Description of problem:
Auth MIQLDAP to SSSD - After conversion binds happen with admin creds in SSSD.conf file. Binding to LDAP server as Admin should not be required, as conventional security protocols, dictate you bind with the user creds. This way the application is only reading what the user has access to in the LDAP tree.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Configure MIQLDAP
2. Run miqldap_to_sssd conversion script
3. Admin creds are stored in /etc/sssd/sssd.conf as admin creds are used to bind to ldap according to Dev team.
LDAP Admin user is used for all binds
Application should use user creds to bind as they are most restrictive.
See also: https://bugzilla.redhat.com/show_bug.cgi?id=1573511
Sorry I seemed to have created some confusion when we spoke about this the
I reviewed this with Gregg T and Alberto and we all agree this is working as expected.
SSSD does do the bind with the user's credentials when authenticating the user.
SSSD binds with the admin credentials when searching the directory.
SSSD needs to search the directory for things like group membership and finding
the user object. The user may not necessarily have privileges to do this.