-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/11/2010 08:35 AM, Patrick Grieshaber wrote:
> Thank you very much for the SUA hint. The auth works now :-).
> But still ldap_schema = rfc2307bis was not enough information.
> I had to adjust:
> - ldap_user_name = sAMAccountName
> - ldap_user_object_class = person
> - ldap_user_uid_number = uSNCreated
> - ldap_user_gid_number = logonCount
> I want a unique uid (by default it takes the value of the attribute
> userAccountControll - not unique!). uSNCreated is a unique attribute
> value in AD. Unforunately sssd auth does not work if
> ldap_user_gid_number has the same attribute as value as
> ldap_user_uid_number.. I am still looking for a sensual attribute.
try:
ldap_user_uid_number = msSFU30UidNumber
ldap_user_gid_number = msSFU30GidNumber
Also, you probably want:
ldap_user_name = msSFU30Name
I'm guessing you're using an older ActiveDirectory, so chances are this
is the more-or-less complete set of attributes you want:
ldap_schema = rfc2307bis
ldap_user_object_class = person
ldap_user_name = msSFU30Name
ldap_user_uid_number = msSFU30UidNumber
ldap_user_gid_number = msSFU30GidNumber
ldap_user_home_directory = msSFU30HomeDirectory
ldap_user_shell = msSFU30LoginShell
ldap_user_principal = userPrincipalName
ldap_group_object_class = group
ldap_group_name = msSFU30Name
ldap_group_gid_number = msSFU30GidNumber
ldap_force_upper_case_realm = True
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAkyzBlIACgkQeiVVYja6o6OHsQCcCrZlbq74ii5mRan049WDa7Wc
V5MAoJ11GJATjq6RaX7jIeArHIk9DKzH
=/mlZ
-----END PGP SIGNATURE-----