-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/23/2010 05:43 AM, Sumit Bose wrote: > The most flexible way of access control is to use sssd together with a > FreeIPA v2 server (the Alpha4 release was published recently). There are > also plan to add sudo support into FreeIPA (see > http://www.freeipa.org/page/SUDO_integration_plans for details). > > You can use the 'simple' access control provider (see man sssd-simple) > or use sssd for users and groups and let nslcd fetch netgroups until > sssd supports it natively. >
We also have an LDAP access provider that allows you to set up access control based on an LDAP search query. E.g.: access_provider = ldap ldap_access_filter = groupMembership=allowedgroup This would grant access on this host to any user in the allowedgroup (if I'm understanding correctly that eDirectory includes this in the user entry) - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxJfsgACgkQeiVVYja6o6N/twCfV2YPiuVLj0xyCVas2buKMEIT WtkAoIGM+dt1D0AqTuXAL/bglB2jcUZ/ =0xPV -----END PGP SIGNATURE----- _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users