On 03/25/2015 05:13 PM, Matt John wrote:
On 25 Mar 2015, at 20:53, Michael Ströder michael@stroeder.com wrote:
Matt John wrote:
We currently have two ldap servers (this cannot be changed) where one is used for user authentication and the other provides information on automounts. The ldap server used for automounts only contains a subset of the users in the other ldap server as not all users are able to, or have the need to, log into our systems.
Disclaimer: I have no personal experience with multi-domain sssd config for distributed users/groups/sudoers/automap entries (except local and LDAP being used side-by-side).
But for forcing all user information to come from the [domain/authd] I'd try to set:
[domain/autofsd] [..] id_provider = none auth_provider = none [..]
Setting those options for the autofsd results in sssd failing to start. Looking through the logs nothing jumps out apart form these lines:
[sssd[be[autofsd]]] [be_process_init] (0x0010): fatal error initializing data providers [sssd[be[autofsd]]] [main] (0x0010): Could not initialize backend [2] [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. [sssd] [mt_svc_exit_handler] (0x0040): Child [autofsd] exited with code [3] [sssd] [mt_svc_exit_handler] (0x0010): Process [autofsd], definitely stopped!
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Based on what I know about SSSD it might currently assume that automount data and user data come from the same identity source and share same connection. But I would leave to SSSD gurus provide more details in the morning.