[SSSD-users] Re: Integrate DMZ clients (sssd) to Active Directory through proxy

Hi Sumit, My bad. Nscd caching was mis-directed me. If anyone reads this thread, a working PoC looks like this: #### SLAPD config: https://wiki.samba.org/index.php/OpenLDAP_as_proxy_to_AD ##### Client (SSSD) configuration [sssd] config_file_version = 2 debug_level = 3 domains = test.local services = nss, pam, ifp [nss] filter_groups = root filter_users = root [pam] [domain/test.local] debug_level = 3 id_provider = ldap cache_credentials = True ldap_uri = ldaps://ldapproxy.test.local ldap_search_base = OU=TESTLAB,DC=test,DC=local ldap_schema = AD ldap_default_bind_dn = CN=_svc_ldapquery,OU=Users,OU=TESTLAB,DC=test,DC=local ldap_default_authtok = xxxxx ldap_default_authtok_type = password ldap_tls_cacert = /etc/openldap/certs/cert.crt ldap_id_mapping = True enumerate = True fallback_homedir = /home/%u default_shell = /bin/bash sudo_provider = ldap auth_provider = ldap autofs_provider = ldap resolver_provider = ldap use_fully_qualified_names = False access_provider = simple simple_allow_groups = linux_admins subdomain_inherit = ignore_group_members ignore_group_members = True ad_enable_gc = false Sure you have to do usual things like activate pam (in case of SUSE: /usr/sbin/pam-config --add --sss --mkhomedir), disabling nscd caching, configure nsswitch.conf (files sss). Hope this helps. Szabolcs