From what I understand, you can modify sssd.conf to make it so the output of `id` or `getent` has short names. As long as domain resolution order is set (which it sounds like you do), all you would need to do is modify sssd.conf on all the IPA clients (NOT the IPA servers). This is from my notes when I worked with clients in the past:
# On clients, add full_name_format and clear cache # Do NOT add this to the IPA servers % vi /etc/sssd/sssd.conf [domain/ipa.example.com] . . . full_name_format = %1$s # sss_cache -E or systemctl stop sssd; rm -rf /var/lib/sss/db/* ; systemctl start sssd So some notes: * Like in the comments, don't add that on the IPA server's sssd.conf, only to the clients enrolled to the IPA domain. * I cannot remember if it also drops the @domain for the groups as well. You'll have to test this for yourself and see. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
