[SSSD-users] Question about ldap lookup

Hi, i have a short question about how ldap lookups are done and if it is possible to modify them. At the moment i have a sssd(1.9.2) up and running fine with a ldapserver. If a user tries to login with his username (ex. jsmith) or by getent command (getent passwd jsmith), sssd creates a ldap query with "uid=username". I found this in the logs: [sssd[be[default]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=jsmith)(objectclass=posixAccount))] ... ldapsearch for this user (jsmith) [...] uid: jsmith description: 2560 givenName: John objectClass: organizationalPerson objectClass: person objectClass: posixAccount objectClass: inetOrgPerson objectClass: top cn: johnsmith sn: something_else homeDirectory: /home/jsmith mail: john.smith(a)domain.tld uidNumber: 54321 gidNumber: 12345 [...] Is it possible to change the default ldap lookup from sssd, using for example "mail" or "cn" instead of uid ? So the ldap lookup which is created by sssd does not look like this: [(&(uid=jsmith)(objectclass=posixAccount))] It should look like this one: [(&(mail=jsmith)(objectclass=posixAccount))] Maybe with a conf option lookup_username_attr mail #default uid would to the job. Of Course this would fail in this situation, but a user could then login with his mailadress( john.smith(a)domain.tld ) via ssh for example, and get his usuall unixaccount "jsmith" I don`t want a mapping or rewrite of the uid field. The unixaccount name should still be filled by the uid field from ldap entry. I tried ldap_user_name = mail but then the unix account names are mapped to the mail attribute. With a second "Domain Section" a user could use both "login names" to login via ssh. His Unix Account "jsmith" and his mail adress "john.smith(a)domain.tld". Maybe someone knows if this is possible or not. Thanks in advance M.Soysal -- ---------------------------------------------------------------------------- Mehmet Soysal Scientific Computing and Services (SCS) Karlsruher Institut für Technologie (KIT) Steinbuch Centre for Computing (SCC) Zirkel 2, Gebäude 20.21, Raum 206 D-76131 Karlsruhe Tel. : +49 721 608-46347 Fax : +49 721 32550 Email: Mehmet.Soysal(a)kit.edu WWW : http://www.scc.kit.edu KIT - Universität des Landes Baden-Württemberg und nationales Forschungszentrum in der Helmholtz-Gemeinschaft