Este contenido no está disponible en el idioma seleccionado.

2.7. Creating User Private Groups Automatically Using SSSD


An SSSD client directly integrated into AD can automatically create a user private group for every AD user retrieved, ensuring that its GID matches the user's UID unless the GID number is already taken. To avoid conflicts, make sure that no groups with the same GIDs as user UIDs exist on the server.
The GID is not stored in AD. This ensures that AD users benefit from group functionality, while the LDAP database does not contain unnecessary empty groups.

2.7.1. Activating the Automatic Creation of User Private Groups for AD users

To activate the automatic creation of user private groups for AD users:
  1. Edit the /etc/sssd/sssd.conf file, adding in the [domain/LDAP] section:
    auto_private_groups = true
  2. Restart the sssd service, removing the sssd database:
    # service sssd stop ; rm -rf /var/lib/sss/db/* ; service sssd start
After performing this procedure, every AD user has a GID which is identical to the UID:
# id ad_user1
uid=121298(ad_user1) gid=121298(ad_user1) groups=121298(ad_user1),10000(Group1)
# id ad_user2
uid=121299(ad_user2) gid=121299(ad_user2) groups=121299(ad_user2),10000(Group1)

2.7.2. Deactivating the Automatic Creation of User Private Groups for AD users

To deactivate the automatic creation of user private groups for AD users:
  1. Edit the /etc/sssd/sssd.conf file, adding in the [domain/LDAP] section:
    auto_private_groups = false
  2. Restart the sssd service, removing the sssd database:
    # service sssd stop ; rm -rf /var/lib/sss/db/* ; service sssd start
After performing this procedure, all AD users have an identical, generic GID:
# id ad_user1
uid=121298(ad_user1) gid=10000(group1) groups=10000(Group1)
# id ad_user2
uid=121299(ad_user2) gid=10000(group1) groups=10000(Group1)
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

© 2024 Red Hat, Inc.