I am trying to setup LDAP authentication using SSSD on CentOS 7.
Is it possible to set up SSSD in a way that it uses two LDAP servers: one LDAP server is used just for authentification (basically just to authenticate with the password) and other LDAP server is used for identification and getting all the attributes of a user (homeDirectory, additional LDAP attributes defined only on that LDAP server)?
Users are defined on both servers (same uid, but different base)
No, I don't think this is possible except with an ugly hack. The only special-case that sssd supports is a different LDAP server for change password operations (with ldap_chpass_uri).
But what you could do is to use id_provider=proxy, configure it to use nslcd (aka nss-pam-ldapd) and configure nslcd to use the identity LDAP server. Then configure auth_provider=ldap and point it to the auth LDAP server.
It's not pretty and you would have two LDAP daemons running, but I can't think of another way of solving the problem.
In the long run you'd be better off finding a way to merge your bases.
However, SASL Pass-Through Authentication may be an option for you. Unless you're already using it to pass your main authentication over to something like Kerberos, in which case, you'd be best served replicating the userPassword entry as it's likely to remain static, it should allow you to use the other base to authentication.
