On Wed, Jun 03, 2015 at 08:29:20AM +0200, Lukas Slebodnik wrote: > On (02/06/15 17:07), swartz wrote: > >I have a environment that spans across multiple physical locations where > >there is a mix of Linux and Solaris workstations/servers. So far we've been > >managing accounts (/etc/password) via Puppet. > > > >Problem: FreeIPA allows to store only one homedir path. > >Q: Is there a way to store/set a different home path based on the system > >that the user is logged into? > > > sssd configuration is quite flexible in this way. > You can override homedir with configuration option > man sssd.conf -> "override_homedir" > > However sssd is available just on linux (or FreeBSD) > I'm not sure which clients do you use on Solaris or other > old system, maybe there is a way how to override homedir as well. > Or you can configure home directory attribute to the non-existing > attribute in FreeIPA and use some fallback (if possible) > > >As an example, I have user Bob. > >On a Linux box Bob has homedir at /home/b/bob > ^ > Unfortunatelly, there's no way how to say > sssd to use just first letter from name. > >On a Solaris this is likely /export/home/bob > >While on some other odd system it could be /mnt/nas/users/bob > Different "prefix" for homedir "/export/home", "/home", "/mnt/nas/users" > could be addresed with the option homedir_substring in sssd conf. > https://fedorahosted.org/sssd/ticket/1853 > > So you could store "%H" in ldap attribute, > but clients need to understand such value. > (sssd >= 1.11.6). I'm not sure about other clients.
As an alternative since version 4.1 FreeIPA has a feature called idviews which can be used to override home-directories for a group of hosts. See e.g. http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust or http://blog.delouw.ch/2015/04/06/migrating-legacy-servers-to-freeipa-authentication-using-id-views/ for details and how to use it. HTH bye, Sumit > > LS > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
