8.3. Using ID Views to Define AD User Attributes


With ID views, you can change the user attribute values defined in AD. For a complete list of the attributes, see Attributes an ID View Can Override.
For example: If you are managing a mixed Linux-Windows environment and want to manually define POSIX attributes or SSH login attributes for an AD user, but the AD policy does not allow it, you can use ID views to override the attribute values. When the AD user authenticates to clients running SSSD or authenticates using a compat LDAP tree, the new values are used in the authentication process.

Note

Only IdM users can manage ID views. AD users cannot.
The process for overriding the attribute values follows these steps:
  1. Create a new ID view.
  2. Add a user ID override in the ID view, and specify the require attribute value.
  3. Apply the ID view to a specific host.
For details on how to perform these steps, see Defining a Different Attribute Value for a User Account on Different Hosts in the Linux Domain Identity, Authentication, and Policy Guide.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.