On 27 Dec 2016, at 20:24, Lesley Kimmel
<lesley.j.kimmel(a)gmail.com> wrote:
All;
I was recently looking at the man page for sssd-ldap and saw that several of the options
default to the 'openldap defaults’.
Based on this I was wondering:
1) Is there any requirement of SSSD on openldap client tools?
This should already be the case, we don’t depend on openldap clients tools (ldapsearch,
ldapadd, …) but we do require openldap libraries. In the past it was possible to compile
sssd with other libldap implementations (mozilla/netscape’s in particular) but I don’t
think anyone tested that recently.
2) If openldap is NOT required will SSSD still use what would be the
openldap values or is it required to have the ldap.conf file present to obtain these
values?
The flow goes like this:
- if the value is specified in sssd.conf, use that
- otherwise read the default from libldap
— there, I assume libldap checks ldap.conf for the corresponding value first
— if not found, it falls back to compiled defaults
I would assume this is true for other programs that use libldap not just sssd.
3) If not #2 are there other defaults that SSSD uses or must we
provide values when we don't have ldap.conf in place?
Asking about particular options/values would allow us to answer in a more helpful manner
but in general you shouldn’t need to explicitly define ldap.conf just for sssd. In theory,
sssd.conf might also be quite minimal, specifying just id_provider, then the rest would
then be detected either from DNS or from rootDSE. As I said, asking more specific
questions would yield more specific answers :)