The situation and load will very probably not worsen by setting
`ldap_connection_expire_timeout` to 240 seconds. Even now SSSD is forced to
reconnect and IPA has to keep the old IP connection until it expires. So
lowering `ldap_connection_expire_timeout` may improve the situation on both
ends (clie
The issue here (IIUC) is that SSSD keeps the LDAP connection when operation
is finished and then the connection is reused on the next occasion. If
there is a long gap in communication, the firewall may drop the information
about a particular connection from the NAT table.
Here shortening of `ldap_
Hi,
There is always confusion when talking about hostnames and FQDN :-)
Here we are talking about a hostname that has a domain part in it - i. e.
long one. But strictly speaking it is not the same thing as FQDN because
the machine can have multiple addresses/interfaces and various FQDNs
associate
Ah I see, sorry for misunderstanding.
The default in sssd was designed to find something and split it into
username and domain-name.
I believe that the (default) regular expression can be simply prepend with
"^" and it will work the way you want.
re_expression = ^(?P[^@]+)@?(?P[^@]*$)
I commente
Hi, Alexey is right.
The character @ is not expected in the username. A particular set of
allowed characters may differ, depending on your setup.
I found nice summary here: https://systemd.io/USER_NAMES/
The SSSD default does not expect/allow '@' in username. To fix that you can
configure the re
This is not exactly what you want, but did you consider changing the uid
used in the container?
Tomas
On Fri, Dec 30, 2022 at 11:56 PM Francois Rigault <
rigault.franc...@gmail.com> wrote:
> Greetings,
> we run some podman containers that come with their own local users, such
> as this one:
> i
t;>
>> BRs
>>
>>
>> --
>> *From:* Gregory Carter
>> *Sent:* Monday, September 12, 2022 16:44
>> *To:* End-user discussions about the System Security Services Daemon <
>> sssd-users@lists.fedorahosted.org>
>> *Subj
There actually is GPO support in SSSD.
Looking at the man page (sssd-ad), you have to use "ad" provider and tune
few options regarding gpo, particularly ad_gpo_access_control and
ad_gpo_implicit_deny.
If it is not working for you, can you share the sssd.conf? Eventually you
can increase the SSSD
Hi,
I think this is not possible in the current state of sssd. Having %g would
be problematic because the user can be a member of multiple groups and then
SSSD can't decide
how to expand the override. If you have a primary/private group in mind,
then honestly I do not see much value in such an ext
@RedHat <https://twitter.com/redhat> Red Hat
> <https://www.linkedin.com/company/red-hat> Red Hat
> <https://www.facebook.com/RedHatInc>
> <https://red.ht/sig>
> ___
> sssd-users mailing list -- sssd-users
On Sat, Feb 13, 2021 at 6:22 PM Paweł Szafer wrote:
>
> > User has password valid till 20.02.2020 and yet I don't have any warning.
>>
>
Is that just a typo? 20.02.2020 is a year ago...
Tomas
___
sssd-users mailing list -- sssd-users@lists.fedorahoste
_
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproje
ly stored in parent process log.
Fixed in commit 30d0ccd49
--
Tomas Halman
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedor
On Wed, Oct 23, 2019 at 9:24 PM Lukas Slebodnik wrote:
> On (23/10/19 09:29), Eugene Vilensky wrote:
> >Greetings,
> >
> >Will sssctl ever be packaged for RHEL6?
> >
>
Just considering RHEL6 lifecycle, sssctl will not make it into distribution.
See what Lukas an
14 matches
Mail list logo