пытается отфильтровать пользователя и группы, принадлежащие одному "CN = hadoop", ниже мой sssd.conf.Это не работает, и все пользователи получают синхронизацию, даже если они не принадлежат к фильтру "CN = hadoop"
[sssd]
domains = TEST.COM
config_file_version = 2
services = nss, pam
full_name_format = %1$s
[pam]
offline_credentials_expiration = 2
offline_failed_login_attempts = 3
offline_failed_login_delay = 5
[nss]
filter_users = root,alluxio,airflow,presto,talend,atscale
[domain/TEST.COM]
debug_level = 3
ad_server = ldap.uat.test.com
ad_backup_server = ldap.uat.test.com
ad_domain = ldap.uat.test.com
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /sbin/nologin
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
ldap_account_expire_policy = ad
ldap_sasl_mech = GSSAPI
ldap_schema = ad
ldap_sasl_authid = host/$(hostname)@TEST.COM
dyndns_update = False
ldap_search_base = DC=app,DC=uat,DC=test,DC=com
access_provider = ldap
ldap_access_order = filter
ldap_access_filter = memberOf=CN=hadoop,OU=APPS,DC=uat,DC=test,DC=com
ad_maximum_machine_account_password_age=0