If using own objectclass, I would think you will use custom attributes ?

ldap_group_member = hMemberDN
ldap_user_member_of = description

Thanks

On 11/02/2017 08:15 AM, Stefan Kania wrote:

Hello,

I would like to change the search-filter for sssd because I created my
own Group-Objectclass, but if I do a "getent group" I will not see my
own group.
My sssd.conf looks like this:
------------------
[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP

[domain/LDAP]
ldap_schema=rfc2307
ldap_uri = ldap://ldapserver.example.net:389
ldap_search_base=dc=example,dc=net
ldap_default_bind_dn=uid=sssd-user,ou=users,dc=example,dc=net
ldap_default_authtok=geheim
id_provider=ldap
auth_provider=ldap
chpass_provider = ldap
ldap_chpass_uri = ldap://ldapmaster.example.net:389
cache_credentials = True
enumerate = true
ldap_tls_cacertdir = /etc/ssl/zertifikate/demoCA
ldap_tls_cacert = /etc/ssl/zertifikate/demoCA/cacert.pem
------------------

Everytime I do a "getent group" I see the following lines inside the log:
------------------
Nov 02 13:10:47 ldapserver slapd[2007]: conn=1044 op=1 BIND
dn="uid=sssd-user,ou=users,dc=example,dc=net" mech=SIMPLE ssf=0
Nov 02 13:10:47 ldapserver slapd[2007]: conn=1044 op=1 RESULT tag=97
err=0 text=

Nov 02 13:10:47 ldapserver slapd[2007]: conn=1044 op=2 SRCH
base="dc=example,dc=net" scope=2 deref=0
filter="(&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*))"
-------------------
Is it possible to change the Filter:
(&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*))

If "yes" how can I do this? I read to many howtos but I could not find a
solution.

Thanks for your help

Stefan
--

_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org