6.2. Overriding the LDAP UID attribute
As an administrator, you can configure an existing host to use accounts from LDAP. However, the values for a user (name, UID, GID, home directory, shell) in LDAP are different from the values on the local system. You can override the LDAP UID attribute by defining a different UID with the following procedure.
Conditions préalables
-
rootaccess -
Installed
sssd-tools
Procédure
Display the current UID of the user:
# id -u user-nameReplace user-name with the name of the user.
Override the UID of the user’s account:
# sss_override user-add user-name -u new-UID
Replace user-name with the name of the user and replace new-UID with the new UID number.
Expire the in-memory cache:
# sss_cache --users
After creating the first override using the
sss_override user-addcommand, restart SSSD for the changes to take effect:# systemctl restart sssd
Verification steps
Verify that the new UID has been applied:
# id -u user-nameOptional. Display the overrides for the user:
# sss_override user-show user-name user@ldap.example.com::new-UID:::::
Exemple 6.2. Overriding the UID of the user
To override the UID of the user sarah with UID 6666:
Display the current UID of the user sarah:
# id -u sarah 1001Override the UID of the user sarah's account with UID 6666:
# sss_override user-add sarah -u 6666
Manually expire the in-memory cache:
# sss_cache --users
Restart SSSD for the changes to take effect:
# systemctl restart sssd
Verify that the new UID is applied and overrides for the user display correctly:
# id sarah 6666 # sss_override user-show sarah user@ldap.example.com::6666:::::
Ressources supplémentaires
-
sss_overrideman page
