[14.04.2013 14:01] [Anton Aylward]:
lynn said the following on 04/14/2013 04:19 AM:
I believe that the enumerate line should allow me list all domain users too. Is it possible to get all the objects listed always with getent under sssd?
/etc/nsswitch.conf passwd: compat sss group: compat sss
This isn't my area of expertise so this is just a guess. Isn't there a 'necessary and sufficnet' thing here? You've listed 'compat' first, so isn't a query going to try local frst? You don't have a qualifier on that to say what happens on failure.
Do you really want local to have priority over sss? Do you want the priotity to be this absolute and unqualified?
* maybe there needs to be a "[NOTFOUND=continue]" qualifier * maybe 'compat' isn't the right thing to use there
This isn't my area of expertise so this is just a guess.
The mentioned entries in /etc/nsswitch.conf are made by YaST. And yes, you might really "want local to have priority over sss", and if it is simply because of the local root user... In YaST, you also have a checkbox whether you want to list entities or not. For me, checking the box made no differencies, I never had remote users appearing on "getent passwd". Hovever, "getent passwd $remoteusername" worked as usual. When I changed "compat sss" to "compat ldap", I got the long list (> 2k users). So this should not be an issue with "compat", but related to "sss". I removed sssd from my box, and configured everything manually (for ldap) as I did before. Authentication against LDAP never worked with sssd, with or without enabled TLS. And I did not read about a working sssd against a (remote) LDAP server yet. Regards, Werner -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org