Good Day,

I am busy setting up testing and authentication Linux Servers against eDirectory (LDAP) using SSSD with Linux Enabled (LUM) Users and Groups. I am having issues with the below :

ldap_user_search_base = o=LDAP?subtree?(&(objectclass=posixAccount)(|(securityEquals=cn=SERVER,ou=Groups,ou=Linux,ou=IAM,o=LDAP)))

Now the precise part I am talking about is securityEquals. We were using gidNumber but since just about all Users will have the same Primary Group they will end up with the same gidNumber. The reason we want to avoid that is when a person does :

... they will see hundreds of user accounts and we want to avoid that. The idea is that we want it to match the Users in a particular Group without that Group being the Users Primary Group :

ldap_user_search_base = o=LDAP?subtree?(&(objectclass=posixAccount)(|(securityEquals=cn=SERVER,ou=Groups,ou=Linux,ou=IAM,o=LDAP)))
ldap_group_search_base = o=LDAP?subtree?(&(objectclass=posixGroup)(|(cn=SERVER)))

I do not know if  securityEquals is a valid attribute for SSSD ?

Regards