All, Spoiler alert: my configuration is working; I just want verification I did it right.
BACKGROUND: I have an LDAP domain that was delivering autofs maps exclusively. Other (AD) domains were delivering users, groups, authentication and access. Since this back-end LDAP domain didn’t participate in any user authentication or access, I configured that backup LDAP domain in sssd.conf with only an autofs_provder: [domain/LDAP] debug_level = 9 id_provider = none autofs_provider = ldap ldap_uri= ldap://austgcore17.example.com ldap_schema = rfc2307bis ldap_default_bind_dn = cn=ldapadm,dc=itzgeek,dc=local ldap_default_authtok = ldppassword ldap_autofs_search_base = ou=automount,ou=admin,dc=itzgeek,dc=local ldap_autofs_map_object_class = automountMap ldap_autofs_map_name = automountMapName ldap_autofs_entry_object_class = automount ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation ldap_netgroup_search_base = ou=netgroup,ou=admin,dc=itzgeek,dc=local Works great! Get all expected automount maps. CURRENT (ADDED NETGROUPS): Now I have added NIS netgroups to this backend LDAP server. Thus, it now successfully delivers automount maps + netgroups. I still don’t want this LDAP backend domain to even attempt authentication and access – that’s in my other (AD) domains. So you’d think all I’d have to do is change this: [domain/LDAP] … id_provider = none autofs_provider = ldap to this: [domain/LDAP] … id_provider = none autofs_provider = ldap netgroup_provider = ldap But – point in fact – there is no “netgroup_provider” setting for sssd.conf file. Netgroup takes whatever the value is of ‘id_provider’. So I turned on id_provider, then explicitly turned off all providers I don’t want. Is this correct? [domain/LDAP] debug_level = 9 #id_provider = none id_provider = ldap auth_provider = none account_provider = none chpass_provider = none sudo_provider = none subdomains_provider = none autofs_provider = ldap Also, any particular reason there’s not a netgroup_provider? BTW, retrieving netgroups via sssd does not seem explicitly and concretely documented. That is, I had to consult multiple sources to get the RFC 2307bis setup, another to get the sssd.conf settings. (I’m not faulting anyone; netgroups are rarely used anymore.) Is there someone that maintains sssd documentation, I could submit a concrete example – to help any future intrepid explorer? I have the specific back-end LDIF files, the specific sssd.conf and nsswitch.conf file setup. Spike White
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
