On Fri, Oct 05, 2018 at 12:25:08PM +0200, Michal Židek wrote:
On 09/27/2018 10:55 PM, Tom wrote:
> FYI tested this and though it doesn’t work for ad_access_filter it does for the
ldap_access_filter . Any reason why one works but not the other?
I would like to see logs in this case in order to
undrestand where the issue may be.
If the sssd does not even start and logs show that the option
could not be parsed then it could be an issue in libini.
If it fails later then maybe we handle the multiline option
badly in SSSD.
Also I am not sure what 'doesn't work' in this context means. Is
the filter not effective or is SSSD failing to start/do some
To put a little more context, the only difference between the
ldap_access_filter and ad_access_filter should be that the former use
whatever ldap authentiation you configure (bind DN, SASL GSSAPI, ...)
and the latter re-uses the GSSAPI authenticated connection that the ID