On Fri, Oct 05, 2018 at 12:25:08PM +0200, Michal Židek wrote:
On 09/27/2018 10:55 PM, Tom wrote:
FYI tested this and though it doesn’t work for ad_access_filter it does for the ldap_access_filter . Any reason why one works but not the other?
Hi,
I would like to see logs in this case in order to undrestand where the issue may be.
If the sssd does not even start and logs show that the option could not be parsed then it could be an issue in libini.
If it fails later then maybe we handle the multiline option badly in SSSD.
Also I am not sure what 'doesn't work' in this context means. Is the filter not effective or is SSSD failing to start/do some operation?
To put a little more context, the only difference between the ldap_access_filter and ad_access_filter should be that the former use whatever ldap authentiation you configure (bind DN, SASL GSSAPI, ...) and the latter re-uses the GSSAPI authenticated connection that the ID provider uses.