On 05/09/2014 07:32 AM, Michael Ströder wrote:
HI!
How does sssd decide whether to send searches with filter
(objectClass=ipService) or not?
From sssd-ldap man page:
ldap_service_object_class (string)
The object class of a service entry in LDAP.
Default: ipService
ldap_service_name (string)
The LDAP attribute that contains the name of service
attributes and their aliases.
Default: cn
ldap_service_port (string)
The LDAP attribute that contains the port managed by
this service.
Default: ipServicePort
ldap_service_proto (string)
The LDAP attribute that contains the protocols
understood by this service.
Default: ipServiceProtocol
ldap_service_search_base (string)
An optional base DN, search scope and LDAP filter to
restrict LDAP searches for this
attribute type.
syntax:
search_base[?scope?[filter][?search_base?scope?[filter]]*]
The scope can be one of "base", "onelevel" or
"subtree".
The filter must be a valid LDAP
search filter as specified by
http://www.ietf.org/rfc/rfc2254.txt
For examples of this syntax, please refer to the
“ldap_search_base” examples section.
Default: the value of ldap_search_base
Please note that specifying scope or filter is not
supported for searches against an
Active Directory Server that might yield a large number
of results and trigger the Range
Retrieval extension in the response.
Does it depend on "services: sss" set in
/etc/nsswitch.conf?
Yes
Also see ticket:
https://fedorahosted.org/sssd/ticket/929
Ciao, Michael.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.