Thank you for your suggestions.
I've got it working after realized that the problem were in AD DN plugin where addn_filter was set to evaluate only nsAccount as objectClass.
However your PAM config looks better and i must confess, i am not a PAM guru. I will explore better this topic.
Regarding my second question, reported here:
i think it would be better to sync AD user that
belongs to specific AD Group in order to have more control over it instead
of defining a specific OU.
I've seen a page which reports the existence of "Support Filters":
https://directory.fedoraproject.org/docs/389ds/design/winsync-rfe.html#2-support-filters-1
And it says:
new config parameters in windwows sync agreement:
winSyncWindowsFilter: additional_filter_on_AD
winSyncDirectoryFilter: additional_filter_on_DS
Example:
winSyncWindowsFilter: (|(cn=*user*)(cn=*group*))
winSyncDirectoryFilter: (|(uid=*user*)(cn=*group*))
Anyway it is not clear if my installed version support this feature
389-Directory/1.4.4.11 B2021.139.1122
Thanks for your support
Appreciate
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
No comments:
Post a Comment