Hi,
Please find the below sssd.conf. We are seeing below in LDAP logs:
SRCH base="dc=mydomain,dc=com" scope=2 deref=0
filter="(&(uid=gdm)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
conn=3410 op=2
SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration
pwdAttribute authorizedService accountExpires userAccountControl nsAccountLock host loginDisabled loginExpirationTime loginAllowedTimeMap sshPublicKey mail
We just need filter (objectClass=*)
instead of the highlighted one. Also, we have created extra attributes which we are not able to see in SRCH attr. Please help.
[sssd]
config_file_version = 2
domains = default
services = nss, pam, autofs
[domain/default]
debug_level = 9
id_provider = ldap
krb5_realm = #
ldap_schema = rfc2307bis
ldap_uri = ldap://x.y.z:389
ldap_search_base = dc=mydomain,dc=com?base?|(objectClass=*)
cache_credentials = True
autofs_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_default_bind_dn = cn=Manager,dc=mydomain,dc=com
ldap_default_authtok =xyz
access_provider = ldap
enumerate = True
[domain/LDAP]
id_provider = ldap
ldap_uri = ldap://x.y.z:389
ldap_search_base = dc=mydomain,dc=com
cache_credentials = true
min_id = 5000
max_id = 25000
enumerate = false
[nss]
[pam]
[autofs]
Regards,
Maninder