Questo contenuto non è disponibile nella lingua selezionata.

7.6. SSSD Client-side Views


SSSD enables you to create a client-side view to specify new values for POSIX user or group attributes. The view takes effect only on the local machine where the overrides are configured. You can configure client-side overrides for all id_provider values, except ipa. If you are using the ipa provider, define ID views centrally in IdM. See the corresponding section in the Linux Domain Identity, Authentication, and Policy Guide.
For more information, see the Potential Negative Impact on SSSD Performance section in the Linux Domain Identity, Authentication, and Policy Guide.

Note

After creating the first override using the sss_override user-add, sss_override group-add, or sss_override user-import command, restart SSSD for the changes to take effect:
# systemctl restart sssd

7.6.1. Defining a Different Attribute Value for a User Account

As an administrator, you configured an existing host to use accounts from LDAP. However, a user's new ID in LDAP is different from the user's previous ID on the local system. You can configure a client-side view to override the UID instead of changing the permissions on existing files.
To override the UID of the user account with UID 6666:
  1. Optional. Display the current UID of the user account:
    # id user
    uid=1241400014(user_name) gid=1241400014(user_name) Groups=1241400014(user_name)
  2. Override the account's UID with 6666:
    # sss_override user-add user -u 6666
  3. Wait until the in-memory cache has been expired. To expire it manually:
    # sss_cache --users
  4. Verify that the new UID is applied:
    # id user
    uid=6666(user_name) gid=1241400014(user_name) Groups=1241400014(user_name)
  5. Optional. Display the overrides for the user:
    # sss_override user-show user
    user@ldap.example.com::6666:::::
For a list of attributes you can override, list the command-line options by adding --help to the command:
# sss_override user-add --help

7.6.2. Listing All Overrides on a Host

As an administrator, you want to list all user and group overrides on a host to verify that the correct attributes are overridden.
To list all user overrides:
# sss_override user-find
user1@ldap.example.com::8000::::/bin/zsh:
user2@ldap.example.com::8001::::/bin/bash:
...
To list all group overrides:
# sss_override group-find
group1@ldap.example.com::7000
group2@ldap.example.com::7001
...

7.6.3. Removing a Local Override

You previously created an override for the shell of the user account, that is defined in the global LDAP directory. To remove the override for the account, run:
# sss_override user-del user
The changes take effect immediately.
To remove an override for a group, run:
# sss_override group-del group

Note

When you remove overrides for a user or group, all overrides for this object are removed.

7.6.4. Exporting and Importing Local Views

Client-side views are stored in the local SSSD cache. You can export user and group views from the cache to a file to create a backup. For example, when you remove the SSSD cache, you can restore the views later again.
To back up user and group views:
# sss_override user-export /var/lib/sss/backup/sssd_user_overrides.bak
# sss_override group-export /var/lib/sss/backup/sssd_group_overrides.bak
To restore user and group view:
# sss_override user-import /var/lib/sss/backup/sssd_user_overrides.bak
# sss_override group-import /var/lib/sss/backup/sssd_group_overrides.bak
Red Hat logoGithubRedditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita ilBlog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

© 2024 Red Hat, Inc.