[CentOS] ldap host attribute is ignored
Ulrich Hiller
hiller at mpia-hd.mpg.deTue May 12 20:06:05 UTC 2015
- Previous message: [CentOS] ldap host attribute is ignored
- Next message: [CentOS] ldap host attribute is ignored
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
i thought this too. I think this: access_provider = ldap ldap_access_filter = memberOf=host=does-not-exist-host ldap_access_order = filter ldap_user_authorized_host = host must confuse sssd so much that it denies login. But the user without host attribute can still login. With kind regards, ulrich On 05/12/2015 09:23 PM, m.roth at 5-cent.us wrote: > Ulrich Hiller wrote: >> that's intersting. "performing access check" is really missing. >> >> also the "sdap_access" lines are not there. Therefore i do have: >> >> (Tue May 12 13:16:20 2015) [sssd[be[default]]] [dp_get_options] >> (0x0400): Option ldap_access_filter has no value >> (Tue May 12 13:16:20 2015) [sssd[be[default]]] [dp_get_options] >> (0x0400): Option ldap_access_order has value host >> (Tue May 12 13:16:20 2015) [sssd[be[default]]] [be_process_init] >> (0x2000): ACCESS backend target successfully loaded from provider [ldap]. > <snip> > I really don't know this level, but from the above, my first reaction is > to see if there has to be an ldab_access_filter that then leads to the > ldap_access_order in the chain. > > mark > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >
- Previous message: [CentOS] ldap host attribute is ignored
- Next message: [CentOS] ldap host attribute is ignored
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list