<div dir="ltr"><div>It should be possible to useĀ LDAP for auth only. You will need to tell your system to use ldap for user auth in nsswitch (files ldap - instead of files sssd) and then setup the ldap connection in /etc/openldap.conf. Also good to use nslcd to cache ldap queries.<br>
<br></div>SSSD is a beast but worth the pain on jumping in. It provides a way to do AD one better (or more). Synchronized UID/GID is a good thing especially when running NFS mounts all over the place. RHEL IdM is basically FreeIPA from some time back. Multimaster LDAP is nicely done. Some other goodies include ssh login with LDAP as key holder :-) User posts pub key to IPA web page and it's checked on ssh access for keys and magic happens. It also provides a management tool for sudo rules and other goodies.<br>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jun 6, 2014 at 2:17 PM, James Sumners <span dir="ltr"><<a href="mailto:james.sumners@gmail.com" target="_blank">james.sumners@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Does anyone here know how, or if it is even possible, to simply _authenticate_ against an LDAP server (really, and Active Directory server)? By that I mean the user's credentials, username and password, are verified against the LDAP server but all other account information is provided by a traditional local account.<div>
<br></div><div>I have this configuration working in RHEL5, but RHEL6 introduced this SSSD garbage and it is requiring the UID/GID to come from the remote LDAP server. I do not want that to happen.</div><div><br></div><div>
I have attached my sssd.conf and a debug log of the SSSD server starting up and trying to process one login attempt. The failure starts around line 447 in the log file.</div><span class="HOEnZb"><font color="#888888"><div>
<div><br></div>-- <br>James Sumners<br><a href="http://james.roomfullofmirrors.com/" target="_blank">http://james.roomfullofmirrors.com/</a><br>
<br>"All governments suffer a recurring problem: Power attracts pathological personalities. It is not that power corrupts but that it is magnetic to the corruptible. Such people have a tendency to become drunk on violence, a condition to which they are quickly addicted."<br>
<br>Missionaria Protectiva, Text QIV (decto)<br>CH:D 59
</div></font></span></div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr">-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i></div>
</div>