We are in the process of attempting to transition to SSSD mainly as we like the idea of a single configuration file.
We currently have two ldap servers (this cannot be changed) where one is used for user authentication and the other provides information on automounts. The ldap server used for automounts only contains a subset of the users in the other ldap server as not all users are able to, or have the need to, log into our systems.
So far we have been unsuccessful in getting SSSD to work for both authentication and autofs. We can get them to work independently but no amount of Googling has come up with a solution as how to combine the two.
All users share the same username in both servers and uid although the gid must come from the automount ldap server (both uid and gid are the same actually). Our conf file so far is given below with some information redacted.
Is it possible to combine the information from both the ldap servers using SSSD?
[sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam, autofs
domains = authd, autofsd
[nss] filter_groups = root filter_users = root reconnection_retries = 3
[pam] reconnection_retries = 3
[autofs]
[domain/autofsd] ldap_id_use_start_tls = True cache_credentials = False ldap_search_base = dc=test,dc=example.com ldap_uri = ldap://ldap1.example.com/ ldap_tls_cacert = /etc/ssl/certs/example.pem id_provider = ldap autofs_provider = ldap ldap_autofs_search_base = dc=test,dc=example.com
[domain/authd] ldap_id_use_start_tls = True cache_credentials = False ldap_search_base = dc=test,dc=example.com enumerate = False chpass_provider = ldap id_provider = ldap auth_provider = ldap ldap_uri = ldap://ldap2.example.com/ ldap_tls_cacert = /etc/ssl/certs/example.pem autofs_provider = none