On 03/25/2015 05:13 PM, Matt John wrote:
> On 25 Mar 2015, at 20:53, Michael Ströder
> Matt John wrote:
>> We currently have two ldap servers (this cannot be changed) where one is
>> used for user authentication and the other provides information on
>> automounts. The ldap server used for automounts only contains a subset of
>> the users in the other ldap server as not all users are able to, or have
>> the need to, log into our systems.
> Disclaimer: I have no personal experience with multi-domain sssd config for
distributed users/groups/sudoers/automap entries (except local and LDAP being used
> But for forcing all user information to come from the [domain/authd] I'd try to
> id_provider = none
> auth_provider = none
Setting those options for the autofsd results in sssd failing to start. Looking through
the logs nothing jumps out apart form these lines:
[sssd[be[autofsd]]] [be_process_init] (0x0010): fatal error initializing data providers
[sssd[be[autofsd]]] [main] (0x0010): Could not initialize backend 
[sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching.
[sssd] [mt_svc_exit_handler] (0x0040): Child [autofsd] exited with code 
[sssd] [mt_svc_exit_handler] (0x0010): Process [autofsd], definitely stopped!
sssd-users mailing list
Based on what I know about SSSD it might currently assume that automount
data and user data come from the same identity source and share same
But I would leave to SSSD gurus provide more details in the morning.
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.