allow-manage-gids
option).manage-gids
option).sssd
on the host to serve as a group IDs provider. For example, you can configure the sssd
directly using LDAP, or as a proxy to a different nss
group IDs provider.sssd
directly for nss
services using LDAP with a read-only usersssd
, but with a different provider, configure an sssd proxy
on each relevant host. The proxy is used for the Weka container to resolve the groups by any method defined on the host.sssd proxy
on a host, use the following:sssd
for the groups resolution. In the above example, using an LDAP-only provider, local users (such as a local root) that are not present in LDAP do not receive their groups resolved and they are denied. For such users or applications, add the LDAP user.ac
async
noatime
lookupcache=all
noac
sync
atime
lookupcache=none
rw
hard
rsize=524288
wsize=524288
namlen=255
timeo=600
retrans=2
nolock
sec=sys
proto=tcp
mountproto=tcp
​