[Freeipa-users] SSS problems with eDirectory
Stephen Gallagher
sgallagh at redhat.com
Fri Jul 23 11:36:40 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/23/2010 05:43 AM, Sumit Bose wrote:
> The most flexible way of access control is to use sssd together with a
> FreeIPA v2 server (the Alpha4 release was published recently). There are
> also plan to add sudo support into FreeIPA (see
> http://www.freeipa.org/page/SUDO_integration_plans for details).
>
> You can use the 'simple' access control provider (see man sssd-simple)
> or use sssd for users and groups and let nslcd fetch netgroups until
> sssd supports it natively.
>
We also have an LDAP access provider that allows you to set up access
control based on an LDAP search query. E.g.:
access_provider = ldap
ldap_access_filter = groupMembership=allowedgroup
This would grant access on this host to any user in the allowedgroup (if
I'm understanding correctly that eDirectory includes this in the user entry)
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxJfsgACgkQeiVVYja6o6N/twCfV2YPiuVLj0xyCVas2buKMEIT
WtkAoIGM+dt1D0AqTuXAL/bglB2jcUZ/
=0xPV
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list