Reputation: 1197
is possible to adjust the used filters in the ldap search query in the sssd.conf?
Background: I/We want to implement ldap authentication with sssd. Our sssd looks like:
[sssd]
config_file_version = 2
services = nss, pam
domains = test.de
[domain/test.de]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
enumerate = true
ldap_schema = rfc2307bis
ldap_uri = ldaps://192.168.7.1:636, ldaps://192.168.7.2:636
ldap_search_base = ou=users, o=data
ldap_user_search_base = ou=users, o=data
ldap_user_object_class = posixAccount
ldap_user_name = uid
ldap_tls_reqcert = never
cache_credentials = true
ldap_default_bind_dn = cn=ldap-clienttest,ou=sa,o=data
ldap_default_authtok_type = password
ldap_default_authtok = pawsd
debug_level = 9
My/Out problem is the resulting ldap search. Debugging the search for an user shows the ldap search query.
[(&(uid=testuser)(objekctclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][ou=users, o=data]
The search result will be 0 but if I search only for the uid (without the uidnumber)
(&(uid=testuser)(objekctclass=posixAccount)(uid=*))
I am getting the correct result.
How can I avoid using the given filter of the uidNumber?
Thanks.
Upvotes: 0
Views: 122
Reputation: 1197
We were already able to solve the problem. We just set the parameter ldap_user_uid_number = uid
Because of the resulting ldapsearch, this will always be true.
Unfortunately, I noticed another problem in the logs: the entry found in the ldap directory could not be saved locally because the UID is not available. In the sssd.conf we set id_provider = ldap
, if we use id_provider = local
the sssd service does not start.
Does anyone have suggestions for solving that problem?
Upvotes: 0