On Fri, Feb 24, 2017 at 10:07 AM, Michael Wandel <m.wandel@t-online.de> wrote:
On 24.02.2017 16:02, Bernard Fay wrote:
> sssd is not running and even removed.  At beginning we thought of using
> it as it is the recommended way to go. But sssd requires the use of a
> secured LDAP which we do not use as this LDAP is confined in a lab. We
> use nscd.

This ist not correct, sssd need this only for the authprovider , the
idprovider can be used with plain ldap.

best regards

I do not understand what is not correct in this.  The man page of sssd-ldap is clear about it.

> On Fri, Feb 24, 2017 at 9:56 AM, Michael Ströder <michael@stroeder.com
> <mailto:michael@stroeder.com>> wrote:
>     Bernard Fay wrote:
>     > passwd:     files sss ldap
>     > shadow:     files sss ldap
>     > group:      files sss ldap
>     This mix makes no sense at all. Either you use nss_sss to query sssd
>     (which has its own
>     cache in /var/lib/sss/db) or you use nss_ldap (direct or via
>     nss-pam-ldapd).
>     Decide which components you really want to use and clean your config
>     before going any
>     further.
>     Ciao, Michael.