On Tue, Mar 27, 2018 at 4:43 AM, Sumit Bose sbose@redhat.com wrote:
On Fri, Mar 23, 2018 at 06:13:39PM -0400, Asif Iqbal wrote:
On Thu, Mar 22, 2018 at 2:51 PM, Asif Iqbal vadud3@gmail.com wrote:
[..stripped for brevity..]
> > So I see 5% of current users have mnetid with leading 0. > > > > So I never used sss_override. How do I use sss_override to make
mnetid
> > 004311 > > to work with sss when ldap id mapping tries to map 4311
instead?
> > > > Appreciate your help! > > I haven't tested it with your setup but > > sss_override user_add mwvande --uid 4311 --gid 4311 > sss_override group_add mwvande --gid 4311 > > should create the needed override data so that user and group
mwvande
> can be looked up with the ID 4311. >
So I can lookup by 4311 after this. Very nice!
Do I need to restart sssd after these two commands?
You have to restart SSSD after adding the first overrides to switch
on
the override handling. If you add additional override later on you do not have to restart SSSD, but you might need to wait until some cache timeouts are passed before the overridden values are shown.
I have a user today complained whose mnetid has leading 0s
[mwvande@example:]$ ssh sgx2-brdr-01
No user exists for uid 4311
I already have the sss_override ran last week for 100 users last week
and
sssd was restarted.
I am still wondering if there is a gap in my using sss_override
I have ran this, example commands, for all users with leading 0s in
mnetid
sss_override user-add mwvande --uid 4311--gid 4311 sss_override group-add mwvande --gid 4311
Then I ran the systemctl restart sssd
As said earlier I haven't tested overrides with your type of setup, so I'm not sure if they work as expected. After adding the overrides and restarting SSSD with debug_level=9 in the [nss] and [domain/...] sections of sssd.conf, can you call 'sss_cache -E' and 'getent passwd 4311' and send me the related logs.
bye, Sumit
# sss_cache -E # getent passwd 4311 (no output)
sssd_LDAP.log https://gist.github.com/7170405abc3c7b8a2fac0211f4452aab
sssd_nss.log https://gist.github.com/cd1a4a1323c94d0284d4001fe364bf71
Appreciate your help!