hi
i m using sssd sssd-1.2.2-19 on Fedora 13 machine and i m a bit puzzled
by how ldap_access_filter work
indeed
i have in my sssd.conf file the following lines
access_provider = ldap
ldap_access_filter = IntEPersInetServ=*unix-rst*
when i run
ldapsearch -x -h ldap2.int-evry.fr -b dc=int-evry,dc=fr -D
"cn=mcibind,ou=System,dc=int-evry,dc=fr" -W
"(&(IntEPersInetServ="*unix-rst*")(uid=test))"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=int-evry,dc=fr> with scope subtree
# filter: (&(IntEPersInetServ=*unix-rst*)(uid=test))
# requesting: ALL
#
# search result
search: 2
result: 0 Success
i got no answer for the test account
but when i run
getent passwd test
test:*:14527:145:compte de test s2ia:/mci/test/test:/usr/local/bin/bash
but when i want to log as test user with the good password i can't log
i see in the secure log file
Aug 20 12:15:00 rst-9119 sshd[2888]: pam_sss(sshd:auth): authentication
success; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.159.21.234 user=test
Aug 20 12:15:00 rst-9119 sshd[2888]: pam_sss(sshd:account): Access
denied for user test: 6 (Permission denied)
is it supposed to work like that?
it s a bit different from the parameter pam_filter in the ldap.conf file.