Hi,

I'm using SSSD and I want to use uidNumber for my ADusers. To do that I put this line in my sssd.conf :
ldap_id_mapping = False

With this line I want to allow only users that belong to this group to login:
ad_access_filter = (memberOf=CN=ADMINS,OU=Services,DC=AD,DC=EXAMPLE,D C=COM)

My problem is that if a ADUser doesn't have a POSIX Attributes he can not log in.
I can see in logs there is a ldap search command that only search user with uidNumber (POSIX Attributes) :
[sssd[be[ad.example.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=aduser5932)(objectclass=user)(sA MAccountName=*)(&(uidNumber=*)(!(uidNumber=0))))][DC=ad,DC=example,DC=com].
[sssd[be[d20.tes.local]]] [sdap_search_user_process] (0x0400): Search for users, returned 0 results.
[sssd[be[d20.tes.local]]] [sdap_get_users_done] (0x0040): Failed to retrieve users
[sssd[be[d20.tes.local]]] [sysdb_search_by_name] (0x0400): No such entry

If I set UNIX Attributes to this account and clear sssd cache, I can log in without problem.

Thanks in advance.