Michael Wandel wrote:
On 24.02.2017 15:56, Michael Ströder wrote:
Bernard Fay wrote:
passwd: files sss ldap shadow: files sss ldap group: files sss ldap
This mix makes no sense at all. Either you use nss_sss to query sssd (which has its own cache in /var/lib/sss/db) or you use nss_ldap (direct or via nss-pam-ldapd).
You are right michael, this is not for beginners , but you can make funny things in combination sssd and nss-ldap ;-)
Sorry, the above realla makes no sense at all: nss-pam-ldapd (aka nslcd) requires nscd for caching these particular maps which does not play well with sssd caching the *same* maps. You can run both in parallel but disable the nscd map caches for maps served by sssd (passwd, group etc.).
And you can do the same funny things with sssd and several LDAP domains. (This is not necessarily meant to endorse sssd over another NSS/PAM implementation. It's just for motivating the original poster to clean his config now.)