On Fri, Oct 05, 2018 at 12:25:08PM +0200, Michal Židek wrote: > On 09/27/2018 10:55 PM, Tom wrote: > > FYI tested this and though it doesn’t work for ad_access_filter it does for > > the ldap_access_filter . Any reason why one works but not the other? > > Hi, > > I would like to see logs in this case in order to > undrestand where the issue may be. > > If the sssd does not even start and logs show that the option > could not be parsed then it could be an issue in libini. > > If it fails later then maybe we handle the multiline option > badly in SSSD. > > Also I am not sure what 'doesn't work' in this context means. Is > the filter not effective or is SSSD failing to start/do some > operation?
To put a little more context, the only difference between the ldap_access_filter and ad_access_filter should be that the former use whatever ldap authentiation you configure (bind DN, SASL GSSAPI, ...) and the latter re-uses the GSSAPI authenticated connection that the ID provider uses. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org