Hi,
On 12.09.19 21:30, Lukas Slebodnik wrote:
man sssd-ad says: NOTES The AD access control provider checks if the account is expired. It has the same effect as the following configuration of the LDAP provider:
access_provider = ldap ldap_access_order = expire ldap_account_expire_policy = ad However, unless the “ad” access control provider is explicitly configured, the default access provider is “permit”. Please note that if you configure an access provider other than “ad”, you need to set all the connection parameters (such as LDAP URIs and encryption details) manually.
So using *access_provider = ad* should be enough for blocking expired/disabled users. Even without modification of ldap_search_base
Thanks. This is not our issue. The issue is that disabled users are present for PAM, and so postfix accept emails from disabled users.
But may be it is not posible?
Best regards Rikus
LS _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...