We are in the process of attempting to transition to SSSD mainly as we like the idea of a
single configuration file.
We currently have two ldap servers (this cannot be changed) where one is used for user
authentication and the other provides information on automounts. The ldap server used for
automounts only contains a subset of the users in the other ldap server as not all users
are able to, or have the need to, log into our systems.
So far we have been unsuccessful in getting SSSD to work for both authentication and
autofs. We can get them to work independently but no amount of Googling has come up with a
solution as how to combine the two.
All users share the same username in both servers and uid although the gid must come from
the automount ldap server (both uid and gid are the same actually). Our conf file so far
is given below with some information redacted.
Is it possible to combine the information from both the ldap servers using SSSD?
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam, autofs
domains = authd, autofsd
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
[autofs]
[domain/autofsd]
ldap_id_use_start_tls = True
cache_credentials = False
ldap_search_base =
dc=test,dc=example.com
ldap_uri =
ldap://ldap1.example.com/
ldap_tls_cacert = /etc/ssl/certs/example.pem
id_provider = ldap
autofs_provider = ldap
ldap_autofs_search_base =
dc=test,dc=example.com
[domain/authd]
ldap_id_use_start_tls = True
cache_credentials = False
ldap_search_base =
dc=test,dc=example.com
enumerate = False
chpass_provider = ldap
id_provider = ldap
auth_provider = ldap
ldap_uri =
ldap://ldap2.example.com/
ldap_tls_cacert = /etc/ssl/certs/example.pem
autofs_provider = none