On Wed, 2012-03-14 at 19:51 +0100, Olivier wrote:
Simon,
(without the n :-)
that's where I don't catch ( sorry) :
> You are asking it to know about "unknown" users
If you say in nsswitch.conf :
passwd: local sss
group: sss local
Then sss should know about users that are in local
/etc/passwd and may retrieve their groups in ldap ?
No, sssd is blissfully unaware of what you have in /etc/passwd
or /etc/group, sssd cares only about what exists in ldap to date.
Why would that be inconsistent not to insert users
entries in ldap in that situation ?
Because in the ldap server there is no corresponding user. If you look
at the ldap tree on its own you see an "unknown" user name as member of
a group.
BTW, I don' think that ldap requires that an entry exists
for a posixgroup memberuid ?
No the rfc2307 schema does not mandate consistency (the rfc2307bis
schema does mandate it due to use of DNs instead of simple names).
Simo.
--
Simo Sorce * Red Hat, Inc * New York