I have a single ldap instance that provides ID for accounts across multiple trusted kerberos realms. I don't see a way to list multiple keberos REALMS under a single domain section. I'm guessing the only way this scheme will work is if I locate the realm1 ldap accounts in one container and the realm2 accounts in another container e.g.:
domains = realm1, realm2 [domain/realm1] id_provider = ldap ldap_uri = ldaps://ldap.example.com auth_provider = krb5 krb5_realm = REALM1.COM ldap_user_search_base = ou=realm1,ou=people,dc=example,dc=com [domain/realm2] id_provider = ldap ldap_uri = ldaps://ldap.example.com auth_provider = krb5 krb5_realm = REALM2.COM ldap_user_search_base = ou=realm2,ou=people,dc=example,dc=com Am I correct that I won't be able to place the realm1 and realm2 accounts in the same ldap_user_search_base? I was hoping I might be able to leverage “[domain/realm1/realm2]” but it doesn't look like krb5_realm is an option here, and that the trusted domain section expects to find identity in separate user search bases. Mark _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
