On Wed, Sep 11, 2019 at 09:04:40PM +0200, Hinrikus Wolf wrote: > Hi, > > that's actually what we tried: > > > > [sssd] > > domains = fsmpi.rwth-aachen.de > > config_file_version = 2 > > services = nss, pam > > > > [pam] > > offline_credentials_expiration = 1 > > offline_failed_login_attempts = 3 > > offline_failed_login_delay = 0 > > > > [domain/fsmpi.rwth-aachen.de] > > ad_domain = fsmpi.rwth-aachen.de > > krb5_realm = FSMPI.RWTH-AACHEN.DE > > realmd_tags = manages-system joined-with-adcli > > cache_credentials = True > > id_provider = ad > > krb5_store_password_if_offline = True > > default_shell = /bin/bash > > ldap_id_mapping = False > > use_fully_qualified_names = False > > fallback_homedir = /home/%u > > access_provider = ad > > enumerate = true > > ldap_user_fullname = displayName > > krb5_lifetime = 48h > > krb5_renewable_lifetime = 200h > > krb5_renew_interval = 30m > > ad_gpo_access_control = disabled > > ad_enable_gc = false > > ldap_search_base = > > dc=fsmpi,dc=rwth-aachen,dc=de?subtree?(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) > > Do you know what we did wrong?
Not really, did you try running ldapsearch using this filter? _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org