Sanitized sssd.conf, please note enumerate is set to false and the all of the users POSIX attributes are still getting pulled down. [domain/default] debug_level = 5 enumerate = False ldap_id_use_start_tls = True ldap_schema = rfc2307bis #ldap_search_base = dc=example,dc=com ldap_search_base = dc=example,dc=com?sub?|(host=myhost.mygroup.example.com)(host=ALL) krb5_realm = EXAMPLE.COM krb5_server = kerberos.example.com id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://myldap.example.com:389 cache_credentials = True ldap_tls_cacertdir = /etc/openldap/cacerts ldap_default_bind_dn = cn=proxyuser,ou=AdminUsers,dc=example,dc=com ldap_default_authtok_type = password ldap_default_authtok = XXXXXXXXXXXX access_provider=ldap ldap_access_filter = (|(host=myhost.mygroup.example.com)(host=ALL))
[sssd] services = nss, pam config_file_version = 2 debug_level = 5 domains = default [nss] debug_level = 5 [pam] debug_level = 5 [sudo] debug_level = 5 [autofs] debug_level = 5 [ssh] debug_level = 5 [pac] debug_level = 5
sssd-users@lists.fedorahosted.org