On Mon, May 20, 2013 at 09:41:52AM -0400, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/20/2013 09:08 AM, Jakub Hrozek wrote:
> On Fri, May 17, 2013 at 09:09:17PM +0000, John Bossert wrote:
>> Am fighting a battle with sssd/ldap and udev (RHEL6/Centos6).
>>
>> I have a udev rule that sets disk ownership to oracle/asmadmin at
>> boot. The user oracle and group asmadmin are registered in
>> ldap.
>>
>> Other (udev) forums suggest that udev is executing before
>> networking is enabled, ergo ldap is unreachable and the disks
>> remain owned by root/root. Hmmm, could sssd caching be a
>> solution?
>>
>
> Yes, it should.
>
>> Following the various tutorials, I've enabled sssd, with
>> "cache_credentials = TRUE" in sssd.conf, but I'm still seeing the
>> same results. Either sssd caching isn't happening, or udev isn't
>> making use of it.
>>
>
> cache_credentials only caches salted password hashes (which is off
> by default). Identity lookups are always cached and if there was at
> least one lookup prior to requesting the data offline, it should
> work even before network is up.
>
There might potentially be a race-condition where SSSD is reporting as
started before the back-ends are responding, depending on which
version of SSSD he's running. I think we fixed that in RHEL 6.3.
You're right about the problem (it could very well be it), but the fix
landed in 6.4.
>> # getent --service=sss passwd oracle oracle:*:550:400:Oracle
>> User:/home/oracle:/bin/bash
>>
>
> This seems strange to me, earlier you said that both oracle user
> and asmadmin group are in LDAP, yet you are able to resolve a the
> oracle user from passwd?
>
You misread this one. Reordering the arguments for clarity:
getent passwd -s sss oracle
Ah, thank you. I usually order the parameters the other way around than
the reporter :)