Zachary Hanson-Hart <zachhh <at> temple.edu> writes: > > Dmitri Pal <dpal <at> redhat.com> writes:
> > What you can do is for groups use > > sss ldap > > or may be even just ldap > > in nsswitch.conf and use SSSD for users and configure nss_ldap for > > groups. > > I am not sure whether that would work but it is worth a try. This turned out to work perfectly. Leaving the authentication LDAP server in sssd.conf as both an id and auth provider gives the necessary user information, and then subsequently, nss_ldap for groups gives all of the appropriate additional groups. nsswitch.conf: passwd: compat sss group: compat ldap ... /etc/ldap.conf: uri ldaps://group.server ... /etc/sssd/sssd.conf: [sssd] domains userldap ... [domain/userldap] ldap_uri ldaps://authentication.server id_provider ldap auth_provider ldap ... PHEW! Thanks for your advice, Dmitri. > > _______________________________________________ > > sssd-users mailing list > > sssd-users <at> lists.fedorahosted.org > > https://lists.fedorahosted.org/mailman/listinfo/sssd-users > > > > > > -- > > Thank you, > > Dmitri Pal > > > > Sr. Engineering Manager for IdM portfolio > > Red Hat Inc. > > > > > > ------------------------------- > > Looking to carve out IT costs? > > www.redhat.com/carveoutcosts/ > > > > > > > > > > > > _______________________________________________ > > sssd-users mailing list > > sssd-users <at> lists.fedorahosted.org > > https://lists.fedorahosted.org/mailman/listinfo/sssd-users > > > > _______________________________________________ > sssd-users mailing list > sssd-users <at> lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-users > _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
