On Wed, Nov 8, 2017 at 3:39 PM, Sumit Bose <sb...@redhat.com> wrote: > On Wed, Nov 08, 2017 at 02:39:46PM -0500, Asif Iqbal wrote: > > On Thu, Nov 2, 2017 at 12:05 PM, Asif Iqbal <vad...@gmail.com> wrote: > > > > > Hi > > > > > > I like to authenticate user based on uid if meets the following two > > > requirements > > > > > > ldap_search_base = ou=People,dc=mnet,dc=qintra,dc=com > > > ldap_access_order = filter > > > ldap_access_filter = objectClass=mnetPerson > > > > > > and > > > > > > ldap_search_base = ou=ACL Groups,ou=Groups,dc=mnet,dc=qintra,dc=com > > > ldap_access_filter = (&(cn=jumpstation)(uniquemember=<dn of uid>)) > > It looks like you want that the user is a member of a group called > jumpstation? Does you user object have memberOf (or similar) attributes > which you can check together with objectClass=mnetPerson ? > > bye, > Sumit
No there is no object like that. That would make it super easy with one filter using (&(..)(..)) This group definition, as you noticed, is on a different base DN also So I will need some kind of nested filter with multiple base DNs -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org