On Fri, Dec 06, 2019 at 01:11:26PM +0100, Christian Lamparter wrote: > On the 2019-11-25 at 11:41 Oscar Torrente wrote: > > Ok. So what you suggest is applying an ACI to all needed attributes for all > > users/groups nodes in LDAP directory to give this special account the read > > permission over them , isn't? > > I should obfuscate its password in sssd.conf file, though, but it makes > > sense. > > Thanks a lot!! > > I'm in the same boat. Though, I was able to help myself by setting up a > special "no permissions" user that has only read access to all the hidden > LDAP-users. > With the help of this special account and this patch ( > https://www.mail-archive.com/sssd-users@lists.fedorahosted.org/msg06876.html > ). I was able to > use the existing ldap_default_bind_dn and ldap_default_authtok property to > do the user discovery.... and with this everything just worked.
Hi, thanks for making me aware of this patch. I was thinking about a similar issue recently. It is currently not possible with the configuration scheme SSSD is using to unset an option. As a result if ldap_sasl_mech is set to a default value by a provider it cannot be unset. My idea is to define a special keyword like e.g. 'SSSD_NO_SASL_MECH' which can be used with ldap_sasl_mech to make sure that SASL is not used. Do you think this would work for you as well? bye, Sumit > > Regards, > Christian > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org