说这一切真的在标题:)
我正在研究SSSD,但要求必须使用ldap-1进行用户身份validation,然后从ldap-2获取主目录自动安装信息。
无休止的谷歌search没有给我提供明确的答案。
对于额外的信息,两个ldap服务器共享相同的用户名,并且不能将自动挂载信息添加到ldap-1。
目前sssd.conf
[sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam, autofs domains = ldap-1, ldap-2 [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [autofs] [domain/ldap-1] ldap_id_use_start_tls = True cache_credentials = True ldap_search_base = redacted enumerate = True chpass_provider = ldap id_provider = ldap auth_provider = ldap ldap_uri = ldap://ldap-1 ldap_tls_cacert = pathtocert [domain/ldap-2] ldap_id_use_start_tls = True cache_credentials = False ldap_search_base = redacted enumerate = True ldap_uri = ldap://ldap-2/ ldap_tls_cacert = pathtocert id_provider = local autofs_provider = ldap ldap_autofs_search_base = ou=auto.home,dc=test,dc=example.com ldap_autofs_entry_object_class = automount ldap_autofs_entry_value = automountInfomation 只使用两个不同的域,我猜:[sssd] domains = userdomain,autofsdomain
对于autofs域,如果你想确保避免从autofs域中检索用户,你可以尝试设置一些或多或less的假id_provider,如none或local。