On Jun 04, 2013, at 10:16 AM, Jakub Hrozek <jhrozek(a)redhat.com> wrote:
On Tue, Jun 04, 2013 at 11:12:54AM -0400, Dmitri Pal wrote:
On 06/04/2013 10:13 AM, Bryan Harris wrote:
>
> - : bryan.harris.adm : ALL
> - : ALL : ALL
Well, I feel a bit silly, I used comma for list separator but I have spaces both before as
well as after each of my objects in my statements (So I guess it was " Linux Admins
" which is not the same as "Linux Admins"). When I removed all the spaces
everything worked as expected.
access_provider = ldap
ldap_access_filter = memberOf=cn=Linux Admins,ou=Groups,dc=example,dc=com
Yes, this would work. You can also take a look at the "simple" access
provider (man sssd-simple).
Thanks for this direction for using sssd-simple, I'm switching our configuration to
use it rather than the ldap_access_filter.
Bryan