Am Thu, Jun 19, 2025 at 02:20:14PM +0200 schrieb Shaun Glass via sssd-users:
Good Day,
I am busy setting up testing and authentication Linux Servers against eDirectory (LDAP) using SSSD with Linux Enabled (LUM) Users and Groups. I am having issues with the below :
*ldap_user_search_base = o=LDAP?subtree?(&(objectclass=posixAccount)(|(securityEquals=cn=SERVER,ou=Groups,ou=Linux,ou=IAM,o=LDAP)))*
Now the precise part I am talking about is *securityEquals*. We were using *gidNumber* but since just about all Users will have the same Primary Group they will end up with the same *gidNumber*. The reason we want to avoid that is when a person does :
*getent passwd*
... they will see hundreds of user accounts and we want to avoid that. The
Hi,
`getent passwd` will only show all users if enumeration is enabled. If you do not set `enumerate = True` in the [domain/...] section of sssd.conf `getent passwd` will only show the users from /etc/passwd and no LDAP users.
HTH
bye, Sumit
idea is that we want it to match the Users in a particular Group without that Group being the Users Primary Group :
*ldap_user_search_base = o=LDAP?subtree?(&(objectclass=posixAccount)(|(securityEquals=cn=SERVER,ou=Groups,ou=Linux,ou=IAM,o=LDAP)))ldap_group_search_base = o=LDAP?subtree?(&(objectclass=posixGroup)(|(cn=SERVER)))*
I do not know if *securityEquals* is a valid attribute for SSSD ?
Regards
-- _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue