On Thu, Nov 02, 2017 at 04:20:13PM +0100, Stefan Kania wrote: > Hello Sumit, > >> filter="(&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*))" > >> ------------------- > >> Is it possible to change the Filter: > >> (&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*)) > > > > Does the ldap_group_object_class option help? See man sssd-ldap for > > details. > > > > bye, > > Sumit > > > >> > >> If "yes" how can I do this? I read to many howtos but I could not find a > >> solution. > >> > > First Thing, I posted the wrong filter ^^ that's the filter for the > users. The default filter for groups is: > --------- > (&(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))) > --------- > > What I need is: > --------- > (&(|(objectClass=stkaPosixGroup)(objectclass=PosixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0)))) > --------- > If I set "ldap_group_object_class = stkaPosixGroup" sssd is using this > filter: > --------- > (&(objectClass=stkaPosixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0)))) > --------- > So now the PosixGroup is missing. So this parameter will just override > the default value. Because ldap_group_object_class must be a string and > not a LDAP-filter it is not possible to put a filter as a value to this > variable. I checked it :-)
I see, do both group types have common objectClass like e.g. 'top'? If yes you can use this objectClass in ldap_group_object_class and set a filter with stkaPosixGroup and posixGroup with the ldap_group_search_base option, see man sssd-ldap for details as well. HTH bye, Sumit > > Stefan > >> Thanks for your help > >> > >> Stefan > >> -- > >> > > > > > > > > > >> _______________________________________________ > >> sssd-users mailing list -- sssd-users@lists.fedorahosted.org > >> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > > _______________________________________________ > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > > > > > > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org