All,
Spoiler alert: my configuration is working; I just want verification I did it right.
BACKGROUND:
I have an LDAP domain that was delivering autofs maps exclusively. Other (AD) domains were delivering users, groups, authentication and access.
Since this back-end LDAP domain didn’t participate in any user authentication or access, I configured that backup LDAP domain in sssd.conf with only an autofs_provder:
[domain/LDAP]
debug_level = 9
id_provider = none
autofs_provider = ldap
ldap_uri= ldap://austgcore17.example.com
ldap_schema = rfc2307bis
ldap_default_bind_dn = cn=ldapadm,dc=itzgeek,dc=local
ldap_default_authtok = ldppassword
ldap_autofs_search_base = ou=automount,ou=admin,dc=itzgeek,dc=local
ldap_autofs_map_object_class = automountMap
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_object_class = automount
ldap_autofs_entry_key = automountKey
ldap_autofs_entry_value = automountInformation
ldap_netgroup_search_base = ou=netgroup,ou=admin,dc=itzgeek,dc=local
Works great! Get all expected automount maps.
CURRENT (ADDED NETGROUPS):
Now I have added NIS netgroups to this backend LDAP server. Thus, it now successfully delivers automount maps + netgroups.
I still don’t want this LDAP backend domain to even attempt authentication and access – that’s in my other (AD) domains.
So you’d think all I’d have to do is change this:
[domain/LDAP]
…
id_provider = none
autofs_provider = ldap
to this:
[domain/LDAP]
…
id_provider = none
autofs_provider = ldap
netgroup_provider = ldap
But – point in fact – there is no “netgroup_provider” setting for sssd.conf file. Netgroup takes whatever the value is of ‘id_provider’.
So I turned on id_provider, then explicitly turned off all providers I don’t want. Is this correct?
[domain/LDAP]
debug_level = 9
#id_provider = none
id_provider = ldap
auth_provider = none
account_provider = none
chpass_provider = none
sudo_provider = none
subdomains_provider = none
autofs_provider = ldap
Also, any particular reason there’s not a netgroup_provider?
BTW, retrieving netgroups via sssd does not seem explicitly and concretely documented. That is, I had to consult multiple sources to get the RFC 2307bis setup, another to get the sssd.conf settings. (I’m not faulting anyone; netgroups are rarely used anymore.)
Is there someone that maintains sssd documentation, I could submit a concrete example – to help any future intrepid explorer? I have the specific back-end LDIF files, the specific sssd.conf and nsswitch.conf file setup.
Spike White