Hi, thanks for your answer.
I have implemented the ldap_saerch_base. But the disabled users are still listed in > getent passwd That means they are present for PAM. Any other ideas? Best regards Rikus > James Ralston <[email protected]> hat am 12. September 2019 00:08 geschrieben: > > > On Wed, Sep 11, 2019 at 3:05 PM Hinrikus Wolf > <[email protected]> wrote: > > > ldap_search_base = > > dc=fsmpi,dc=rwth-aachen,dc=de?subtree?(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) > > Putting an (objectClass=user) filter in ldap_search_base will exclude > all groups, as ldap_search_base is used for both user and group > queries. > > A modified version of your filter works just fine for us: > > ldap_search_base = > dc=example,dc=org?subtree?(&(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2))) > > This successfully excludes computer objects and terminated objects. > > As Jakub said, you can use ldapsearch to test your filter. E.g.: > > $ ldapsearch \ > -z 0 \ > -E pr=2147483647/noprompt \ > -o ldif-wrap=no \ > -L \ > -L \ > -H 'ldap:///dc%3Dexample%2Cdc%3Dorg' \ > -Y GSSAPI \ > -b "dc=example,dc=org" \ > > "(&(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" > \ > dn > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
