On 25 Mar 2015, at 20:53, Michael Ströder
<michael(a)stroeder.com> wrote:
Matt John wrote:
> We currently have two ldap servers (this cannot be changed) where one is
> used for user authentication and the other provides information on
> automounts. The ldap server used for automounts only contains a subset of
> the users in the other ldap server as not all users are able to, or have
> the need to, log into our systems.
Disclaimer: I have no personal experience with multi-domain sssd config for distributed
users/groups/sudoers/automap entries (except local and LDAP being used side-by-side).
But for forcing all user information to come from the [domain/authd] I'd try to set:
[domain/autofsd]
[..]
id_provider = none
auth_provider = none
[..]
Setting those options for the autofsd results in sssd failing to start. Looking through
the logs nothing jumps out apart form these lines:
[sssd[be[autofsd]]] [be_process_init] (0x0010): fatal error initializing data providers
[sssd[be[autofsd]]] [main] (0x0010): Could not initialize backend [2]
[sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching.
[sssd] [mt_svc_exit_handler] (0x0040): Child [autofsd] exited with code [3]
[sssd] [mt_svc_exit_handler] (0x0010): Process [autofsd], definitely stopped!