Hi,
On 12.09.19 21:30, Lukas Slebodnik wrote:
man sssd-ad says:
NOTES
The AD access control provider checks if the account is expired. It has
the same effect as the following configuration of the LDAP provider:
access_provider = ldap
ldap_access_order = expire
ldap_account_expire_policy = ad
However, unless the “ad” access control provider is explicitly
configured, the default access provider is “permit”. Please note that
if you configure an access provider other than “ad”, you need to set
all the connection parameters (such as LDAP URIs and encryption
details) manually.
So using *access_provider = ad* should be enough for blocking expired/disabled
users. Even without modification of ldap_search_base
Thanks. This is not our issue.
The issue is that disabled users are
present for PAM, and so postfix accept emails from disabled users.
But may be it is not posible?
Best regards
Rikus
LS
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
--
Hinrikus Wolf
Fachschaft Mathematik/Physik/Informatik
an der RWTH Aachen
Telefon:
Karmanstr: +49 241 80 94506 Infozentrum: +49 241 80 26741
fs(a)fsmpi.rwth-aachen.de
https://www.fsmpi.rwth-aachen.de