Good Day,
I am busy setting up testing and authentication Linux Servers against eDirectory (LDAP) using SSSD with Linux Enabled (LUM) Users and Groups. I am having issues with the below :
*ldap_user_search_base = o=LDAP?subtree?(&(objectclass=posixAccount)(|(securityEquals=cn=SERVER,ou=Groups,ou=Linux,ou=IAM,o=LDAP)))*
Now the precise part I am talking about is *securityEquals*. We were using *gidNumber* but since just about all Users will have the same Primary Group they will end up with the same *gidNumber*. The reason we want to avoid that is when a person does :
*getent passwd*
... they will see hundreds of user accounts and we want to avoid that. The idea is that we want it to match the Users in a particular Group without that Group being the Users Primary Group :
*ldap_user_search_base = o=LDAP?subtree?(&(objectclass=posixAccount)(|(securityEquals=cn=SERVER,ou=Groups,ou=Linux,ou=IAM,o=LDAP)))ldap_group_search_base = o=LDAP?subtree?(&(objectclass=posixGroup)(|(cn=SERVER)))*
I do not know if *securityEquals* is a valid attribute for SSSD ?
Regards