LDAP group filter using SSSD

Question

I am using RHEL 7.2 image and trying to provide group based LDAP authentication using SSSD. How do I enable group based filters using SSSD?

I am attaching my sssd.conf file and I haven't enabled TLS on LDAP server (OpenDJ). I changed the value of FORCELEGACY to yes on client machine to connect without TLS.

Below is my sssd.conf file

[domain/default]

 autofs_provider = ldap
 ldap_schema = rfc2307bis
 ldap_search_base = dc=mykronos,dc=internal
 id_provider = ldap
 auth_provider = ldap
 chpass_provider = ldap
 ldap_uri = ldap://[ldap-server-ip]:[port]
 ldap_id_use_start_tls = False
 cache_credentials = False
 ldap_tls_reqcert = allow
 ldap_tls_cacertdir = /etc/openldap/cacerts

[sssd]

 services = nss, pam, autofs
 config_file_version = 2
 domains = default

[nss]

 homedir_substring = /home

[pam]

[sudo]

[autofs]

[ssh]

[pac]

[ifp]

 ldap_access_filter = memberOf=cn=test,ou=groups,dc=example,dc=com

I am unable to restrict users from groups other than test from logging into the machine.

score 1 · Answer 1 · answered Aug 02 '16 at 08:03

1

Try this:

access_provider = simple
simple_allow_groups = g1, g2

See man sssd-simple for more information.

By the way - SSSD does not allow authentication without either TLS or SSL.

answered Aug 02 '16 at 08:03

jhrozek

1,370
6
5

LDAP group filter using SSSD

1 Answers1