[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Nested groups and sssd filters

To: openldap-technical@openldap.org
Subject: Re: Nested groups and sssd filters
From: Jakub Hrozek <jakub.hrozek@posteo.se>
Date: Thu, 11 Feb 2016 09:27:51 +0100
Content-disposition: inline
In-reply-to: <56BC03C6.3080902@symas.com>
References: <DUB125-W11315C43110D6C004F99868ED70@phx.gbl> <9CE0DF280D92CC40B7BFC050@[192.168.1.9]> <56BC03C6.3080902@symas.com>
User-agent: Mutt/1.5.24 (2015-08-30)

On Thu, Feb 11, 2016 at 03:45:10AM +0000, Howard Chu wrote:
> Quanah Gibson-Mount wrote:
> >--On Wednesday, February 10, 2016 9:50 AM +0000 Miltos Tereres
> ><fo_ko@outlook.com> wrote:
> >
> >>The problem is that this doesn't work if the user values are in a nested
> >>group, it only works if the users are in my main group (xv64ut09).
> >>
> >>I would guess that linux / sssd  can support this type of nesting. Is
> >>there a change that needs to be done from the ldap server side, in the
> >>schema, or maybe something else that I have missed? I am using the
> >>rfc2307bis...
> 
> There is nothing in the server or in the LDAP protocol that supports nested
> groups. As such, it is the client's responsibility to process them if it
> wants them. So you need to look into sssd's documentation.

A good place to start is:
    https://fedorahosted.org/sssd/wiki/Troubleshooting

Anyhow, this question is probably better suited for the sssd-users
mailing list.

References:
- Nested groups and sssd filters
  - From: Miltos Tereres <fo_ko@outlook.com>
- Re: Nested groups and sssd filters
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Nested groups and sssd filters
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Nested groups and sssd filters
Next by Date: LMDB and Referential transparency
Index(es):
- Chronological
- Thread