Hi, On 12.09.19 21:30, Lukas Slebodnik wrote:
> > man sssd-ad says: > NOTES > The AD access control provider checks if the account is expired. It has > the same effect as the following configuration of the LDAP provider: > > access_provider = ldap > ldap_access_order = expire > ldap_account_expire_policy = ad > > However, unless the “ad” access control provider is explicitly > configured, the default access provider is “permit”. Please note that > if you configure an access provider other than “ad”, you need to set > all the connection parameters (such as LDAP URIs and encryption > details) manually. > > > So using *access_provider = ad* should be enough for blocking expired/disabled > users. Even without modification of ldap_search_base Thanks. This is not our issue. The issue is that disabled users are present for PAM, and so postfix accept emails from disabled users. But may be it is not posible? Best regards Rikus > > LS > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > -- Hinrikus Wolf Fachschaft Mathematik/Physik/Informatik an der RWTH Aachen Telefon: Karmanstr: +49 241 80 94506 Infozentrum: +49 241 80 26741 f...@fsmpi.rwth-aachen.de https://www.fsmpi.rwth-aachen.de _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
