Hello, I would like to change the search-filter for sssd because I created my own Group-Objectclass, but if I do a "getent group" I will not see my own group. My sssd.conf looks like this: ------------------ [sssd] config_file_version = 2 services = nss, pam domains = LDAP
[domain/LDAP] ldap_schema=rfc2307 ldap_uri = ldap://ldapserver.example.net:389 ldap_search_base=dc=example,dc=net ldap_default_bind_dn=uid=sssd-user,ou=users,dc=example,dc=net ldap_default_authtok=geheim id_provider=ldap auth_provider=ldap chpass_provider = ldap ldap_chpass_uri = ldap://ldapmaster.example.net:389 cache_credentials = True enumerate = true ldap_tls_cacertdir = /etc/ssl/zertifikate/demoCA ldap_tls_cacert = /etc/ssl/zertifikate/demoCA/cacert.pem ------------------ Everytime I do a "getent group" I see the following lines inside the log: ------------------ Nov 02 13:10:47 ldapserver slapd[2007]: conn=1044 op=1 BIND dn="uid=sssd-user,ou=users,dc=example,dc=net" mech=SIMPLE ssf=0 Nov 02 13:10:47 ldapserver slapd[2007]: conn=1044 op=1 RESULT tag=97 err=0 text= Nov 02 13:10:47 ldapserver slapd[2007]: conn=1044 op=2 SRCH base="dc=example,dc=net" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*))" ------------------- Is it possible to change the Filter: (&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*)) If "yes" how can I do this? I read to many howtos but I could not find a solution. Thanks for your help Stefan --
signature.asc
Description: OpenPGP digital signature
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org