On Thu, Nov 02, 2017 at 01:15:05PM +0100, Stefan Kania wrote: > Hello, > > I would like to change the search-filter for sssd because I created my > own Group-Objectclass, but if I do a "getent group" I will not see my > own group. > My sssd.conf looks like this: > ------------------ > [sssd] > config_file_version = 2 > services = nss, pam > domains = LDAP > > [domain/LDAP] > ldap_schema=rfc2307 > ldap_uri = ldap://ldapserver.example.net:389 > ldap_search_base=dc=example,dc=net > ldap_default_bind_dn=uid=sssd-user,ou=users,dc=example,dc=net > ldap_default_authtok=geheim > id_provider=ldap > auth_provider=ldap > chpass_provider = ldap > ldap_chpass_uri = ldap://ldapmaster.example.net:389 > cache_credentials = True > enumerate = true > ldap_tls_cacertdir = /etc/ssl/zertifikate/demoCA > ldap_tls_cacert = /etc/ssl/zertifikate/demoCA/cacert.pem > ------------------ > > Everytime I do a "getent group" I see the following lines inside the log: > ------------------ > Nov 02 13:10:47 ldapserver slapd[2007]: conn=1044 op=1 BIND > dn="uid=sssd-user,ou=users,dc=example,dc=net" mech=SIMPLE ssf=0 > Nov 02 13:10:47 ldapserver slapd[2007]: conn=1044 op=1 RESULT tag=97 > err=0 text= > > Nov 02 13:10:47 ldapserver slapd[2007]: conn=1044 op=2 SRCH > base="dc=example,dc=net" scope=2 deref=0 > filter="(&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*))" > ------------------- > Is it possible to change the Filter: > (&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*))
Does the ldap_group_object_class option help? See man sssd-ldap for details. bye, Sumit > > If "yes" how can I do this? I read to many howtos but I could not find a > solution. > > Thanks for your help > > Stefan > -- > > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
