Hi,
I need this because users use a SSH Gateway to authenticate to Linux machines across more than 20 domains and so its a bit a pain of maintaining all the domains configuration in the sssd.conf
So having a domain section that just match the domain the user authenticate with could make much more easier and more portable as well as easy automated config deployment
At this point you just need to make sure your LDAP search path as the same structure across all domains as well as the binding users... and static config etc...
Beside that, you can dynamically define the ldap server if you have a decent DNS Forwarder setup and use the regex matches to craft the ldap base path
example: ldaps://domain.internal will resolve the AD servers dynamically from the DNSFW so you don't even need to know the AD servers name and this means you don't have to edit / maintain the sssd config every time an AD is added somewhere or decommissioned but you still have repeat the domain section in the config file for all domains which make the config file a bit dirt went you have multiples domains.
So i think it would be very interesting if we could use the matches from the regex re_expression as internal variables in the config file.
I though that this was possible already.
Thank you
Nerigal
On 2019-06-03 03:36, Jakub Hrozek wrote:
On Fri, May 31, 2019 at 10:10:12AM -0400, Nerigal wrote:Hi,
Is it possible to make the domain section match the domain used by the
user to authenticate using the re_expression =
(?P<name>[^@]+)@?(?P<domain>[^@]*$)
So the domain section would look like
[domain/$domain]
...
I don't think so, why do you need this? The domains need to be hardcoded
anyway..
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org