SSSD−SIMPLE - Online Linux Manual PageSection : 5
Updated : 01/26/2023
Source : SSSD
Note : File Formats and Conventions

NAMEsssd-simple − the configuration file for SSSD's 'simple' access−control provider

DESCRIPTIONThis manual page describes the configuration of the simple access−control provider for sssd(8)​. For a detailed syntax reference, refer to the FILE FORMAT section of the sssd.conf(5) manual page​. The simple access provider grants or denies access based on an access or deny list of user or group names​. The following rules apply: •  If all lists are empty, access is granted •  If any list is provided, the order of evaluation is allow,deny​. This means that any matching deny rule will supersede any matched allow rule​. •  If either or both "allow" lists are provided, all users are denied unless they appear in the list​. •  If only "deny" lists are provided, all users are granted access unless they appear in the list​.

CONFIGURATION OPTIONSRefer to the section DOMAIN SECTIONS of the sssd.conf(5) manual page for details on the configuration of an SSSD domain​. simple_allow_users (string) Comma separated list of users who are allowed to log in​. simple_deny_users (string) Comma separated list of users who are explicitly denied access​. simple_allow_groups (string) Comma separated list of groups that are allowed to log in​. This applies only to groups within this SSSD domain​. Local groups are not evaluated​. simple_deny_groups (string) Comma separated list of groups that are explicitly denied access​. This applies only to groups within this SSSD domain​. Local groups are not evaluated​. Specifying no values for any of the lists is equivalent to skipping it entirely​. Beware of this while generating parameters for the simple provider using automated scripts​. Please note that it is an configuration error if both, simple_allow_users and simple_deny_users, are defined​.

EXAMPLEThe following example assumes that SSSD is correctly configured and example​.com is one of the domains in the [sssd] section​. This examples shows only the simple access provider−specific options​. [domain/example​.com] access_provider = simple simple_allow_users = user1, user2

NOTESThe complete group membership hierarchy is resolved before the access check, thus even nested groups can be included in the access lists​. Please be aware that the ldap_group_nesting_level option may impact the results and should be set to a sufficient value​. (sssd-ldap(5)) option​.

SEE ALSOsssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8)​. sss_rpcidmapd(5) sssd-systemtap(5)

AUTHORSThe SSSD upstream − https://github​.com/SSSD/sssd/
0
Johanes Gumabo
Data Size   :   13,374 byte
man-sssd-simple.5Build   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   2 / 230,593
Visitor ID   :     :  
Visitor IP   :   18.119.166.34   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36

Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.