Lukas,
Thanks for your input. I can't reproduce what I was seeing right now, so I can't send you my log files because I deleted them earlier to make issues easier to find (which in retrospect was dumb). But just to explain what I was talking about earlier, below are some more explanations.
>Do users from /etc/passwd have the same uid/name as user from LDAP?
Yes they can.
>I do not really understand what do you mean by "revert to local accounts if my
> ldap server is down."What I mean is that I only want accounts from the LDAP server to be used when LDAP is up. So I would store root and all other system users in LDAP. If my LDAP server is online, I only want users to authenticate through LDAP, no local logins. The only time I want local accounts is if the LDAP server is no longer responsive.
>SSSD caches all information about authenticated users.
>It will be possible to authenticate even if LDAP server is down.
I don't know if I want to rely on caching as it depends on actually having to login as that user in the first place. This leads to inconsistency and hard to reproduce issues.
Thanks again for your help.