On Thu, May 23, 2013 at 10:32:21AM -0400, Will_Darton(a)navyfederal.org wrote:
Does anyone have any experience with using IBM IHS Apache and
sssd
together?
I've got some RHEL6.4 servers that need to use IBM IHS for apache.
The 'User <user>' in the httpd.conf file is set to a userid that is
present in LDAP ( via sssd) and can be su - <userid> without any issue,
but httpd will not start, and kicks back
httpd: <user> is not a valid user.
I would think Apache would use nss to get this information, but I can't
find any errors in the sssd_nss logs to indicate a problem.
Thoughts?
Does getent passwd <user> also work fine?
Did you see the user being requested in the NSS logs at all? Please note
that in 6.4 some requests might be served from the memory cache and not
make its way to the nss responder at all. Running sss_cache -UG should
clear the cache for you.
Then I would suggest checking if apache requests the user with standard
interface or whether it just reads /etc/password. Maybe something like:
# strace httpd -DNO_DETACH -DFOREGROUND -k start 2>&1 | grep sss
btw I just ran a 5-minute test here and was able to start Apache
(httpd-2.4.4-2.fc18.x86_64) that used user and group from IPA just fine.