6.5. Overriding the LDAP shell attribute
As an administrator, you can configure an existing host to use accounts from LDAP. However, the values for a user (name, UID, GID, home directory, shell) in LDAP are different from the values on the local system. You can override the LDAP shell attribute by defining a different shell with the following procedure.
Conditions préalables
-
rootaccess -
Installed
sssd-tools
Procédure
Display the current shell of the user:
# getent passwd user-name user-name:x:XXXX:XXXX::/home/home-directory:/bin/bash
Replace user-name with the name of the user.
Override the shell of the user:
# sss_override user-add user-name -s new-shell
Replace user-name with the name of the user and replace new-shell with the new shell.
Restart SSSD for the changes to take effect:
# systemctl restart sssd
Verification steps
Verify that the new shell is defined:
# getent passwd user-name user-name:x:XXXX:XXXX::/home/home-directory:new-shell
Optional. Display the overrides for the user:
# sss_override user-show user-name user@ldap.example.com::::::new-shell:
Exemple 6.5. Overriding the shell of the user
To change the shell of the user sarah from
/bin/bashtosbin/nologin:Display the current shell of the user sarah:
# getent passwd sarah sarah:x:1001:6003::sarah:/bin/bash
Override the shell of the user sarah with new
/sbin/nologinshell:# sss_override user-add sarah -s /sbin/nologinRestart SSSD for the changes to take effect:
# systemctl restart sssd
Verify that the new shell is defined and overrides for the user display correctly:
# getent passwd sarah sarah:x:1001:6003::sarah:/sbin/nologin # sss_override user-show user-name user@ldap.example.com::::::/sbin/nologin:
Ressources supplémentaires
-
sss_overrideman page
