Chapitre 6. SSSD client-side view
SSSD provides the sss_override
utility, which allows you to create a local view that displays values for POSIX user or group attributes that are specific to your local machine. You can configure overrides for all id_provider
values, except ipa
.
If you are using the ipa
provider, define ID views centrally in IPA. For more information, see Using an ID view to override a user attribute value on an IdM client.
For information about a potential negative impact on the SSSD performance, see Potential negative impact of ID views on SSSD performance.
6.1. Overriding the LDAP username attribute
As an administrator, you can configure an existing host to use accounts from LDAP. However, the values for a user (name, UID, GID, home directory, shell) in LDAP are different from the values on the local system. You can override the LDAP username
attribute by defining a secondary username
with the following procedure.
Conditions préalables
-
root
access -
Installed
sssd-tools
Procédure
Display the current information for the user:
# id username
Replace username with the name of the user.
Add the secondary
username
:# sss_override user-add username -n secondary-username
Replace username with the name of the user and replace secondary-username with the new
username
.After creating the first override using the
sss_override user-add
command, restart SSSD for the changes to take effect:# systemctl restart sssd
Verification steps
Verify that the new
username
is added:# id secondary-username
Optional. Display the overrides for the user:
# sss_override user-show user-name user@ldap.example.com:secondary-username::::::
Exemple 6.1. Defining a secondary username
To add a secondary
username
sarah for the user sjones:Display the current information for the user sjones:
# id sjones uid=1001(sjones) gid=6003 groups=6003,10(wheel)
Add the secondary
username
:# sss_override user-add sjones -n sarah
Verify that the new
username
has been added and overrides for the user display correctly:# id sarah uid=1001(sjones) gid=6003(sjones) groups=6003(sjones),10(wheel) # sss_override user-show sjones user@ldap.example.com:sarah::::::
Ressources supplémentaires
-
sss_override
man page