On Sun, Jul 21, 2019 at 06:08:18PM +0200, Hinrikus Wolf wrote: > Hi, > > we are currently running a Samba AD DC Server with sssd on clients. Now > we want to run sssd also on our mail server with postfix + dovecot. > Postfix and dovecot get their users from NSS i.e. from sssd. > In our Domain there are several disabled users (via User Account Control > Bit). Any of these users are listed in NSS. > > Unfortunately, they can receive emails, because they are existing in the > user database of NSS. But they cannot login to read mails or even answer. > > We would like to filter out disables users from NSS s.t. postfix will > not accept emails for disabled users. > > We searched in man 5 sssd-ad but did not find a config option for this > use case. > > Do you have any idea what we could do to achieve the desired behaviour?
See man sssd-ldap, you can add any of the ldap_* options to id_provider=ad as well, including the ldap_search_base which in turn can include the UAC. I don't have a ready example with the needed UAC value, though. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
