Hi Stephen,
We are using sssd to authenticate against AD with using Kerberos and LDAP.
The idea is to filter users who are allowed to login based on a LDAP filter.
In the AD there are computer objects created with the same name as the hostname of the Linux client.
The filter must be something like is;
If the computer object is a member of the group where the user is memberOf then allow the user to login.
So what we want is to authenticate linux clients based on computer objects in the AD. (We are not using winbind)
When using the ldap_access_filter it's not possible to create a LDAP query neither with the ldap_group_search_filter.
Is it possible with sssd to meet our requirements?
The following ldapsearch gives the right output;
ldapsearch -h test.local -s sub -x -b ",ou=Groups,dc=test,dc=local" "(&(member=cn=`hostname`,cn=Computers,dc=test,dc=local))"
Thanx and Regards
Thomas Jagt