On Thu, Nov 15, 2018 at 02:18:28PM -0500, Rob Crittenden via FreeIPA-users
wrote:
> Ryan Slominski via FreeIPA-users wrote:
> > What is the recommended way to handle a local user in an IPA group?
> >
> > For example, I have the standard local user "apache" that I'd like to add
> > to an IPA group. I don't really want to add an "apache" user to IPA as it
> > isn't really a regular user. Similarly, I don't want to create a local
> > group of the same name and membership as the group in IPA. NIS seems to
> > allow groups that reference local users. Can IPA?
> >
> > An IPA User in a local group is a similar problem, what is the solution
> > there?
>
> https://pagure.io/SSSD/sssd/issue/3642
Yes, but this ticket only poses a problem if nsswitch.conf is configured
to use sss before files (which is the default on F-26+ and RHEL-8).
If you revert to "files sss", then you can use:
https://sgallagh.wordpress.com/2016/01/28/remote-group-merging-for-fedora/
by creating a group with the same name and GID both locally and in the
IPA directory, then the contents should be merged.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
