Open guiguithub opened 5 months ago
I tried to rebuild on my own but didn't see much documentation on how to do it on debian distros
It should be pretty much distribution agnostic:
autoreconf -if
./configure ...
sudo make install
The catch is proper args for ./configure You can take a look at how Debian package is built here: https://salsa.debian.org/sssd-team/sssd/-/blob/master/debian/rules?ref_type=heads#L30
https://github.com/SSSD/sssd/blob/master/contrib/ci/deps.sh#L103 lists Debian build dependencies.
+1 on this idea, or perhaps allowing definition of a groupname in an sssd.conf on endpoints that could be matched explicitly. something like ldap_sudo_hostgroup_name .. and then a check in the code similar to
} else if (strcasecmp(hostname, hostgroup_name) == 0) {
/* This host is explicitly allowed */
DEBUG(SSSDBG_CONF_SETTINGS, "Access granted for hostgroup %s for [%s]\n", hostgroup_name, host);
/* We still need to loop through to make sure
* that it's not also explicitly denied
*/
ret = EOK;
I'm working on debian 12 servers and i need to filter users by hosts enabling comparison also with regexp could be useful instead of having a static list of servers in host attributes on my ldap server
seems the file to be modified is src/providers/ldap/sdap_access.c in the function sdap_access_host_comp like 1251 which could look something like that
`
include
static errno_t sdap_access_host_comp(struct ldb_message_element el, char hostname) { errno_t ret = ENOENT; unsigned int i; char *host; regex_t regex;
} `
I tried to rebuild on my own but didn't see much documentation on how to do it on debian distros
Thanks in advance for your help