Hi there,
We have two different ldap "accounts". One is used to get user account information and the other is used get sudo information.
Is there way to have two ldap_default_bind_dn's and ldap_default_authtok's for each of these account configured in sssd.conf.
Thanks
Mickeyg
On Thu, May 09, 2013 at 04:20:43PM +0100, michael gabriel wrote:
Hi there,
We have two different ldap "accounts". One is used to get user account information and the other is used get sudo information.
Is there way to have two ldap_default_bind_dn's and ldap_default_authtok's for each of these account configured in sssd.conf.
No, currently that's not possible, sorry. The SSSD currently only keeps one connection to the LDAP server open for retrieving identity information and only performs binds to authenticate users.
Is there a reason you don't want to use the "sudo" account to read user information as well? Is only the other account permitted to read non-sudoers information?
Thanks for the update. That's what I suspected.
I will suggest to the powers above that we use one account but I don't think that will happen.
Regards
MickeyG
On Thu, May 9, 2013 at 7:09 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Thu, May 09, 2013 at 04:20:43PM +0100, michael gabriel wrote:
Hi there,
We have two different ldap "accounts". One is used to get user account information and the other is used get sudo information.
Is there way to have two ldap_default_bind_dn's and
ldap_default_authtok's
for each of these account configured in sssd.conf.
No, currently that's not possible, sorry. The SSSD currently only keeps one connection to the LDAP server open for retrieving identity information and only performs binds to authenticate users.
Is there a reason you don't want to use the "sudo" account to read user information as well? Is only the other account permitted to read non-sudoers information? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users@lists.fedorahosted.org