I did try modifying the conf with your suggested settings, but it did not work. Hm.. I wonder if theres an error with sasl.
/var/log/auth.log: May 2 12:58:44 client sssd_be: canonuserfunc error -7 May 2 12:58:44 client sssd_be: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb What do you think? On Fri, May 2, 2014 at 11:22 AM, steve <[email protected]> wrote: > On Fri, 2014-05-02 at 11:03 +0200, Paul Liljenberg wrote: > > Unfortuneately im tied to current debian stable in this setup and > > backporting sssd does not seem possible. Thanx Steve. > > > OK. You'll have to do the AD attribute mapping manually then. > This worked for us with 1.9: > > ldap_user_object_class = user > ldap_user_name = samAccountName > ldap_user_uid_number = uidNumber > ldap_user_gid_number = gidNumber > ldap_user_home_directory = unixHomeDirectory > ldap_user_shell = loginShell > ldap_group_object_class = group > ldap_group_search_base = dc=your,dc=domain > ldap_group_name = cn > ldap_group_member = member > #ldap_user_search_filter =(&(objectCategory=User)(uidNumber=*)) > > I think the commented filter was for 1.8. This should get your user > through the process. > HTH > Steve > > > > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users > -- Vänliga Hälsningar / Best Regards Paul Liljenberg
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
