I've made some tests and I have a few questions regarding sssd.
We were using pam_ldap and at first I thought that sssd could work with pam_ldap but I
didn't find a way to make it work.
If I enable the debug mode in the pam section, I don't see anything. As sssd can query
for the ldap password + do the caching, it may be the reason why they can't work
I've been able to make it work by putting my ldap configuration in the domain section
and I've verified that if the ldap server becomes unavailable then sssd uses the
password version it has cached
[sssd[be[default]]] [sdap_pam_auth_done] (0x0100): Password successfully cached for
However, when the ldap server is available, I see that every time I try to log in, it does
a ldap request instead of reusing the value it has cached :
[sssd[be[default]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
As entry_cache_timeout is set to 600 per default, I would expect sssd to only query the
ldap every 600 seconds and use the cached value otherwise. What am I missing ?
I see sssd tries to access many attributes for my user and that some of them are missing.
Can it be the reason it doesn't reuse the cache except if the ldap is offline ?