Configuring a new version 11.0 VMware appliance.
OS authentication with Active Directory/LDAP configured and functioning. However, any user with a valid ID can login. I need to restrict this to certain users/groups.
I attempted to use the simple_allow_users and simple_allow_groups directives in sssd.conf, but it doesn't seem to have any effect.
How do I restrict logins to only certain AD users or groups?
Release : 11.0
How to allow specific group of users done by configuring the user search filter like below
ldap_user_search_base = DC=<BaseDN>?subtree?(CN=<groupName>)
Excerpt sssd.conf
#Domain Section and Server Details
[domain/ldap]
ad_server = <Domain_controler_Name>
ad_domain = <WindowsActiveDirectoryName>
krb5_realm = <KERBEROS_REALM>
krb5_keytab = /home/ssgconfig/<keytab_name>.keytab
id_provider = ad
.
.
ldap_search_base = <BaseDN?
ldap_user_search_base =DC=<BaseDN>?subtree?(CN=<groupName>)
.
debug_level = 9