On the 2019-11-25 at 11:41 Oscar Torrente wrote:
Ok. So what you suggest is applying an ACI to all needed attributes
for all users/groups nodes in LDAP directory to give this special account the read
permission over them , isn't?
I should obfuscate its password in sssd.conf file, though, but it makes sense.
Thanks a lot!!
I'm in the same boat. Though, I was able to help myself by setting up a
special "no permissions" user that has only read access to all the
With the help of this special account and this patch (
). I was able to
use the existing ldap_default_bind_dn and ldap_default_authtok property
to do the user discovery.... and with this everything just worked.