Stephen Gallagher píše v Út 03. 01. 2012 v 16:10 -0500: > On Tue, 2012-01-03 at 15:51 -0500, Peter Larsen wrote: > > Pavel, > > Are you sure the LDAP server allows listing all users? It's quite normal > > to turn that off. > > By default, SSSD doesn't allow listing all users/groups because it > presents significant load on the server. You can enable it by adding > 'enumerate = True' to the [domain/default] section > of /etc/sssd/sssd.conf and then restarting SSSD (with 'service sssd > restart') It was it thanks a lot. My LDAP DB is not big so performance is not problem. > In general, you probably want to review what your scripts are doing and > see if you can't make them more efficient by using specific lookups. I use it to get list of all active users to create homedirs and ssh keys for them (for example). It is much simpler to use shell utils than write perl script to connect to LDAP directly. Is it possible to set sssd to list only active users - set custom filter? Now it lists all users (inactive include samba/computer accounts) I use this filter in /etc/ldap.conf now: nss_base_passwd ou=People,dc=company,dc=org?one?|(sambaAcctFlags=[UX]) I've found only this: access_provider = ldap ldap_access_filter = sambaAcctFlags=[UX] but it doesn't change list of getent passwd Any idea how to solve it? Pavel -- Pavel Lisy <pali@xxxxxxxx> T-MAPY spol. s r.o. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
