[389-users] Re: Allow filters through PTA Plugin
> On 6 Jan 2019, at 09:21, Olivier JUDITH wrote: > > Hi William, > > I will be glad to help, it will just take some time to write as required for > your wiki page. > Will be done soon > > Rgds > Thanks so much. I think our wiki content is stored in the following github repo: https://github.com/marcus2376/389wiki If you want to make a PR there I’m happy to review it. I plan to do a large content update in the next few weeks, especially to make content easier to access. Thanks so much! -- Sincerely, William ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
[389-users] Re: Allow filters through PTA Plugin
Hi William, I will be glad to help, it will just take some time to write as required for your wiki page. Will be done soon Rgds ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
[389-users] Re: Allow filters through PTA Plugin
> On 15 Dec 2018, at 05:31, Olivier JUDITH wrote: > > Hi all, > > Here is my doc on how to enable Pam-PassThrough + SSSD : > https://drive.google.com/open?id=0B_f1ipCCCREXd0RqN09CRFFzNWh1UUZjR0RNaElJREVIX0RJ Would you be willing to contribute this to our wiki? We’d love some help to improve our documentation (this is soon to be my focus for a while). Thanks, > > Regards > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org — Sincerely, William ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
[389-users] Re: Allow filters through PTA Plugin
Hi all, Here is my doc on how to enable Pam-PassThrough + SSSD : https://drive.google.com/open?id=0B_f1ipCCCREXd0RqN09CRFFzNWh1UUZjR0RNaElJREVIX0RJ Regards ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
[389-users] Re: Allow filters through PTA Plugin
Hi William Did you receive my doc on PAM PTA ? rgds ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
[389-users] Re: Allow filters through PTA Plugin
Feel free to send me code to review at any time, I’ll review it when I get a chance :) > On 21 Nov 2018, at 08:44, Olivier JUDITH wrote: > > Hi , > > Ok i'll do that soon. > For the moment i try to finish my plugin development > > Cdlt. > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org — Sincerely, William ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
[389-users] Re: Allow filters through PTA Plugin
Hi , Ok i'll do that soon. For the moment i try to finish my plugin development Cdlt. ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
[389-users] Re: Allow filters through PTA Plugin
> On 20 Nov 2018, at 03:13, Olivier JUDITH wrote: > > Hi, > > It is possible . i'm using Pam PTA to authenticate AD user from SSO > application. > it works perfectly. the configurationis SSO app +> 389 + SSSD -> AD > As mentionned by Mark Reynolds use PAM PTA and filter with pamFilter . As a note, remember that SSSD is single threaded and may become a performance bottleneck. You could have to consider horizontal RO replica to scale your logins. > > Contact me if you need more information. If you want to write up a how-to for our website that would be great, I’d help review it and get it commited > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org — Sincerely, William ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
[389-users] Re: Allow filters through PTA Plugin
Hi, It is possible . i'm using Pam PTA to authenticate AD user from SSO application. it works perfectly. the configurationis SSO app +> 389 + SSSD -> AD As mentionned by Mark Reynolds use PAM PTA and filter with pamFilter . Contact me if you need more information. ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
[389-users] Re: Allow filters through PTA Plugin
On 11/6/18 4:04 AM, LHEUREUX Bernard wrote: Hi all, I'm pretty new in the usage of 389-DS and I would like to know if some of you could help me achieve a feature that would: Have a 389-Directory server in front of AD Domain Controllers acting as "ldap proxy" to protect access to the DC but allowing to authenticate users with their LDAP AD account AND allowing to retrieve the list of Groups members (via filters) of the AD through PTA ? Is that possible and how could achieve this ? Yes, but you need to use SSSD as well: https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/pam-pta#pam-pta-sssd I personally have not done this, but it is documented in the Administration Guide HTH, Mark Thanks for your help Bernard Lheureux. Ce message transmis par voie électronique ainsi que toutes ses annexes contiennent des informations qui peuvent être confidentielles ou protégées. Ces informations sont uniquement destinées à l’usage des personnes ou des entités précisées dans les champs ‘A’, ‘Cc’ et ‘Cci’. Si vous n’êtes pas l’un de ces destinataires, soyez conscient que toute forme, partielle ou complète, de divulgation, copie, distribution ou utilisation de ces informations est strictement interdite. Si vous avez reçu ce message par erreur, veuillez nous en informer par téléphone ou par message électronique et détruire les informations immédiatement. Ce message n’engage que son signataire et aucunement son employeur. ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org