On Wed, Sep 25, 2013 at 11:42:15AM +0200, Olivier wrote:
Hello everyone,
I launch "authconfig" within a script to setup my redhat6 boxes.
I noticed that authconfig does not set up sssd.conf properly :
https://bugzilla.redhat.com/show_bug.cgi?id=874527
but the bug is declared as "closed" ?
First question :
could anyone confirm that authconfig does *not* configure
sssd.conf with "--enablesss" and "--enablesssdauth" and
that I therefore need to configure that file myself (by hand
or within my script) ?
The switches --enablesss and --enablesssdauth are meant for the case
where the admin creates the sssd.conf manually and only wants the
authconfig to setup the NSS and PAM stacks for him. So with the latest
version, authconfig --enablesssdauth --enablesss should not touch the
sssd.conf at all.
Second question:
I noticed that sssd seemed to work properly even without
declaring the "ldap_uri" parameter within sssd.conf. Could
anyone confirm that this parameter is not necessary and
where does sssd collect the list of ldap servers to query
in that case, ldap.conf ?
Yes, if the ldap_uri parameter is missing, then the SSSD falls back to
DNS SRV discovery. As the sssd-ldap man page says:
"""
ldap_uri, ldap_backup_uri (string):
If neither option is specified, service discovery is enabled.
"""