well, can we use HBAC with AD backend?
>> Don’t think so….
> You can use GPO with recent version of sssd.
>
> LS
But you can also use the basic LDAP based access control that relies on a filter.
See sssd-ldap. Search for "filter". There are some restrictions though.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio Red Hat, Inc.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
-----
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.