RHEL 6.5 and LDAP

Question

I am trying to connect our Active directory server to brand new RHEL 6.5 server. I want to authenticate users using AD credentials, but I want to restrict that only certain users can login, I don't want to allow anybody from AD to connect to it. I would like to use something like this:

CN=linuxtest,OU=SecurityGroups,DC=mydomain,DC=local

but I am not sure how would I setup OU and CN. I use sssd for authentication and my id_provider = ad. I wanted to use id_provider = ldap, but that did not work at all and RHEL customer service told me to setup this way. But I want to have a little bit more control who can do what. I know I can use this to restrict simple_allow_users = user1, user2, but I have 400+ users, I really don't want to go and type them all. Question is how would I setup OU or CN for my search?

yes, RHEL support told me to use SSSD to authenticate users. Our AD server is on Windows 2008 R2 Server — zuboje, Aug 21 '14 at 17:45

score 0 · Answer 1 · answered Aug 21 '14 at 16:07

I have configured a RHEL 6.5 with sssd to authenticate against LDAP, and we configured the ldap_access_filter to check for membership of certain groups (those groups do not need to be configured as the UNIX groups for the group mapping):

ldap_access_filter = (|(groupmembership=cn=group1,ou=groups,o=company)(groupmembership=cn=group2,ou=groups,o=company))

I have searched for similar setups with AD and the equivalent directives, but all the examples I can find are always configuring the AD with access_provider = ldap, so that example could work...

score 0 · Accepted Answer · answered Aug 21 '14 at 19:05

0

After many different configurations, I came to the solution where I setup

access_provider = simple
simple_allow_groups = linuxtest

and this worked out the way I wanted to work.

answered Aug 21 '14 at 19:05

zuboje

123
1
6

RHEL 6.5 and LDAP

2 Answers2