Restrict OS login
search cancel

Restrict OS login


Article ID: 275559


Updated On:


CA API Gateway


Configuring a new version 11.0 VMware appliance.

OS authentication with Active Directory/LDAP configured and functioning. However, any user with a valid ID can login. I need to restrict this to certain users/groups. 

I attempted to use the simple_allow_users and simple_allow_groups directives in sssd.conf, but it doesn't seem to have any effect. 

How do I restrict logins to only certain AD users or groups?


Release : 11.0


How to allow specific group of users done by configuring the user search filter like below

ldap_user_search_base = DC=<BaseDN>?subtree?(CN=<groupName>)

Excerpt sssd.conf

#Domain Section and Server Details


ad_server = <Domain_controler_Name>

ad_domain =  <WindowsActiveDirectoryName>

krb5_realm = <KERBEROS_REALM>

krb5_keytab =  /home/ssgconfig/<keytab_name>.keytab

id_provider = ad



ldap_search_base = <BaseDN?

ldap_user_search_base =DC=<BaseDN>?subtree?(CN=<groupName>)


debug_level = 9