Is there a way to restrict LDAP authentication to FreeIPA based on ldap user group membership? Currently configured, as suggested in forum, with
set cnid uid
set dn "cn=accounts,dc=<suffix>,dc=<suffix>
However this setup allows ANY ldap user to be successfully authenticated. I can't figure out a way to restrict it to only a specific ldap group in FreeIPA. Suspecting it has to do with one of setting either of the config option group-member-check, group-search-base and group-filter.
Any help will be greatly appreciated!