(without the n :-)
Ooops :)
sssd cares only about what exists in ldap to date.
Ooops again
If you look at the ldap tree on its own you see an
"unknown" user name as member of a group.
Ok, I see the logic now ( although I'm not completely
convinced from a practical point of view to be honnest :
a user name could be defined somewhere else, in a
referal ldap for example. In that case, should it be an
overall group consistency problem if a memberuid was
uknown because a referal server is not accessible ? ).
Anyway, thank you so much for your responses Simo
and Stephen : I'll adapt my view to what is possible then :-)
Kindest,
---
Olivier
2012/3/14 Simo Sorce <simo(a)redhat.com>:
> On Wed, 2012-03-14 at 19:51 +0100, Olivier wrote:
>> Simon,
>
(without the n :-)
>
>> that's where I don't catch ( sorry) :
>>
>> > You are asking it to know about "unknown" users
>>
>> If you say in nsswitch.conf :
>>
>> passwd: local sss
>> group: sss local
>>
>> Then sss should know about users that are in local
>> /etc/passwd and may retrieve their groups in ldap ?
>
> No, sssd is blissfully unaware of what you have in /etc/passwd
> or /etc/group, sssd cares only about what exists in ldap to date.
>
>> Why would that be inconsistent not to insert users
>> entries in ldap in that situation ?
>
> Because in the ldap server there is no corresponding user. If you look
> at the ldap tree on its own you see an "unknown" user name as member of
> a group.
>
>> BTW, I don' think that ldap requires that an entry exists
>> for a posixgroup memberuid ?
>
> No the rfc2307 schema does not mandate consistency (the rfc2307bis
> schema does mandate it due to use of DNs instead of simple names).
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
> _______________________________________________
> sssd-devel mailing list
> sssd-devel(a)lists.fedorahosted.org
>
https://fedorahosted.org/mailman/listinfo/sssd-devel