There’s lots of information about the Name Service Switch in the libc manual, but for our purposes, it’s enough to know that libc opens and reads the config file /etc/nf to find out which modules should be contacted in which order. When user information is requested about a user (with getent, id or similar), typically one of the functions of the Name Service Switch, such as getpwnam() or initgroups() in glibc is called.
Let’s say the admin configured SSSD and tests the configuration by requesting the admin user: There’s also more functionality in SSSD than looking up users, such as sudo or autofs integration, but they are out of scope of this post as well.īefore going into SSSD details, let’s do a really quick intro into what happens on the system in general when you request a user from a remote server.
I won’t go into server-specific details, so most of the info should be equally true for LDAP, Active Directory or FreeIPA servers. We’ll look at the most common operation, looking up user info on a remote server. This document re-uses some of the info from the internals one. It is aimed mostly at users and administrators – for developers, we have a separate document about SSSD internals on the SSSD wiki written by Yassir Elley. It should help you understand how the SSSD architecture looks like, how the data flows in SSSD and as a result help identify which part might not be functioning correctly on your system. This blog post describes how a user lookup request is handled in SSSD.
0 kommentar(er)
