From sssd.conf:
ldap_group_search_base = ou=Accounts_Group,dc=corp,dc=example,dc=com
From sssd_LDAP.log:
(Thu Apr 2 17:32:32 2015) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x0400): calling
ldap_search_ext with
[(&(&(cn=admin)(objectclass=group)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))(gidNumber=*))][ou=Accounts_Group,dc=corp,dc=example,dc=com]
The hitch here is that our groups (in our Active Directory schema)
don't have a gidNumber element, so this returns nothing. Is it
possible to change the default filter so that it doesn't go looking
for gidNumber=*?
thanks
rone
--
Inanitas inanitatum et omnia inanitas <rone(a)ennui.org>