Ce contenu n'est pas disponible dans la langue sélectionnée.

2.7. Creating User Private Groups Automatically Using SSSD


An SSSD client directly integrated into AD can automatically create a user private group for every AD user retrieved, ensuring that its GID matches the user's UID unless the GID number is already taken. To avoid conflicts, make sure that no groups with the same GIDs as user UIDs exist on the server.
The GID is not stored in AD. This ensures that AD users benefit from group functionality, while the LDAP database does not contain unnecessary empty groups.

2.7.1. Activating the Automatic Creation of User Private Groups for AD users

To activate the automatic creation of user private groups for AD users:
  1. Edit the /etc/sssd/sssd.conf file, adding in the [domain/LDAP] section:
    auto_private_groups = true
  2. Restart the sssd service, removing the sssd database:
    # service sssd stop ; rm -rf /var/lib/sss/db/* ; service sssd start
After performing this procedure, every AD user has a GID which is identical to the UID:
# id ad_user1
uid=121298(ad_user1) gid=121298(ad_user1) groups=121298(ad_user1),10000(Group1)
# id ad_user2
uid=121299(ad_user2) gid=121299(ad_user2) groups=121299(ad_user2),10000(Group1)

2.7.2. Deactivating the Automatic Creation of User Private Groups for AD users

To deactivate the automatic creation of user private groups for AD users:
  1. Edit the /etc/sssd/sssd.conf file, adding in the [domain/LDAP] section:
    auto_private_groups = false
  2. Restart the sssd service, removing the sssd database:
    # service sssd stop ; rm -rf /var/lib/sss/db/* ; service sssd start
After performing this procedure, all AD users have an identical, generic GID:
# id ad_user1
uid=121298(ad_user1) gid=10000(group1) groups=10000(Group1)
# id ad_user2
uid=121299(ad_user2) gid=10000(group1) groups=10000(Group1)
Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.