On Sun, Nov 24, 2019 at 06:07:06PM -0000, Oscar Torrente wrote:
Hello.
I'm using a LDAP server for authentication/identification of users. I've set its
ACIs so that every user just can access to its own data But now I have a problem in sssd
clients: I should put the correct ldap_default_bind_dn value to make the request, a value
which should be dynamic as it's typed on gdm/login/ssh/whatever. How can I do that? I
don't want to write the admin's cn (and password!) in client's sssd.conf
files!
Hi,
this won't work mainly because e.g. sshd will try to lookup the user in
LDAP before you are prompted for the password and if the user cannot be
found authentication will fail.
You do no have to use the admin DN here, it would be sufficient to have
a service account which can read the needed RFC2307 or RFC2307bis
attributes from the users and groups.
bye,
Sumit
Thanks!!
P.S: I've asked the same topic in
https://serverfault.com/questions/993030/how-to-have-a-dynamic-ldap-defau...
but sadly there's no answer....
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...