We do not have the uid number in LDAP. In our LDAP uid is the username, so LDAP has e.g. uid=bob. There is a local Linux user named "bob" as well (we are not creating accounts on login).
We thought we could get around having to have the uid number in LDAP, using the following line in sssd.conf: ldap_user_uid_number = uid so at least the ldap query would return something. When "bob" tries to login we do see bob's attributes returned from the sssd ldap query, but it stops there without any attempt at an LDAP bind from bob. Here is the result of an ldapsearch with objectclass=inetorgperson uid=\* dn: uid=bob,ou=people,ou=primary,ou=eid,dc=my,dc=edu mail: [email protected] uid: bob initials: B givenName: Bob sn: Barker objectClass: inetOrgPerson objectClass: myPerson objectClass: eduPerson objectClass: organizationalPerson objectClass: Person objectClass: ndsLoginProperties objectClass: Top Thanks, Jane _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
