I am also using custom schema and in my case I had to define the
following 2 options for sssd to be able to 'see' them:
ldap_group_member
ldap_user_member_of
I imagine you have specific attributes you need to search/filter which
are != than objectclass ?
Mario
On 12/20/2016 07:10 AM, Maninder Singh wrote:
Hi,
Please find the below sssd.conf. We are seeing below in LDAP logs:
SRCH base="dc=mydomain,dc=com" scope=2 deref=0
filter="(&(uid=gdm)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
conn=3410 op=2 SRCH attr=objectClass uid userPassword uidNumber
gidNumber gecos homeDirectory loginShell krbPrincipalName cn
modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax
shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange
krbPasswordExpiration pwdAttribute authorizedService accountExpires
userAccountControl nsAccountLock host loginDisabled
loginExpirationTime loginAllowedTimeMap sshPublicKey mail
We just need filter (objectClass=*) instead of the highlighted one.
Also, we have created extra attributes which we are not able to see in
SRCH attr. Please help.
[sssd]
config_file_version = 2
domains = default
services = nss, pam, autofs
[domain/default]
debug_level = 9
id_provider = ldap
krb5_realm = #
ldap_schema = rfc2307bis
ldap_uri = ldap://x.y.z:389
ldap_search_base = dc=mydomain,dc=com?base?|(objectClass=*)
cache_credentials = True
autofs_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_default_bind_dn = cn=Manager,dc=mydomain,dc=com
ldap_default_authtok =xyz
access_provider = ldap
enumerate = True
[domain/LDAP]
id_provider = ldap
ldap_uri = ldap://x.y.z:389
ldap_search_base = dc=mydomain,dc=com
cache_credentials = true
min_id = 5000
max_id = 25000
enumerate = false
[nss]
[pam]
[autofs]
Regards,
Maninder
Need an easy-to-use, OS agnostic, platform independent Test Automation
Framework to increase ROI from your applications? Check UTAF (Unified
Test Automation Framework)
<%20https://hsc.com/Services/Testing-Services/Test-Automation/Unified-Test-Automation-Framework-Services?utm_source=snippet&utm_medium=email&utm_content=Amrita&utm_campaign=UTAF%20>by
HSC
DISCLAIMER: This electronic message and all of its contents, contains
information which is privileged, confidential or otherwise protected
from disclosure. The information contained in this electronic mail
transmission is intended for use only by the individual or entity to
which it is addressed. If you are not the intended recipient or may
have received this electronic mail transmission in error, please
notify the sender immediately and delete / destroy all copies of this
electronic mail transmission without disclosing, copying,
distributing, forwarding, printing or retaining any part of it. Hughes
Systique accepts no responsibility for loss or damage arising from the
use of the information transmitted by this email including damage from
virus.
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org