Open briantownjr opened 6 days ago
Hi,
I'm not aware of a limitation, especially on such a low level. I see you already have debug_level = 10
set in the [pam] and [domain/...] sections. Would it be possible to attach the logs covering a failed login attempt?
Additionally, please remove ldap_user_certificate = altSecurityIdentities
. The ldap_user_certificate
should point to an attribute which contains the whole certificate, this is typically the userCertificate
attribute in AD which is used as default for this option.
bye, Sumit
Ubuntu 20.04 tied to Windows 2019 AD. Single user account being mapped to multiple x509 strings. Works fine with 3-4 x509 strings but anymore and it fails even though users can properly login to their personal account with said x509 string
Not sure if there is a depth parameter for the certmap portion or domain portion, not seeing any in documentation that i've found. Perhaps it's also the timeout? Though I would think 400 would be high enough to parse through 5-8 x509 strings
SSSD.conf
krb5.conf