Re: ldap host attribute is ignored

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Ulrich Hiller wrote:
> i thought this too.
> I think this:
>
> access_provider = ldap
> ldap_access_filter = memberOf=host=does-not-exist-host
> ldap_access_order = filter
> ldap_user_authorized_host = host
>
> must confuse sssd so much that it denies login. But the user without
> host attribute can still login.
>
Wait - are you saying that it didn't deny, but now it does? If that's the
case, then you're almost there, just that the condition is backwards (like
sshd_config, with PermitRootLogin Without-Password means that you have to
use a key, not that it permits root to come in without a password....

     mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux