Hello,
I am migrating from pam_ldap to sssd and previously in my ldap.conf I was able
to use this to filter out groups based on the host attribute using the
nss_base_group feature:
nss_base_group
ou=Groups,dc=some,dc=company,dc=com?one?|(host=\2A)(host=somehost.test.com)(host=test)
I am
Well It looks like I've answered my own question with some trial and error, I
replaced the nss stuff that I had in ldap.conf with this:
ldap_group_search_base =
ou=Groups,dc=some,dc=company,dc=com?sub?(|(host=\2A)(host=somehost.test.com)(host=test))
The syntax is a little different, but it
, 2013 7:18 AM
To: sssd-users@lists.fedorahosted.org
Subject: Re: [SSSD-users] Need help configuring fine grained password policy
On Thu, Sep 12, 2013 at 03:21:51PM -0400, Dmitri Pal wrote:
On 09/12/2013 03:14 PM, Bright, Daniel wrote:
Jakub,
Thanks for the response, I figured out why
Jakub, I took your advice and turned debugging to level 9, this is what I am
seeing in the logs:
===
[r...@some.server.com sssd]# tail -f sssd_LDAP.log | grep sdap_exop
(Thu Sep 12 09:44:57 2013)
Jakub,
Thanks for the response, I figured out why I was getting the constraint
violation, in my case it was because I have the passwordminage set for my
policy, when I changed the user attribute passwordallowchangetime to the
current date then I was able to perform the passwd operation. So at