Bug 743617

Summary: [RFE] Add user and group search base filters
Product: Red Hat Enterprise Linux 6 Reporter: Chris St. Pierre <cstpierr>
Component: sssdAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED DUPLICATE QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1CC: dpal, grajaiya, jgalipea, prc
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-01-05 19:42:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 736857, 756082    

Description Chris St. Pierre 2011-10-05 14:23:49 UTC 
Description of problem:

In sssd there is no way to limit the LDAP users that appear on a machine; ldap_access_filter only limits the users who can log in.  This isn't very useful if you're using means other than LDAP for authentication, and yet want to use LDAP to control access.  Other reasons for this not being ideal are listed in https://fedorahosted.org/sssd/ticket/647

Version-Release number of selected component (if applicable):

1.5.1-34.el6_1.3

How reproducible:

Always.

Steps to Reproduce:

1. Install and configure sssd to use LDAP
2. Search in vain for a way to filter the LDAP users that appear on a box.
  
Actual results:

There is no way to filter LDAP users, just LDAP authentication.

Expected results:

There totally should be.

Additional info:

Fix and further discussion at https://fedorahosted.org/sssd/ticket/647.
Comment 3 Stephen Gallagher 2011-10-05 15:20:16 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/647
Comment 5 Jenny Severance 2012-01-05 19:42:56 UTC 
closing as duplicate of bug 736150, the duplicate bug contains a superset of this functionality

*** This bug has been marked as a duplicate of bug 736150 ***