That's a valid answer if the enumeration is off.
If the enumeration is on, however, the enum code will search all
users, then all groups, then all services. Currently there's no way to
configure 'only enumerate users and groups but not services'.
We could enhance the 'enumerate' option to accept a combination of
'entities' to download, then the user would be able to specify:
enumerate = users, groups
But honestly I think this would fall into the 'patches welcome' priority bucket.
On Fri, May 9, 2014 at 2:52 PM, Stephen Gallagher <sgallagh(a)redhat.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/09/2014 08:49 AM, Michael Ströder wrote:
> On Fri, 09 May 2014 07:59:25 -0400 Dmitri Pal <dpal(a)redhat.com>
> wrote
>> On 05/09/2014 07:32 AM, Michael Ströder wrote:
>>> Does it depend on "services: sss" set in /etc/nsswitch.conf?
>>
>> Yes
>
> Maybe I should clarify that I want to *disable* searches with
> (objectClass=ipService) sent by sssd. Is it sufficient to just omit
> sss from line services in nsswitch.conf?
Yes, you can remove it from nsswitch.conf and SSSD will no longer be
queried. You will want to do a full system reboot after making that
change, since running processes don't pick up changes to nsswitch.conf
(which includes system services). The easiest way is to just reboot.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlNsz5sACgkQeiVVYja6o6N45wCfVE4hKR1LUvgS1vdX4DggGycC
u7UAn3/oS5kcqAfzdkJ63duBByMIWjGt
=CARB
-----END PGP SIGNATURE-----
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users