Hi,
i have a short question about how ldap lookups are done
and if it is possible to modify them.
At the moment i have a sssd(1.9.2) up and running fine with a ldapserver.
If a user tries to login with his username (ex. jsmith)
or by getent command (getent passwd jsmith),
sssd creates a ldap query with "uid=username".
I found this in the logs:
[sssd[be[default]]] [sdap_get_generic_ext_step] (0x0400): calling
ldap_search_ext with [(&(uid=jsmith)(objectclass=posixAccount))] ...
ldapsearch for this user (jsmith)
[...]
uid: jsmith
description: 2560
givenName: John
objectClass: organizationalPerson
objectClass: person
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: top
cn: johnsmith
sn: something_else
homeDirectory: /home/jsmith
mail: john.smith(a)domain.tld
uidNumber: 54321
gidNumber: 12345
[...]
Is it possible to change the default ldap lookup from sssd, using for
example "mail" or "cn" instead of uid ?
So the ldap lookup which is created by sssd does not look like this:
[(&(uid=jsmith)(objectclass=posixAccount))]
It should look like this one:
[(&(mail=jsmith)(objectclass=posixAccount))]
Maybe with a conf option
lookup_username_attr mail
#default uid
would to the job.
Of Course this would fail in this situation, but a user could then login
with his mailadress( john.smith(a)domain.tld )
via ssh for example, and get his usuall unixaccount "jsmith"
I don`t want a mapping or rewrite of the uid field.
The unixaccount name should still be filled by the uid field from ldap
entry.
I tried
ldap_user_name = mail
but then the unix account names are mapped to the mail attribute.
With a second "Domain Section" a user could use both "login names" to
login via ssh.
His Unix Account "jsmith" and his mail adress
"john.smith(a)domain.tld".
Maybe someone knows if this is possible or not.
Thanks in advance
M.Soysal
--
----------------------------------------------------------------------------
Mehmet Soysal
Scientific Computing and Services (SCS)
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)
Zirkel 2, Gebäude 20.21, Raum 206
D-76131 Karlsruhe
Tel. : +49 721 608-46347
Fax : +49 721 32550
Email: Mehmet.Soysal(a)kit.edu
WWW :
http://www.scc.kit.edu
KIT - Universität des Landes Baden-Württemberg und
nationales Forschungszentrum in der Helmholtz-Gemeinschaft