If another authentication mechanism is to be used, SSSD for example, NSLCD will need to be disabled within Bright.
In Bright 8.2, the nslcd service is inherited by a special in-built role, which isn’t exposed in BrightView or cmsh. That is what re-installs the nslcd package for example.
You can remove/disable the nslcd role with an option in AdvancedConfig. In /cm/local/apps/cmd/etc/cmd.conf on both headnodes and compute nodes.
Add the following line:
AdvancedConfig = { “RoleService.nslcd=0” }
Please note you should only have one entry for AdvancedConfig, however, these options can be combined with:
AdvancedConfig = { “<key1>=<value1>”, “<key2>=<value2>”, … }
Once the above line is added, please restart the cmd service.
# service cmd restart
# systemctl restart cmd
At this point, you may either remove the service from the headnode and compute nodes…
[bright82 ~]# cmsh
[bright82]% device use bright82
[bright82->device[bright82] services
[bright82->device[bright82]->services]% remove nslcd
[bright82->device*[bright82*]->services*]% commit
[bright82->device*[bright82*]->]% foreach -n node001..node020 (services; remove nslcd)
[bright82->device*[bright82*]->services*]% commit
(Without the RoleService.nslcd=0 you would normally receive a warning)
Or the alternative is to disable the service autostart and monitoring on the headnode and compute nodes as follows:
# cmsh
% device use master
% services
% use nslcd
% set autostart no
% set monitored no
% commit
For compute nodes, this could be done with a foreach and -n for the node range, or -c for the category
# cmsh
% device
% foreach -n node001..node020 (services; use nslcd; set autostart no; set monitored no)
OR
% foreach -c default (services; use nslcd; set autostart no; set monitored no)
% commit