Zachary Hanson-Hart <zachhh <at> temple.edu> writes:
Dmitri Pal <dpal <at> redhat.com> writes:
What you can do is for groups use sss ldap or may be even just ldap in nsswitch.conf and use SSSD for users and configure nss_ldap for groups. I am not sure whether that would work but it is worth a try.
This turned out to work perfectly. Leaving the authentication LDAP server in sssd.conf as both an id and auth provider gives the necessary user information, and then subsequently, nss_ldap for groups gives all of the appropriate additional groups.
nsswitch.conf: passwd: compat sss group: compat ldap ...
/etc/ldap.conf: uri ldaps://group.server ...
/etc/sssd/sssd.conf: [sssd] domains userldap ...
[domain/userldap] ldap_uri ldaps://authentication.server id_provider ldap auth_provider ldap ...
PHEW! Thanks for your advice, Dmitri.
_______________________________________________
sssd-users mailing list sssd-users <at> lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
--
Thank you, Dmitri Pal
Sr. Engineering Manager for IdM portfolio Red Hat Inc.
Looking to carve out IT costs? www.redhat.com/carveoutcosts/
sssd-users mailing list sssd-users <at> lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users <at> lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users