From 90adbca9d3478bc33d536c0bce7d9d16c0475697 Mon Sep 17 00:00:00 2001
From: Jonathan Bauer
Date: Tue, 4 Aug 2015 13:19:36 +0200
Subject: [server] do not allow login of disabled accounts :)

---
 server/modules/auth-freiburg/etc/sssd/sssd.conf | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/server/modules/auth-freiburg/etc/sssd/sssd.conf b/server/modules/auth-freiburg/etc/sssd/sssd.conf
index c5c63953..27b340f2 100644
--- a/server/modules/auth-freiburg/etc/sssd/sssd.conf
+++ b/server/modules/auth-freiburg/etc/sssd/sssd.conf
@@ -25,10 +25,9 @@ ldap_tls_reqcert = never
 ldap_schema = rfc2307bis
 ldap_uri = ldaps://ldap.ruf.uni-freiburg.de
 ldap_backup_uri = ldaps://bv1.ruf.uni-freiburg.de,ldaps://bv2.ruf.uni-freiburg.de,ldaps://bv3.ruf.uni-freiburg.de
-ldap_group_search_base = ou=group,dc=uni-freiburg,dc=de
-ldap_user_search_base = ou=people,dc=uni-freiburg,dc=de
-ldap_user_home_directory = rufClientHome
 ldap_search_base = ou=people,dc=uni-freiburg,dc=de
+ldap_user_search_base = ou=people,dc=uni-freiburg,dc=de?onelevel?(rufstatus=enabled)
+ldap_user_home_directory = rufClientHome
 # Note that enabling enumeration will have a moderate performance impact.
 # Consequently, the default value for enumeration is FALSE.
 # Refer to the sssd.conf man page for full details.
-- 
cgit v1.2.3-55-g7522