[CentOS] ldap host attribute is ignored

Mon May 11 19:09:18 UTC 2015
Gordon Messmer <gordon.messmer at gmail.com>

On 05/11/2015 10:06 AM, Ulrich Hiller wrote:
> Hmmm...., i have made now a complete new install but the problem
> persists: ldap authentication works, but the host attribute is ignored.

Hate to say that we're running out of options.  I had a CentOS 7 system 
similar to yours, with LDAP authentication.  I added three lines to 
sssd.conf (for access provider, etc), restarted sssd, and users with no 
"host" attribute were denied.  I didn't actually test users with a host 
attribute that didn't match, or with deny rules.  So maybe there's a bug 
that needs to be looked at?  Does authentication work for users that 
have no "host" attribute at all?

> I have installed CentOS7 64bit with KDE.
> I did not do any 'yum update' or install of extra packages so far.

Update, see if that makes a difference.

After that you'll probably have to turn up logging in sssd and check its 
logs to see what it's doing.