Hello,

I am in the process of deploying a new LDAP cluster. Y'all were very helpful in getting SSSD configured properly. We were doing not using SSSD at all before. That really freaks me out, given we have all of our NFS mounts defined in LDAP, so consequently I have added autofs. Our LDAP schema does not conform to any "standard" so I have attached my sanitized sssd.conf and autofs.conf, as well as nsswitch.conf, in case anyone had issues doing autofs and sssd with aliases.

Eg:

# autofs.maps, server, machines, blah.blah.blah.blah dn: ou=autofs.maps,cn=server,ou=machines,dc=blah,dc=blah,dc=blah,dc=blah

ou: autofs.maps objectClass: automountMap objectClass: top

# scratch, autofs.maps, server, machines, blah.blah.blah.blah dn: cn=scratch,cn=server,ou=machines,dc=blah,dc=blah,dc=blah,dc=blah ou: autofs.maps cn: scratch objectClass: alias objectClass: extensibleObject aliasedObjectName: ou=scratch,ou=autofs.maps,dc=blah,dc=blah,dc=blah,dc=bla h

# scratch, autofs.maps, davinci.med.cornell.edu dn: ou=scratch,ou=autofs.maps,dc=dc=blah,dc=blah,dc=blah,dc=bla h objectClass: top objectClass: organizationalUnit ou: scratch

# 31337lab_scratch, scratch, autofs.maps, blah.blah.blah.blah dn: cn=fclab_scratch,ou=scratch,ou=autofs.maps,dc=blah,dc=blah,dc=blah,dc=bla h cn: 31337lab_scratch objectClass: automount automountInformation: exporting.nfs.server:/important/stuff/located/here

"ldap_deref = always" made this work. Anyway, hope someone finds that useful.

So caching. Would such a long LDAP caching policy, shown in my sssd.conf, have any downsides? I thought the longer the better though what if users change their password? Does sssd poll LDAP server for changes in order to make sure the cache doesn't fall behind state present in LDAP?

Best Doug

Thanks,

Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Physiology and Biophysics Weill Cornell Medicine E: doug@med.cornell.edu O: 212-746-5454 F: 212-746-8690