It sounds like you may just want to modify the system so that when it
audits, it knows to parse sssd.conf for allowed_users and
allowed_groups. I am not sure of an easier way to do this.
On 05/26/2017 03:05 PM, Ali, Saqib wrote:
The reason we want to get a list of "allowed" users is for
Auditing.
We have system that goes out and checks allowed users on a system and
cross-validates that against a central DB.
So we just need a way to get a list of users that would be allowed to
login given the *simple_allow_groups *config in sssd.conf file.
----
<
https://twitter.com/secure_UX>
On Fri, May 26, 2017 at 12:00 PM, Striker Leggette
<striker(a)terranforge.com <mailto:striker@terranforge.com>> wrote:
What you may want to do is start limiting the search base for
users and groups if you want to limit visibility. I proposed an
RFE to make this easier in SSSD, but it is not something that has
much focus at this point.
On 05/26/2017 02:47 PM, Ali, Saqib wrote:
>
> We are using SSSD for authentication using LDAP. And I filter the
> user access using *simple_allow_groups* as follows:
>
> |access_provider = simple simple_allow_groups = Computer Admins |
>
> Is it possible to get a list of ONLY allowed users using *getent*?
>
> There is an option enumeration, but this lists all users.
>
> I am only interested in the allowed users.
>
>
>
> _______________________________________________
> sssd-users mailing list --sssd-users(a)lists.fedorahosted.org
> <mailto:sssd-users@lists.fedorahosted.org>
> To unsubscribe send an email tosssd-users-leave(a)lists.fedorahosted.org
> <mailto:sssd-users-leave@lists.fedorahosted.org>
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
<mailto:sssd-users@lists.fedorahosted.org>
To unsubscribe send an email to
sssd-users-leave(a)lists.fedorahosted.org
<mailto:sssd-users-leave@lists.fedorahosted.org>