Cool exactly what I've been looking for.

Thank you.

Another question relates to offline caching. I've testing it and it has been working well. However I've seen a situation where credentials are not used in offline mode. I've used iptables to simulate an unreachable ldap server by blocking port 636.
Here is what I see in such a situation
It seems to retry a few time to access the ldap server and to fail without trying to use cached passwords

On Mar 13, 2016, at 17:09, Jakub Hrozek <> wrote:

Yes, see: