I'm trying to set up sssd with access_provider = ldap. I'm having a little
trouble getting the ldap_access_filter working the way I want to.
The way I want to do it is to create a Resource Group in AD that contains the Unix Team
group and then whichever users need access to the system. So we'd have, say:
cn=Server1AccessGroup,ou=Groups,….
member: cn=Unix Team,ou=Groups,…
member: cn=User A,…
member: cn=User B,…
Is there a way to craft the ldap_access_filter based on the above such that the members of
Unix Team and then the two users will be allowed access?
As an ancillary question to this, I'd like some clarification of how
ldap_access_filter works exactly. Is it simply that the user's DN who is trying to
login needs to match a result of the query specified in the access filter line?
Thanks!
--
Greg Wojtak
Senior Unix Systems Engineer
Office: (313) 373-4306
Mobile: (734) 718-8472