Hi,
this is our sssd.conf > [sssd] > domains = fsmpi.rwth-aachen.de > config_file_version = 2 > services = nss, pam > > [pam] > offline_credentials_expiration = 1 > offline_failed_login_attempts = 3 > offline_failed_login_delay = 0 > > [domain/fsmpi.rwth-aachen.de] > ad_domain = fsmpi.rwth-aachen.de > krb5_realm = FSMPI.RWTH-AACHEN.DE > realmd_tags = manages-system joined-with-adcli > cache_credentials = True > id_provider = ad > krb5_store_password_if_offline = True > default_shell = /bin/bash > ldap_id_mapping = False > use_fully_qualified_names = False > fallback_homedir = /home/%u > access_provider = ad > enumerate = true > ldap_user_fullname = displayName > krb5_lifetime = 48h > krb5_renewable_lifetime = 200h > krb5_renew_interval = 30m > ad_gpo_access_control = disabled > ldap_search_base = > dc=fsmpi,dc=rwth-aachen,dc=de?subtree?(&(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2))) in sssd_nss.log > (Wed Sep 18 14:40:38 2019) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data > Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline] > (Wed Sep 18 14:41:08 2019) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data > Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline] > (Wed Sep 18 14:41:38 2019) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data > Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline] Best regards Rikus > Sumit Bose <sb...@redhat.com> hat am 16. September 2019 18:01 geschrieben: > > > On Mon, Sep 16, 2019 at 10:37:11AM +0200, Hinrikus Wolf wrote: > > Hi, > > > > > > > Sumit Bose <sb...@redhat.com> hat am 16. September 2019 08:23 geschrieben: > > > Hi, > > > > > > I guess you mean that the users are still available for nss, i.e they > > > can be looked up with 'getent passwd username'? > > Yes, that's what I mean. > > > > > > > > I think you didn't answer if you already tried to run the search filter > > > with '!(userAccountControl:1.2.840.113556.1.4.803:=2)' manually with the > > > ldapsearch command. This is important to understand if the search filter > > > does not work at all or SSSD does not handle it properly. > > > > The filter works. I just in case tried it again with ldapsearch but we are > > using this filter for several applications which are supporting ldap. > > Hi, > > I tried the ldap_search_base you've sent earlier (adopted to my setup) > and it worked as expected, i.e. disabled users are not shown. > > Can you share your complete sssd.conf (sanitized if needed) and if > possible the sssd_nss.log and the domain log both with debug_level=9? > > bye, > Sumit > > > > Best regads > > Rikus > > > > > > > > bye, > > > Sumit > > > > > > > > But may be it is not posible? > > > > > > > > Best regards > > > > Rikus > > > > > > > > > > > > > > LS > > > > > _______________________________________________ > > > > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > > > > To unsubscribe send an email to > > > > > sssd-users-le...@lists.fedorahosted.org > > > > > Fedora Code of Conduct: > > > > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > > > List Guidelines: > > > > > https://fedoraproject.org/wiki/Mailing_list_guidelines > > > > > List Archives: > > > > > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > > > > > > > > > > > > > > > > > -- > > > > Hinrikus Wolf > > > > > > > > Fachschaft Mathematik/Physik/Informatik > > > > an der RWTH Aachen > > > > > > > > Telefon: > > > > Karmanstr: +49 241 80 94506 Infozentrum: +49 241 80 26741 > > > > f...@fsmpi.rwth-aachen.de https://www.fsmpi.rwth-aachen.de > > > > _______________________________________________ > > > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > > > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > > > > Fedora Code of Conduct: > > > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > > > List Archives: > > > > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > > > _______________________________________________ > > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > > > Fedora Code of Conduct: > > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > > List Archives: > > > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > > _______________________________________________ > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org