24 Feb
2015
24 Feb
'15
1:06 a.m.
On 02/23/2015 03:59 AM, Ulrich Hiller wrote:
/etc/sssd/sssd.conf: [domain/default] access_provider = ldap ldap_access_filter = memberOf=ou=YYYY,o=XXXX ldap_access_order = host
Because ldap_access_order doesn't include "filter", ldap_access_filter will not be used. You can remove that.
Aside from that, it would be helpful to see the entry for one of the users who can log in and should not be able to.
Make sure you flush the cache before testing.
/etc/ldap.conf:
I don't think that file is relevant.