On Mon, May 20, 2013 at 09:41:52AM -0400, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/20/2013 09:08 AM, Jakub Hrozek wrote:
On Fri, May 17, 2013 at 09:09:17PM +0000, John Bossert wrote:
Am fighting a battle with sssd/ldap and udev (RHEL6/Centos6).
I have a udev rule that sets disk ownership to oracle/asmadmin at boot. The user oracle and group asmadmin are registered in ldap.
Other (udev) forums suggest that udev is executing before networking is enabled, ergo ldap is unreachable and the disks remain owned by root/root. Hmmm, could sssd caching be a solution?
Yes, it should.
Following the various tutorials, I've enabled sssd, with "cache_credentials = TRUE" in sssd.conf, but I'm still seeing the same results. Either sssd caching isn't happening, or udev isn't making use of it.
cache_credentials only caches salted password hashes (which is off by default). Identity lookups are always cached and if there was at least one lookup prior to requesting the data offline, it should work even before network is up.
There might potentially be a race-condition where SSSD is reporting as started before the back-ends are responding, depending on which version of SSSD he's running. I think we fixed that in RHEL 6.3.
You're right about the problem (it could very well be it), but the fix landed in 6.4.
# getent --service=sss passwd oracle oracle:*:550:400:Oracle User:/home/oracle:/bin/bash
This seems strange to me, earlier you said that both oracle user and asmadmin group are in LDAP, yet you are able to resolve a the oracle user from passwd?
You misread this one. Reordering the arguments for clarity:
getent passwd -s sss oracle
Ah, thank you. I usually order the parameters the other way around than the reporter :)