ad-auth: Fix sssd config ldap_search_base

51de1251 · Thomas Schneider · 957694fd · 51de1251
Commit 51de1251 authored Dec 17, 2019 by Thomas Schneider
--- a/ad-auth/templates/sssd.conf.j2
+++ b/ad-auth/templates/sssd.conf.j2
@@ -11,7 +11,7 @@ offline_failed_login_delay = 0
 [domain/{{ domain }}]
 ad_domain = {{ domain }}
 krb5_realm = {{ domain.upper() }}
-realmd_tags = manages-system joined-with-adcli 
+realmd_tags = manages-system joined-with-adcli
 cache_credentials = True
 id_provider = ad
 krb5_store_password_if_offline = True
@@ -27,5 +27,5 @@ krb5_renewable_lifetime = 200h
 krb5_renew_interval = 30m
 ad_gpo_access_control = disabled
 {% if sssd_show_only_enabled_users|default(False) %}
-ldap_search_base = dc=fsmpi,dc=rwth-aachen,dc=de?subtree?(&(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
+ldap_search_base = {{ authbase }}?subtree?(&(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
 {% endif %}