07-12-2018
So how is the access controlled: Group membership? The sssd.conf "simple_allow_groups" option? sshdf_config "allow users"?
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi
Is it possible to add the following to an ldif entry:
dn=estmmartín
i.e Note the charchter 'í'
Thanks in advance (3 Replies)
Discussion started by: tom123
3 Replies
2. Shell Programming and Scripting
Hi
I'm not a programmer but am muddling through as best I can. I am trying to set up a PostSearchHook for Radiator (RADIUS server), that carries out an LDAP lookup, and, based on the
string returned ("staff" or "student") in the "businessCategory" attribute, will set the $role to be either 40... (3 Replies)
Discussion started by: mikie
3 Replies
3. UNIX for Dummies Questions & Answers
I would like to do an ldap search which looks for entries which do not actually have a certain attribute. Not that the attribute is Null, but where the attribute does not exist.
Is this possible using ldapsearch? (3 Replies)
Discussion started by: dopple
3 Replies
4. UNIX for Dummies Questions & Answers
Hi All,
Pardon me if this turns out to be a dumb question. But I am trying to schedule a cron job for a my script which takes input options. So an entry in crontab would be something like:
1 * * * * run_report.sh -o out.csv -m monthly -e somename@email.com > cron_output.log 2> cron_error.log... (3 Replies)
Discussion started by: trueharsh
3 Replies
5. Solaris
Hi all
I had a mail issue earlier today where I was not receiving any emails from the servers of one of our clients.
The mail queue just showed this:
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
o8S7eSpp020274* 5858 Tue Sep 28 10:42... (0 Replies)
Discussion started by: notreallyhere
0 Replies
6. Red Hat
Hi,
We have a mail server which has Zimbra installed on it and a file server. Folks use the same login information they use to access their email to access the file server. So the file server is using the same LDAP server as the mail server.
Couple days ago, at around 12 PM all of the sudden,... (3 Replies)
Discussion started by: tezarin
3 Replies
7. Shell Programming and Scripting
Hi All,
I have a existing Ldap query which take a HOME as variable and gives the result where i grep for a particular line.
ldapsearch -h server_domain_name -p 389 -D "uid=user,ou=appadm,o=ent" -w PaB -b "ou=roles,o=ent" "cidx=$HOME" | grep -w "ent: xyz"
Now i have 330K Homes in a... (1 Reply)
Discussion started by: posner
1 Replies
8. Emergency UNIX and Linux Support
Hi Friends,
I have below scenarios .
dom1.test.com - LDAP
dom2.test.com - AD
Requirement is establish a trust relation between LDAP and AD server in such a way that if any user login on LDAP managed authentication server with
dom1\username -> get authenticated by LDAP host
... (2 Replies)
Discussion started by: Shirishlnx
2 Replies
9. Shell Programming and Scripting
Hello,
i need some help with a script. I made a script, which connect to different hosts to get some informations. But i got now some problems with getting informations of a database (db2) which is on a other host. I tried something like
var=$(rsh HOST su - db2adm -c "db2 connect to database;... (2 Replies)
Discussion started by: Cyver
2 Replies
10. UNIX and Linux Applications
I need to write LDAP group query where I need to find if a particular user is a member of a 2 specific Groups. This is LDAP Novell edirectory implementation.
Below are the details -
================
LDIF entry for OndotAPI group
dn: cn=OndotAPI,ou=Groups,o=CNS
changetype: add ... (0 Replies)
Discussion started by: jhamaks
0 Replies
LEARN ABOUT DEBIAN
sssd-simple
SSSD-SIMPLE(5) File Formats and Conventions SSSD-SIMPLE(5)
NAME
sssd-simple - the configuration file for SSSD's 'simple' access-control provider
DESCRIPTION
This manual page describes the configuration of the simple access-control provider for sssd(8). For a detailed syntax reference, refer to
the "FILE FORMAT" section of the sssd.conf(5) manual page.
The simple access provider grants or denies access based on an access or deny list of user or group names. The following rules apply:
o If all lists are empty, access is granted
o If any list is provided, the order of evaluation is allow,deny. This means that any matching deny rule will supersede any matched allow
rule.
o If either or both "allow" lists are provided, all users are denied unless they appear in the list.
o If only "deny" lists are provided, all users are granted access unless they appear in the list.
CONFIGURATION OPTIONS
Refer to the section "DOMAIN SECTIONS" of the sssd.conf(5) manual page for details on the configuration of an SSSD domain.
simple_allow_users (string)
Comma separated list of users who are allowed to log in.
simple_deny_users (string)
Comma separated list of users who are explicitly denied access.
simple_allow_groups (string)
Comma separated list of groups that are allowed to log in. This applies only to groups within this SSSD domain. Local groups are not
evaluated.
simple_deny_groups (string)
Comma separated list of groups that are explicitly denied access. This applies only to groups within this SSSD domain. Local groups are
not evaluated.
Please note that it is an configuration error if both, simple_allow_users and simple_deny_users, are defined.
EXAMPLE
The following example assumes that SSSD is correctly configured and example.com is one of the domains in the [sssd] section. This examples
shows only the simple access provider-specific options.
[domain/example.com]
access_provider = simple
simple_allow_users = user1, user2
SEE ALSO
sssd.conf(5), sssd(8)
AUTHORS
The SSSD upstream - http://fedorahosted.org/sssd
SSSD
03/04/2013 SSSD-SIMPLE(5)