6.3. Overriding the LDAP GID attribute
As an administrator, you can configure an existing host to use accounts from LDAP. However, the values for a user (name, UID, GID, home directory, shell) in LDAP are different from the values on the local system. You can override the LDAP GID attribute by defining a different GID with the following procedure.
Conditions préalables
-
root
access -
Installed
sssd-tools
Procédure
Display the current GID of the user:
# id -g user-name
Replace user-name with the name of the user.
Override the GID of the user’s account:
# sss_override user-add user-name -g new-GID
Replace user-name with the name of the user and replace new-GID with the new GID number.
Expire the in-memory cache:
# sss_cache --users
After creating the first override using the
sss_override user-add
command, restart SSSD for the changes to take effect:# systemctl restart sssd
Verification steps
Verify that the new GID is applied:
# id -g user-name
Optional. Display the overrides for the user:
# sss_override user-show user-name user@ldap.example.com:::6666::::
Exemple 6.3. Overriding the GID of the user
To override the GID of the user sarah with GID 6666:
Display the current GID of the user sarah:
# id -g sarah 6003
Override the GID of the user sarah's account with GID 6666:
# sss_override user-add sarah -g 6666
Manually expire the in-memory cache:
# sss_cache --users
If this is your first override, restart SSSD for the changes to take effect:
# systemctl restart sssd
Verify that the new GID is applied and overrides for the user display correctly:
# id -g sarah 6666 # sss_override user-show sarah user@ldap.example.com::6666:::::
Ressources supplémentaires
-
sss_override
man page