On 11/20/2025 6:41 AM, dave via sssd-users wrote:
Hello,
We are trying to test sssd for our Linux environment.
We are able to join the AD domain using `realm` and, with a few tweaks, can
authenticate users and find groups. (when both user/groups are POSIX-compliant)
I was able to do group-based access with
access_provider = simple
simple_allow_groups = some_posix_ad_group_name
Not all of our AD groups are POSIX-compliant; most are regular AD groups.
I want to try to mimic the same group access behavior, but for non-posix
groups. Meaning if a user is a member of a non-POSIX group, then allow access.
Is this possible?
I don't get why you don't just add the posixGroup objectClass and a
gidNumber to the "non-POSIX-compliant" groups to make it POSIX
compliant, and also be able to count them with "objectClass=posixGroup"
filters.
dn: <some ADgroup>,dc=company,dc=com
changetype: modify
add: objectClass
objectClass: posixGroup
-
add: gidNumber
gidNumber: 123456
--
Chris Paul | Rex Consulting |https://www.rexconsulting.net
--
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
