SSSD - start LDAP-search with logging-in user

active-directory sssd

Situation today: we've got a functional sssd-config on multiple Ubuntu-clients. This config contains authenticating against a LDAP-server. The SASL-Mech is as "gssapi" specified and uses a krb5-keytab-file. Bombastic feauture: the specified user of the keytab-file expires every 90 days. Not that bad, but replacing the keytab-file on the clients will take a long time and additional is more risky.

Situation tomorrow will be: if possible we'd like to use the credentials used to log in, because the LDAP isn't anonymous-readable and every domain user will have read access. Actually, I don't have an idea to put the active login-credentials to sssd to check authentication against LDAP. Any assistance would be appreciated!

Before asking to not expire this user: we're in some complex network, which is not administrated by ourself and we're only allowed to use those users.


You can use ldap_default_bind_dn together with ldap_default_authtok_type=password and then put the login credentials into ldap_default_authtok.

Related

SLURM with "partial" head node
atop 2.4.0 time interval
Windows 10 / Chrome: HTTP browser request to IP address differs from same request to hostname
ssh port forwarding (tunneling in HPC)
Infiniband drivers : OFED or distro included?
How to setup a Linux LAN local mail? [closed]
ntpd -g does not sync the clock
Configuring a cloud VM to be accessed by multiple users
Calculating the percentage of the total available memory on linux as an integer in bash
503 error on apache virtual hosts
Apache 2.4 - How to restrict traffic (by IP address) to all requests except the base path?
How can I use one EXE on Multiple machines?