Hi MItja, it looks like you are trying to integrate SSSD with FreeIPA. I think the following presentation will help you review the SSSD configuration even if you are trying to use 389DS independently: http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf Check the page titled " Example configuration - SSSD with FreeIPA server". SSSD has to be configured to talk to LDAP server. Check also the settings in /etc/nsswitch.conf. You might need to modify it to enable SSSD integration with other services. This example comes from a host that is using SSSD for SSH authentication and sudo integration with a FreeIPA server: passwd: files sss shadow: files sss group: files sss sudoers: files sss Dimitar On Fri, Jan 3, 2014 at 10:17 AM, Mitja Mihelič <mitja.mihelic@xxxxxxxx>wrote: > Hi! > > How to get usermod working with SSSD/389DS ? > > We have SSSD set up on our server and it uses 389DS. > SSSD was enabled with the following command: > authconfig --enablesssd --enablesssdauth --ldapbasedn=dc=example,dc=com > --enableshadow --enablemkhomedir --enablelocauthorize --update > > Running for example "usermod -L username" returns: > usermod: user 'username' does not exist in /etc/passwd > > Each time usermod is executed there is a query logged in 389DS, so SSSD > does pass the request to 389DS. > Strace (attached) of usermod shows that it gets at least gecos back from > SSSD and that it checked the /var/lib/sss/mc/passwd file which contains: > username > Name Lastname > /home/username > /bin/bash > > Soon after that it starts to open /etc/shadow and /etc/passwd. > > What are we missing? > Any insight would be appreciated. > > Regards, Mitja > > -- > -- > Mitja Mihelič > ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia > tel: +386 1 479 8877, fax: +386 1 479 88 78 > > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos > > _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos