1

Says it all in the title really :)

I am looking into SSSD but have a requirement that it must use ldap-1 for user authentication and then get the home directory automount information from ldap-2.

Endless Googling provided me with no definitive answer.

For extra information both ldap servers share the same usernames and it is not possible to add the automount information to ldap-1.

Current sssd.conf

[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam, autofs

domains = ldap-1, ldap-2

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

[autofs]

[domain/ldap-1]
ldap_id_use_start_tls = True
cache_credentials = True
ldap_search_base = redacted
enumerate = True
chpass_provider = ldap
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://ldap-1
ldap_tls_cacert = pathtocert

[domain/ldap-2]
ldap_id_use_start_tls = True
cache_credentials = False
ldap_search_base = redacted
enumerate = True
ldap_uri = ldap://ldap-2/
ldap_tls_cacert = pathtocert
id_provider = local
autofs_provider = ldap
ldap_autofs_search_base = ou=auto.home,dc=test,dc=example.com
ldap_autofs_entry_object_class = automount
ldap_autofs_entry_value = automountInfomation
Matt John
  • 33
  • 3

1 Answers1

1

Only using two different domains, I guess: [sssd] domains = userdomain, autofsdomain

For the autofs domain, you can try setting some more-or-less phony id_provider, like none or local if you want to be sure to avoid retrieving users from the autofs domain.

jhrozek
  • 1,370
  • 6
  • 5
  • I have edited the sssd.conf to add an autofs domain however it seems to be totally ignored. The conf file is now in my original question for reference. – Matt John Mar 25 '15 at 10:02