On Thu, Jun 14, 2018 at 02:33:22PM +0200, John Hearns wrote:
We have an existing set of users in a local passwd file I want to run sss_override to create mappings from the AD SID numbers to the existing uid numbers.
What is the concensus on running sss_override? I can script it to either parse through the existing passwd file and make an override entry per user, or to parse the file and create an import file which is run once with import-user
But when is a good time to run this?
In a daily cron job
When sssd is started, which would involve editing the systemd unit file
Creating a new systemd service which depends on sssd.service . This service runs sss_override and then restarts sssd.service
Or am I misunderstanding something?
I am assuming here we have on-disk sssd databases. If the databases are on a tmpfs then clearly the sss_override must be run at boot time by one of the above methods also.
As long as the cache file in /var/lib/sss/db is not removed it should be sufficient to run sss_override for each user once and then the override data should stay in the cache.
I once got a report that the link between the original user data and the override data got lost, but I wasn't able to reproduce this so far.
It is always a good idea to call user-export/group-export to have a backup file around.
HTH
bye, Sumit
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted....