HI!
Is it possible to have a auth-only domain in sssd.conf?
Something like this:
[domain/LDAP-ID]
id_provider = ldap
ldap_search_base = ou=stuff,dc=mydomain,dc=org
...
[domain/LDAP-AUTHC]
auth_provider = ldap
ldap_search_base = ou=virtual,dc=mydomain,dc=org
...
The idea is to let sssd search the map data beneath naming context
ou=stuff,dc=mydomain,dc=org but use ou=authc-virtual,dc=mydomain,dc=org only
for authentication via LDAP simple bind with a hard-coded pattern like:
bind DN: uid=$user,ou=virtual,dc=mydomain,dc=org
Note that user name would be the same in both naming contexts.
So sssd would not have to search in ou=virtual,dc=mydomain,dc=org to make use
of it.
Ciao, Michael.