On Thu, Nov 13, 2014 at 03:29:32PM +0000, Nathan Robbins wrote: > sssd.conf: > > [domain/LDAP] > enumerate = False > cache_credentials = False > id_provider = ldap > auth_provider = ldap > ldap_uri = ldap://server:port > ldap_id_use_start_tls = True > ldap_tls_reqcert = allow > ldap_tls_cacertdir = /etc/openldap/cacerts > ldap_search_base = ou=People,dc=xxxx,dc=xxxx,c=us > ldap_default_bind_dn = uid=xxx,ou=xx,dc=xxx,dc=xxx,c=us > ldap_schema = rfc2307 > ldap_default_authtok_type = password > ldap_default_authtok = xxxx > ldap_user_object_class = inetOrgPerson > ldap_search_timeout = 60 > ldap_network_timeout = 60 > debug_level = 4 > min_id = 0 > > ldap_user_uid_number = employeeNumber > ldap_user_gid_number = employeeNumber > ldap_user_gecos = cn
Thanks, this should work. Can you send the (sanitized) sssd domain logs? Which sssd version is this? > > [sssd] > services = nss, pam > config_file_version = 2 > domains = LDAP > > [nss] > homedir_substring = /home > > [pam] > > [sudo] > > [autofs] > > [ssh] > > [pac] > > [ifp] > > > On Nov 13, 2014, at 9:20 AM, Nathan Robbins > <nrobb...@olemiss.edu<mailto:nrobb...@olemiss.edu>> wrote: > > I have enumerate = False > > I will post sssd.conf shortly when I return to the office shortly. > > ----- Reply message ----- > From: "Jakub Hrozek" <jhro...@redhat.com<mailto:jhro...@redhat.com>> > To: > "sssd-devel@lists.fedorahosted.org<mailto:sssd-devel@lists.fedorahosted.org>" > <sssd-devel@lists.fedorahosted.org<mailto:sssd-devel@lists.fedorahosted.org>> > Subject: [SSSD] Removing uidNumberfrom SSSD Search Filter > Date: Thu, Nov 13, 2014 9:15 AM > > On Thu, Nov 13, 2014 at 03:04:44PM +0000, Nathan Robbins wrote: > > Cool. I found that in the docs : ldap_user_uid_number and > > ldap_user_gid_number > > > > I set those to an attribute in my LDAP that has a numerical value, however, > > still in the query sent to my ldap server, it has > > (&(uidNumber=*)(!(uidNumber=0)) in the query. > > Do you have enumerate=true perchance? > > Can you paste your sssd.conf ? > > > > > Even if I set min_id = 0 > > > > This causes my LDAP server to return no results, no matter what I do. I am > > ok with mapping to another attribute, but unless I can override the search > > filter and get rid of that “and” I probably won’t be able to make it work. > > > > Ideas? > > > > On Nov 13, 2014, at 3:43 AM, Jakub Hrozek > > <jhro...@redhat.com<mailto:jhro...@redhat.com>> wrote: > > > > > On Wed, Nov 12, 2014 at 08:15:49PM +0000, Nathan Robbins wrote: > > >> I would like to try and accomplish a similar result with sssd, mainly in > > >> order to get it functioning with samba. Is is possible for me to set it > > >> up such that i build the local user account just like above, and then > > >> use sssd *only* for authentication? > > >> > > >> N > > > > > > The released versions of SSSD can only serve POSIX users, that is, users > > > who have an UID and a GID. You can either point SSSD to an attribute > > > that contains the ID or map the ID from a Windows SID. > > > > > > The ID attribute doesn't have to be named uidNumber/gidNumber and with > > > recent enough version you can even use the same LDAP attribute for both. > > > But there has to be either a numerical ID attribute or a Windows SID to > > > derive the ID from. > > > _______________________________________________ > > > sssd-devel mailing list > > > sssd-devel@lists.fedorahosted.org<mailto:sssd-devel@lists.fedorahosted.org> > > > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel > > > > _______________________________________________ > > sssd-devel mailing list > > sssd-devel@lists.fedorahosted.org<mailto:sssd-devel@lists.fedorahosted.org> > > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org<mailto:sssd-devel@lists.fedorahosted.org> > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org<mailto:sssd-devel@lists.fedorahosted.org> > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel > > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel