Description of problem:AD user login problem when modify ldap_user_name= name and restricted by GPO Policy
-----------------------------------------------------------
In
'ad_gpo_connect_done()' SSSD should not use
'state->opts->user_map[SDAP_AT_USER_NAME].name' in the search filter but
hardcoded 'sAMAccountName' to make sure that the sAMAccountName of the
host is searched with this attribute name. 
-------------------------------------------------------------------------

Version-Release number of selected component (if applicable):

rhel8.6
sssd-ad-2.4.0-9.el8_4.2.x86_64
sssd-ad-2.6.2-4.el8_6.1.x86_64

How reproducible:
(2023-04-26 14:48:48): [be[example.systest.]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
(2023-04-26 14:48:48): [be[example.systest.]] [pam_print_data] (0x0100): domain: example.systest.sanpaoloimi.
(2023-04-26 14:48:48): [be[example.systest.]] [pam_print_data] (0x0100): user: rakkumar.
(2023-04-26 14:48:48): [be[example.systest.]] [pam_print_data] (0x0100): service: sshd
(2023-04-26 14:48:48): [be[example.systest.]] [pam_print_data] (0x0100): tty: ssh
(2023-04-26 14:48:48): [be[example.systest.]] [pam_print_data] (0x0100): ruser:
(2023-04-26 14:48:48): [be[example.systest.]] [pam_print_data] (0x0100): rhost: 192.168.160.60
(2023-04-26 14:48:48): [be[example.systest.]] [pam_print_data] (0x0100): authtok type: 0 (No authentication token available)
(2023-04-26 14:48:48): [be[example.systest.]] [pam_print_data] (0x0100): newauthtok type: 0 (No authentication token available)
(2023-04-26 14:48:48): [be[example.systest.]] [pam_print_data] (0x0100): priv: 1
(2023-04-26 14:48:48): [be[example.systest.]] [pam_print_data] (0x0100): cli_pid: 1194471
(2023-04-26 14:48:48): [be[example.systest.]] [pam_print_data] (0x0100): logon name: not set
(2023-04-26 14:48:48): [be[example.systest.]] [pam_print_data] (0x0100): flags: 0
(2023-04-26 14:48:48): [be[example.systest.]] [dp_attach_req] (0x0400): [RID#20] DP Request [PAM Account #20]: REQ_TRACE: New request. [sssd.pam CID #1] Flags [0000].
(2023-04-26 14:48:48): [be[example.systest.]] [dp_attach_req] (0x0400): [RID#20] Number of active DP request: 1
(2023-04-26 14:48:48): [be[example.systest.]] [sss_domain_get_state] (0x1000): [RID#20] Domain example.systest.sanpaoloimi. is Active
(2023-04-26 14:48:48): [be[example.systest.]] [sdap_access_send] (0x0400): [RID#20] Performing access check for user [rakkumar.]
(2023-04-26 14:48:48): [be[example.systest.]] [sdap_account_expired_ad] (0x0400): [RID#20] Performing AD access check for user [rakkumar.]
(2023-04-26 14:48:48): [be[example.systest.]] [sdap_account_expired_ad] (0x4000): [RID#20] User account control for user [rakkumar.] is [200].
(2023-04-26 14:48:48): [be[example.systest.]] [sdap_account_expired_ad] (0x4000): [RID#20] Expiration time for user [rakkumar.] is [133325568000000000].
(2023-04-26 14:48:48): [be[example.systest.]] [ad_gpo_access_send] (0x0400): [RID#20] service sshd maps to Remote Interactive
(2023-04-26 14:48:48): [be[example.systest.]] [sdap_id_op_connect_step] (0x4000): [RID#20] reusing cached connection
(2023-04-26 14:48:48): [be[example.systest.]] [ad_gpo_connect_done] (0x4000): [RID#20] server_hostname from uri: example.example.systest.
(2023-04-26 14:48:48): [be[example.systest.]] [ad_gpo_connect_done] (0x0400): [RID#20] sam_account_name is SALCLT110$
(2023-04-26 14:48:48): [be[example.systest.]] [sdap_print_server] (0x2000): [RID#20] Searching 10.248.28.2:389
(2023-04-26 14:48:48): [be[example.systest.]] [sdap_get_generic_ext_step] (0x0400): [RID#20] calling ldap_search_ext with [(&(objectclass=user)(name=[dc=example,dc=
(2023-04-26 14:48:48): [be[example.systest.]] [sdap_get_generic_ext_step] (0x1000): [RID#20] Requesting attrs: [distinguishedName]
(2023-04-26 14:48:48): [be[example.systest.]] [sdap_get_generic_ext_step] (0x1000): [RID#20] Requesting attrs: [userAccountControl]
(2023-04-26 14:48:48): [be[example.systest.]] [sdap_get_generic_ext_step] (0x2000): [RID#20] ldap_search_ext called, msgid = 46
(2023-04-26 14:48:48): [be[example.systest.]] [sdap_op_add] (0x2000): [RID#20] New operation 46 timeout 6
(2023-04-26 14:48:48): [be[example.systest.]] [sdap_process_result] (0x2000): Trace: sh[0x561baf727230], connected[1], ops[0x561baf785260], ldap[0x561baf73c170]
(2023-04-26 14:48:48): [be[example.systest.]] [sdap_process_message] (0x4000): [RID#20] Message type: [LDAP_RES_SEARCH_REFERENCE]


(2023-04-26 14:48:48): [be[example.systest.]] [generic_ext_search_handler] (0x4000): [RID#20]     Ref: ldap://DomainDnsZones.example.
(2023-04-26 14:48:48): [be[example.systest.]] [ad_gpo_target_dn_retrieval_
(2023-04-26 14:48:48): [be[example.systest.]] [sdap_id_op_destroy] (0x4000): [RID#20] releasing operation connection
(2023-04-26 14:48:48): [be[example.systest.]] [ad_gpo_access_done] (0x0040): [RID#20] GPO-based access control failed.
(2023-04-26 14:48:48): [be[example.systest.]] [dp_req_done] (0x0400): [RID#20] DP Request [PAM Account #20]: Request handler finished [0]: Success
(2023-04-26 14:48:48): [be[example.systest.]] [_dp_req_recv] (0x0400): [RID#20] DP Request [PAM Account #20]: Receiving request data.
(2023-04-26 14:48:48): [be[example.systest.]] [dp_req_destructor] (0x0400): [RID#20] DP Request [PAM Account #20]: Request removed.
(2023-04-26 14:48:48): [be[example.systest.]] [dp_req_destructor] (0x0400): [RID#20] Number of active DP request: 0
(2023-04-26 14:48:48): [be[example.systest.]] [dp_method_enabled] (0x0400): [RID#20] Target selinux is not configured

Note: Note: when we are using "ldap_user_name = sAMAccountName" Test passed and there is no restriction from gpo policy end.


But when we are using ""ldap_user_name = name" Test Failed

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:
while using "ldap_user_name = name" in sssd.conf , active directory user should authenticate on linux client system.



Additional info: