我的客户端是Centos 7,LDAP服务器是Active Directory(Windows 2008 R2)。我正在使用 sssd 来通过 LDAP 用户(ad)对我的计算机进行身份验证。我的问题是我设法与我的老的ldap 用户密码和新密码也有效。
当我清除缓存时 -
systemctl stop sssd
rm -rf /var/lib/sss/db/*
systemctl restart sssd
它有效,但我不想在用户更改密码时删除缓存。 SSD配置文件-
[sssd]
services = nss, pam
domains = default
[nss]
homedir_substring = /home
[domain/default]
debug_level = 9
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
cache_credentials = False
ldap_search_base = DC=exa,DC=net
ldap_schema = AD
ldap_default_bind_dn = cn=administrator,cn=users,dc=exa,dc=net
ldap_default_authtok_type = obfuscated_password
ldap_default_authtok = AkakamaimkaA55
ldap_uri = ldaps://win.exa.net:636
use_fully_qualified_names = False
default_shell = /bin/bash
ldap_id_mapping = True
override_homedir = /home/%u
ldap_id_use_start_tls = True
ldap_tls_cacert = /etc/openldap/ca.pem
ldap_tls_reqcert = demand