8.3. Using ID Views to Define AD User Attributes
With ID views, you can change the user attribute values defined in AD. For a complete list of the attributes, see Attributes an ID View Can Override.
For example: If you are managing a mixed Linux-Windows environment and want to manually define POSIX attributes or SSH login attributes for an AD user, but the AD policy does not allow it, you can use ID views to override the attribute values. When the AD user authenticates to clients running SSSD or authenticates using a compat LDAP tree, the new values are used in the authentication process.
Note
Only IdM users can manage ID views. AD users cannot.
The process for overriding the attribute values follows these steps:
- Create a new ID view.
- Add a user ID override in the ID view, and specify the require attribute value.
- Apply the ID view to a specific host.
For details on how to perform these steps, see Defining a Different Attribute Value for a User Account on Different Hosts in the Linux Domain Identity, Authentication, and Policy Guide.