rhel6 sssd ldap for authentication and local files for userNumber (unix uid).
The University has ldap, however, they don't let
departments see the uidNumber (annoying yes).
I was wondering if there is a good way to setup sssd
id_provider = files
auth_provider = ldap
It fails when I try this, I have also tried various proxy
nslcd.conf works fine with this setup, but I had to load
local username/userIDs on the systems (currently). But
may move to a internal LDAP for users and university LDAP
Any comments on how to set this up?
This is probably not going to work with SSSD. We make a fair number of assumptions in the LDAP authentication provider that it's paired with an LDAP identity provider.
I fail to understand why the university would not allow access to uidNumber in LDAP. This renders LDAP entirely useless on UNIX machines. Perhaps you should negotiate with the admins to allow uidNumber to be exposed if the client software is authenticated (rather than anonymous), and then you can configure your clients to use:
ldap_default_bind_dn = uid=username,cn=Users,cn=Accounts,dc=example,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = <your_password>
This way, if they have a valid (to their minds) reason for not exposing the uidNumber to anonymous access, they can at least do so for authenticated connections.
Also, it is strongly recommended that you should use either 'ldap_id_use_start_tls = true' or 'ldap_uri = ldaps://...' when performing an authenticated bind, so that your password cannot be sniffed.
|All times are GMT -5. The time now is 10:41 PM.|