Learn more about these different git repos.
Other Git URLs
There are situations where users may wish to use features from different access providers at the same time. For example, a user may wish to use the 'ldap' access provider for the 'expire' feature while also wanting to use the 'simple' access provider to limit logins to specific groups.
It would be useful to be able to have the following in sssd.conf:
[domain/example.com] id_provider = ldap auth_provider = krb5 access_provider = ldap, simple ... ldap_access_order = expire simple_allow_users = laptopuser simple_allow_groups = admins
The idea would be that the providers would be checked in the order they are listed. If any fails, the user is denied. If all succeed, the user is allowed.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.12 beta rhbz: => todo
proposed_priority: => Optional
This ticket has been evaluated for inclusion into SSSD 1.10 release and was decided to be excluded since it does not match the main goals and themes of the release. It might be considered for later releases.
summary: Allow chaining access_provider => [RFE] Allow chaining access_provider
Stef brought up an interesting use case that he actually tried to solve in realmd. The proper solution is to solve it in SSSD with the chained access providers.
Say I bring in my on machine and join a domain. This is very popular nowadays when the machines are controlled by the users and people can BYOD (bring-your-own-device) to work or to school. The central policy might allow a group of students to access a group of the machines. But I do not want others to suddenly be able to log into my machine. So I would limit the machine to only myself (and probably my friends) on top of what the central server allows me. Currently realmd would detect if there is an IPA and if there is it will automatically assume HBAC access provider. It would be nice to have a way to augment it.
milestone: SSSD 1.12 beta => SSSD 1.13 beta
Metadata Update from @sgallagh: - Issue marked as blocked by: #2004 - Issue set to the milestone: SSSD Future releases (no date set yet)
Metadata Update from @thalman: - Custom field patch reset (from 0) - Custom field testsupdated reset (from 0) - Issue close_status updated to: None - Issue tagged with: Canditate to close
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Thank you for understanding.
Metadata Update from @pbrezina: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2368
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.