Hopefully someone out there can shed some light on this.
Running OpenLDAP 2.4.40 on our CentOS 5 servers, with an assortment of CentOS 5, 6, 7; Fedora20+, Ubuntu 12.04 to 14.04. The CentOS 5's are running as straight LDAP clients. The others are using SSSD / LDAP.
On the CentOS 5, when running "getent hosts", it will return the entire LDAP Hosts dbase; which is the behavior we want.
On all the systems running SSSD, they only return the local hosts file. If explicitly adding a host to the command "getent hosts some_host", it will only return if the host is in the local hosts file or DNS; never searching (watching the logs) either the LDAP or SSSD. Debug is at maximum.
Again any help is appreciated.
Thanks,
JD Borresen
Borresen, John - 0444 - MITLL wrote:
Running OpenLDAP 2.4.40 on our CentOS 5 servers, with an assortment of CentOS 5, 6, 7; Fedora20+, Ubuntu 12.04 to 14.04. The CentOS 5's are running as straight LDAP clients. The others are using SSSD / LDAP.
On the CentOS 5, when running "getent hosts", it will return the entire LDAP Hosts dbase; which is the behavior we want.
On all the systems running SSSD, they only return the local hosts file. If explicitly adding a host to the command "getent hosts some_host", it will only return if the host is in the local hosts file or DNS; never searching (watching the logs) either the LDAP or SSSD. Debug is at maximum.
AFAIK sssd does not support hosts map. Therefore you have something different on your CentOS 5 servers. Consult the hosts line in /etc/nsswitch.conf.
Ciao, Michael.
Thanks Michael;
I thought I had read that somewhere (about SSSD not supporting hosts map), too...but, can't find the reference. The hosts entry on all our clients are essentially the same:
Hosts dns files ldap sss
The older CentOS 5 systems don't have "sss" obviously.
JD
-----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: Tuesday, November 03, 2015 11:09 AM To: Borresen, John - 0444 - MITLL; openldap-technical Subject: Re: OpenLDAP & SSSD Question
Borresen, John - 0444 - MITLL wrote:
Running OpenLDAP 2.4.40 on our CentOS 5 servers, with an assortment of CentOS 5, 6, 7; Fedora20+, Ubuntu 12.04 to 14.04. The CentOS 5's are running as straight LDAP clients. The others are using SSSD / LDAP.
On the CentOS 5, when running "getent hosts", it will return the entire
LDAP
Hosts dbase; which is the behavior we want.
On all the systems running SSSD, they only return the local hosts file.
If
explicitly adding a host to the command "getent hosts some_host", it will only return if the host is in the local hosts file or DNS; never searching (watching the logs) either the LDAP or SSSD. Debug is at maximum.
AFAIK sssd does not support hosts map. Therefore you have something different on your CentOS 5 servers. Consult the hosts line in /etc/nsswitch.conf.
Ciao, Michael.
Borresen, John - 0444 - MITLL wrote:
Thanks Michael;
I thought I had read that somewhere (about SSSD not supporting hosts map), too...but, can't find the reference. The hosts entry on all our clients are essentially the same:
Hosts dns files ldap sss
IMO there's no point defining "ldap" and "sss". YMMV.
Ciao, Michael.
On Tue, Nov 03, 2015 at 05:09:16PM +0100, Michael Ströder wrote:
AFAIK sssd does not support hosts map.
Correct; we don't. But you can use 'sss' for the maps we do support (passwd,group,netgroup,...) and ldap for those we don't.
(this is also getting off-topic for this list, sssd-users might be a better venue for sssd-specific questions)
openldap-technical@openldap.org
-
Borresen, John - 0444 - MITLL -
Jakub Hrozek -
Michael Ströder