Hi, On 12.09.19 21:30, Lukas Slebodnik wrote:
> > man sssd-ad says: > NOTES > The AD access control provider checks if the account is expired. It has > the same effect as the following configuration of the LDAP provider: > > access_provider = ldap > ldap_access_order = expire > ldap_account_expire_policy = ad > > However, unless the “ad” access control provider is explicitly > configured, the default access provider is “permit”. Please note that > if you configure an access provider other than “ad”, you need to set > all the connection parameters (such as LDAP URIs and encryption > details) manually. > > > So using *access_provider = ad* should be enough for blocking expired/disabled > users. Even without modification of ldap_search_base Thanks. This is not our issue. The issue is that disabled users are present for PAM, and so postfix accept emails from disabled users. But may be it is not posible? Best regards Rikus > > LS > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > -- Hinrikus Wolf Fachschaft Mathematik/Physik/Informatik an der RWTH Aachen Telefon: Karmanstr: +49 241 80 94506 Infozentrum: +49 241 80 26741 [email protected] https://www.fsmpi.rwth-aachen.de _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
