From 51de1251e73f31a4f9343387a0273a85cda4a2bc Mon Sep 17 00:00:00 2001
From: Thomas Schneider <thomas@fsmpi.rwth-aachen.de>
Date: Tue, 17 Dec 2019 17:35:04 +0100
Subject: [PATCH 1/2] ad-auth: Fix sssd config ldap_search_base

---
 ad-auth/templates/sssd.conf.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ad-auth/templates/sssd.conf.j2 b/ad-auth/templates/sssd.conf.j2
index 99f25d1..29d385c 100644
--- a/ad-auth/templates/sssd.conf.j2
+++ b/ad-auth/templates/sssd.conf.j2
@@ -11,7 +11,7 @@ offline_failed_login_delay = 0
 [domain/{{ domain }}]
 ad_domain = {{ domain }}
 krb5_realm = {{ domain.upper() }}
-realmd_tags = manages-system joined-with-adcli 
+realmd_tags = manages-system joined-with-adcli
 cache_credentials = True
 id_provider = ad
 krb5_store_password_if_offline = True
@@ -27,5 +27,5 @@ krb5_renewable_lifetime = 200h
 krb5_renew_interval = 30m
 ad_gpo_access_control = disabled
 {% if sssd_show_only_enabled_users|default(False) %}
-ldap_search_base = dc=fsmpi,dc=rwth-aachen,dc=de?subtree?(&(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
+ldap_search_base = {{ authbase }}?subtree?(&(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
 {% endif %}
-- 
GitLab


From 19ce36a737c5b765abc38c6003ade13510118b90 Mon Sep 17 00:00:00 2001
From: Thomas Schneider <thomas@fsmpi.rwth-aachen.de>
Date: Tue, 17 Dec 2019 17:35:23 +0100
Subject: [PATCH 2/2] ad-auth: Disable dynamic DNS updates

---
 ad-auth/templates/sssd.conf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ad-auth/templates/sssd.conf.j2 b/ad-auth/templates/sssd.conf.j2
index 29d385c..79bb050 100644
--- a/ad-auth/templates/sssd.conf.j2
+++ b/ad-auth/templates/sssd.conf.j2
@@ -29,3 +29,4 @@ ad_gpo_access_control = disabled
 {% if sssd_show_only_enabled_users|default(False) %}
 ldap_search_base = {{ authbase }}?subtree?(&(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
 {% endif %}
+dyndns_update=false
-- 
GitLab