On Wed, 2012-03-14 at 19:51 +0100, Olivier wrote: > Simon, (without the n :-)
> that's where I don't catch ( sorry) : > > > You are asking it to know about "unknown" users > > If you say in nsswitch.conf : > > passwd: local sss > group: sss local > > Then sss should know about users that are in local > /etc/passwd and may retrieve their groups in ldap ? No, sssd is blissfully unaware of what you have in /etc/passwd or /etc/group, sssd cares only about what exists in ldap to date. > Why would that be inconsistent not to insert users > entries in ldap in that situation ? Because in the ldap server there is no corresponding user. If you look at the ldap tree on its own you see an "unknown" user name as member of a group. > BTW, I don' think that ldap requires that an entry exists > for a posixgroup memberuid ? No the rfc2307 schema does not mandate consistency (the rfc2307bis schema does mandate it due to use of DNs instead of simple names). Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel