On Thu, Aug 09, 2018 at 10:06:52AM -0700, Andre Piwoni wrote: > There does not seem to be much documentation how to make > authentication work without any extras. All I need is a simple > non-anonymous bind using provided credentials without any searches. My > understanding is that I don't need NSS for this only PAM with > auth_provider set to ldap. However, without id_provider set in > sssd.conf SSSD does not start at all. This has been reported as a bug > and supposedly have been fixed before SSSD 1.16.0 version that I'm > using. I have tried to set id_provider to none but I'm getting some > indications in logs that id provider is needed. Is it possible to do > simple non-anonymous bind without anything extra, not even chpass?
I'm not sure this is possible. One of the core design decisions of SSSD was that a domain ties authentication and identity source -- so you do need an id_provider to fetch the identity from somewhere. That somewhere might not be the same server or not a remote server at all, there is also the proxy id_provider that is able to wrap any nss module, but there needs to be some ID provider. What is the use-case you are trying to solve? _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/BKVIAMB6KYGJTXNECDM5BPHWP3XE4JTG/