On 03/25/2015 05:13 PM, Matt John wrote:
> On 25 Mar 2015, at 20:53, Michael Ströder
<michael(a)stroeder.com> wrote:
>
> Matt John wrote:
>> We currently have two ldap servers (this cannot be changed) where one is
>> used for user authentication and the other provides information on
>> automounts. The ldap server used for automounts only contains a subset of
>> the users in the other ldap server as not all users are able to, or have
>> the need to, log into our systems.
> Disclaimer: I have no personal experience with multi-domain sssd config for
distributed users/groups/sudoers/automap entries (except local and LDAP being used
side-by-side).
>
> But for forcing all user information to come from the [domain/authd] I'd try to
set:
>
> [domain/autofsd]
> [..]
> id_provider = none
> auth_provider = none
> [..]
Setting those options for the autofsd results in sssd failing to start. Looking through
the logs nothing jumps out apart form these lines:
[sssd[be[autofsd]]] [be_process_init] (0x0010): fatal error initializing data providers
[sssd[be[autofsd]]] [main] (0x0010): Could not initialize backend [2]
[sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching.
[sssd] [mt_svc_exit_handler] (0x0040): Child [autofsd] exited with code [3]
[sssd] [mt_svc_exit_handler] (0x0010): Process [autofsd], definitely stopped!
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Based on what I know about SSSD it might currently assume that automount
data and user data come from the same identity source and share same
connection.
But I would leave to SSSD gurus provide more details in the morning.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.