Sssd And Authconfig And Ldap Database Lookups

Home » CentOS » Sssd And Authconfig And Ldap Database Lookups
CentOS 6 Comments

So I am feeling rather frustrated with sssd today:

1. I see that when you install sssd (this is CentOS 6), sssd.conf is not created. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/about-sssd.conf.html implies that if I want to use sssd I need to create the sssd.conf file first. Any reason why?

2. I also noticed if sssd.conf is not there, authconfig won’t create it even if you tell it to –enablesssd. How so? I thought that if you are using sssd, it would have stuff like kerberos and ldap (to pick a couple of examples) configured there.

3. It seems if I want to, say, define ldap_user_search_base I must do it directly in sssd.conf instead of passing some kind of argument to authconfig. Am I correct? If so, which files does authconfig affect? I
thought it was the *proper* way to configure all the authentication thingies so to make sure they all played together. But, it seems that you have to configure sssd.conf and then use authconfig… or not.

Brain hurts

6 thoughts on - Sssd And Authconfig And Ldap Database Lookups

  • Then it is pulling my leg:

    [root@testCentOS ~]# yum install sssd Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile
    * base: mirror.steadfast.net
    * extras: mirror.steadfast.net
    * updates: http://ftp.usf.edu Setting up Install Process Package sssd-1.9.2-129.el6_5.4.x86_64 already installed and latest version Nothing to do
    [root@testCentOS ~]# ls -l /etc/sssd/
    total 0
    [root@testCentOS ~]#

    and yet it swears the file is in the package:

    [root@testCentOS ~]# yum whatprovides /etc/sssd/sssd.conf Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile
    * base: reflector.westga.edu
    * extras: mirror.cogentco.com
    * updates: CentOS.mia.host-engine.com sssd-1.9.2-129.el6_5.4.x86_64 : System Security Services Daemon Repo : updates Matched from:
    Filename : /etc/sssd/sssd.conf

    sssd-1.9.2-129.el6.x86_64 : System Security Services Daemon Repo : base Matched from:
    Filename : /etc/sssd/sssd.conf

    sssd-1.9.2-129.el6_5.4.x86_64 : System Security Services Daemon Repo : installed Matched from:
    Other : Provides-match: /etc/sssd/sssd.conf

    [root@testCentOS ~]#

  • Which is to be expected; I only ran that to show which version I
    have installed and that it supposedly has been installed. But the sssd.conf file is elusive as ever…

  • This is getting more interesting: I downloaded the rpm itself and sure enough it claims to have sssd.conf:

    [root@testCentOS sssd]# rpm -qlp sssd-1.9.2-129.el6_5.4.x86_64.rpm
    |grep sssd.conf
    /etc/sssd/sssd.conf
    /usr/share/man/ja/man5/sssd.conf.5.gz
    /usr/share/man/man5/sssd.conf.5.gz
    [root@testCentOS sssd]# /usr/share/man/uk/man5/sssd.conf.5.gz

    But it does not feel particularly eager to give it to me:

    [root@testCentOS sssd]# rpm2cpio sssd-1.9.2-129.el6_5.4.x86_64.rpm |
    cpio -ivd etc/sssd/sssd.conf
    25006 blocks
    [root@testCentOS sssd]# ls sssd-1.9.2-129.el6_5.4.x86_64.rpm
    [root@testCentOS sssd]#

  • Probably because the file is defined in the spec file as:

    %ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf

    Which means that while it’s “owned” by the package, it doesn’t actually include the file (%ghost).