On Fri, 2014-04-25 at 16:39 -0400, kevin sullivan wrote:
I am seeing an issue when I try to change a local user's password
when SSSD
(1.9.2-82.el6) is not running. I have two sets of users: users stored in
ldap and users stored locally on my RHEL 6.4 machine.
Sorry to say this (I generally avoid it) but you are doing it wrong
right here.
One of the principal features of SSSD is its offline mode, which has
been built explicitly so that you do not need to have different accounts
locally and remotely.
You only have your LDAP account, and when the machine goes offline (ie,
can't reach the LDAP server for whatever reason), then SSSD uses the
local cache to serve your machine as if nothing had happened.
It works also for authentication although not enabled by default.
(See man sssd.conf: cache_credentials ).
So with SSSD what you should do is to get rid of local accounts that
duplicate/shadows LDAP accounts, and live happily thereafter.
Simo.
--
Simo Sorce * Red Hat, Inc * New York